Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime openfire vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2014-2741
nio/XMLLightweightParser.java in Ignite Realtime Openfire prior to 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb&...
Igniterealtime Openfire
7.5
CVSSv2
CVE-2021-45967
An issue exists in Pascom Cloud Phone System prior to 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
Pascom Cloud Phone System
Igniterealtime Openfire
Igniterealtime Openfire 4.5.0
7.5
CVSSv2
CVE-2019-18394
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire up to and including 4.4.2 allows malicious users to send arbitrary HTTP GET requests.
Igniterealtime Openfire
7.5
CVSSv2
CVE-2008-6509
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and previous versions allows remote malicious users to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.2
1 EDB exploit
7.5
CVSSv2
CVE-2008-6508
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demo...
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
2 EDB exploits
6.8
CVSSv2
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
6.5
CVSSv2
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
5.8
CVSSv2
CVE-2008-6511
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and previous versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.4.0
1 EDB exploit
5.5
CVSSv2
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerab...
Igniterealtime User Import Export 2.6.0
5
CVSSv2
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire up to and including 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Igniterealtime Openfire
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »