Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD937ADF01-B64A-11DD-A55E-00163E000016
HistoryNov 07, 2008 - 12:00 a.m.

openfire -- multiple vulnerabilities

2008-11-0700:00:00
vuxml.freebsd.org
16

0.665 Medium

EPSS

Percentile

97.9%

JSON

Andreas Kurtz reports:

The jabber server Openfire (<= version 3.6.0a) contains several
serious vulnerabilities. Depending on the particular runtime
environment these issues can potentially even be used by an
attacker to execute code on operating system level.

Authentication bypass - This vulnerability provides an attacker
full access to all functions in the admin webinterface without
providing any user credentials. The Tomcat filter which is
responsible for authentication could be completely
circumvented.
SQL injection - It is possible to pass SQL statements to the
backend database through a SQL injection vulnerability. Depending
on the particular runtime environment and database permissions it
is even possible to write files to disk and execute code on
operating system level.
Multiple Cross-Site Scripting - Permits arbitrary insertion
of HTML- and JavaScript code in login.jsp. An attacker could
also manipulate a parameter to specify a destination to which a
user will be forwarded to after successful authentication.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopenfire< 3.6.1UNKNOWN

Related

openvas 15
nessus 8
securityvulns 4
gentoo 3
cvelist 6
prion 6
checkpoint_advisories 2
osv 2
github 2
seebug 1
packetstorm 1
cve 6
freebsd 1
exploitdb 1
attackerkb 1
openvas
openvas
FreeBSD Ports: openfire
2008-11-24 00:00:00
FreeBSD Ports: openfire
2008-11-24 00:00:00
Openfire Multiple Vulnerabilities (Mar09)
2009-03-26 00:00:00
nessus
nessus
FreeBSD : openfire -- multiple vulnerabilities (937adf01-b64a-11dd-a55e-00163e000016)
2008-11-21 00:00:00
GLSA-200904-01 : Openfire: Multiple vulnerabilities
2009-04-03 00:00:00
Openfire AuthCheck Authentication Bypass
2008-11-09 00:00:00
securityvulns
securityvulns
[ GLSA 200904-01 ] Openfire: Multiple vulnerabilities
2009-04-07 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-04-07 00:00:00
OpenFire jabber server DoS
2008-04-24 00:00:00
gentoo
gentoo
Openfire: Multiple vulnerabilities
2009-04-02 00:00:00
Openfire: Denial of service
2008-04-23 00:00:00
Openfire: Multiple vulnerabilities
2014-06-30 00:00:00
cvelist
cvelist
CVE-2008-6508
2009-03-23 19:26:00
CVE-2008-6509
2009-03-23 19:26:00
CVE-2008-6510
2009-03-23 19:26:00
prion
prion
Design/Logic Flaw
2009-05-11 14:30:00
Cross site scripting
2009-03-23 20:00:00
Sql injection
2009-03-23 20:00:00
checkpoint_advisories
checkpoint_advisories
Jive Software Openfire Jabber Server SQL Injection (CVE-2008-6509)
2009-10-13 00:00:00
Jive Software Openfire Jabber Server Authentication Bypass (CVE-2008-6508)
2009-12-02 00:00:00
osv
osv
Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts
2022-05-02 03:26:40
Ignite Realtime Openfire allows remote authenticated users to cause a denial of service
2022-05-01 23:42:48
github
github
Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts
2022-05-02 03:26:40
Ignite Realtime Openfire allows remote authenticated users to cause a denial of service
2022-05-01 23:42:48
seebug
seebug
Openfire <= 3.6.0a Admin Console Authentication Bypass
2014-07-01 00:00:00
packetstorm
packetstorm
Openfire Admin Console Authentication Bypass
2012-06-29 00:00:00
cve
cve
CVE-2008-6508
2009-03-23 20:00:00
CVE-2008-6509
2009-03-23 20:00:00
CVE-2008-6510
2009-03-23 20:00:00
freebsd
freebsd
openfire -- unspecified denial of service
2008-04-10 00:00:00
exploitdb
exploitdb
Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit)
2012-06-28 00:00:00
attackerkb
attackerkb
CVE-2023-32315
2023-05-26 00:00:00

0.665 Medium

EPSS

Percentile

97.9%

JSON
Related for 937ADF01-B64A-11DD-A55E-00163E000016
openvas15nessus8securityvulns4gentoo3cvelist6prion6checkpoint_advisories2osv2github2seebug1packetstorm1cve6freebsd1exploitdb1attackerkb1