Identity Spoofing

org.igniterealtime.openfire, xmppserver is vulnerable to identity spoofing. The vulnerability is due to regex-based extraction of the Common Name CN from an unescaped, provider-dependent Distinguished Name DN string, which allows an attacker to impersonate other users using crafted certificate...

EUVD-2016-2406

Malware in sbrugna...

EUVD-2022-5270

Malicious code in bioql PyPI...

Design/Logic Flaw

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

CVE-2017-15911

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

CVE-2017-15911

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

CVE-2017-15911

The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Vulnerability description: -------------------------- The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. 1...

Cisco Finesse Desktop and Unified Contact Center Express Privilege Gain Vulnerability

Cisco Finesse Desktop and Unified Contact Center Express Unified CCX are both products of Cisco, Inc.Cisco Finesse Desktop is a suite of software for next-generation agent and desktop management in customer collaboration solutions; Unified CCX is a customer relationship management component of a...

CVE-2016-1307

The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...

CVE-2016-1307

The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...

Hardcoded credentials

The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...

CVE-2016-1307

The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...

Ignite Realtime Openfire server-session-details.jsp Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "hostname" parameter within the server-session-details.jsp page. By convincing an authenticated administrator to visit a malicious website, a remot...

Openfire 3.10.2 - Remote File Inclusion

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-RFI.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

Openfire 3.10.2 - Unrestricted Arbitrary File Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-FILE-UPLOAD.txt Vendor: ========================================= www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product:...

Openfire XMPP Server Man-in-the-Middle Attack Vulnerability

Openfire XMPP Server is a Java development and based on XMPP cross-platform open source real-time collaboration RTC server , it can build efficient instant messaging server . Openfire XMPP Server has a security vulnerability that allows attackers to exploit the vulnerability to conduct...

Jive Software Openfire Jabber Server Authentication Bypass (CVE-2008-6508)

Openfire previously known as Wildfire Server is an open source Jabber/XMPP server written in Java. Jabber is an open instant messaging technology that is maintained by the community. Extensible Messaging and Presence Protocol XMPP is an open, XML-inspired protocol originally aimed at...

Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting

Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a Remotely Exploitable: Yes Risk:...

Openfire Server &lt;= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities

No description provided by source. Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a...