Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openfire vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2014-2741
nio/XMLLightweightParser.java in Ignite Realtime Openfire prior to 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb&...
Igniterealtime Openfire
7.5
CVSSv2
CVE-2021-45967
An issue exists in Pascom Cloud Phone System prior to 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
Pascom Cloud Phone System
Igniterealtime Openfire
Igniterealtime Openfire 4.5.0
7.5
CVSSv2
CVE-2019-18394
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire up to and including 4.4.2 allows malicious users to send arbitrary HTTP GET requests.
Igniterealtime Openfire
7.5
CVSSv2
CVE-2008-6508
Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demo...
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
2 EDB exploits
7.5
CVSSv2
CVE-2008-6509
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and previous versions allows remote malicious users to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.0
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.6.0
Igniterealtime Openfire
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-2975
The admin console in Ignite Realtime Openfire 3.3.0 and previous versions (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote malicious users to gain privileges and execute arbitrary code by accessing functionality that is exposed throug...
Ignite Realtime Openfire 3.2.1
Ignite Realtime Openfire 3.1.1
Ignite Realtime Openfire 3.0.1
Ignite Realtime Openfire
Ignite Realtime Openfire 3.2.4
Ignite Realtime Openfire 3.2.3
Ignite Realtime Openfire 3.2.2
Ignite Realtime Openfire 3.0.0
Ignite Realtime Openfire 2.6.2
Ignite Realtime Openfire 2.6.1
Ignite Realtime Openfire 2.6.0
Ignite Realtime Openfire 3.2.0
Ignite Realtime Openfire 3.1.0
6.8
CVSSv2
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
6.5
CVSSv2
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
5.8
CVSSv2
CVE-2008-6511
Open redirect vulnerability in login.jsp in Openfire 3.6.0a and previous versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.3.3
Igniterealtime Openfire 3.5.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.4.0
1 EDB exploit
5.5
CVSSv2
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerab...
Igniterealtime User Import Export 2.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »