Ignite Realtime Openfire 安全漏洞

Ignite Realtime Openfire is Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server . It can build highly efficient instant messaging server , and supports tens of thousand...

PT-2024-20933

Name of the Vulnerable Software and Affected Versions Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier Description The issue allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component or the ROOM...

CVE-2024-25420

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...

PT-2024-20934 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier Description: An issue in Ignite Realtime Openfire allows a remote attacker to escalate privileges via the ROOM CACHE component...

CVE-2024-25420

Analyzed CVE-2024-25420 with connected sources: Ignite Realtime Openfire up to version 4.8.1 is affected by a privilege-escalation flaw due to improper handling of the admin.authorizedJIDs system property. Red Hat entries for CVE-2024-25420 corroborate the remote attack vector, enabling an attack...

CVE-2024-25421

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...

CVE-2024-25421

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...

BIT-OPENFIRE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...

BIT-OPENFIRE-2020-24602

Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...

BIT-OPENFIRE-2020-24604

A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...

BIT-OPENFIRE-2020-35127

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...

BIT-OPENFIRE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

BIT-OPENFIRE-2020-35201

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

BIT-OPENFIRE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

Openfire Path Traversal

Openfire version = 3.10.0 4.6.8, 4.7.x 4.7.5 suffer from a Path traversal allowing an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire Authentication Bypass This reposito...

VulnCheck KEV: CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

The Bug Report – August 2023 Edition

The Bug Report – August 2023 Edition By Trellix · September 6, 2023 This blog was written by Charles McFarland Why am I here? Welcome back to The Bug Report, the hotter-than-hell Texas edition! For those still unfamiliar with our monthly escapades, every month our trusty Advanced Research Center...

The Bug Report – August 2023 Edition

The Bug Report – August 2023 Edition By Charles McFarland · September 06, 2023 Why am I here? Welcome back to The Bug Report, the hotter-than-hell Texas edition! For those still unfamiliar with our monthly escapades, every month our trusty Advanced Research Center vulnerability research team...

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web...