30 matches found
CVE-2019-20528
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...
CVE-2019-20366
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...
EUVD-2019-0622
Malware in sbrugna...
EUVD-2020-22889
Malware in sbrugna...
EUVD-2020-22821
Malware in sbrugna...
EUVD-2005-4867
Malware in sbrugna...
EUVD-2020-17318
Malware in sbrugna...
EUVD-2015-7608
Malware in sbrugna...
EUVD-2020-22887
Malware in sbrugna...
EUVD-2005-4868
Malware in sbrugna...
EUVD-2022-4408
Malicious code in bioql PyPI...
EUVD-2022-4044
Malicious code in bioql PyPI...
Openfire < 5.0.2 / 5.1.0 Identity Spoofing
The remote host is running a version of Openfire that is affected by an identity spoofing vulnerability. Openfireâs SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1...
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
CVE-2020-35201
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...
CVE-2019-15488
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...
Exploit for Path Traversal in Igniterealtime Openfire
It is an offensive tool for Openfire. This repository contains a...
Exploit for Path Traversal in Igniterealtime Openfire
It is an exploit module for Openfire, a Jabber/XMPP server. The...