Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

559 matches found

OSV
OSVadded 2019/10/24 11:15 a.m.10 views

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...

5.3CVSS7.1AI score
Exploits0References2
OSV
OSVadded 2019/10/24 11:15 a.m.10 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

9.8CVSS7.2AI score
Exploits0References2
Prion
Prionadded 2019/10/24 11:15 a.m.15 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

7.5CVSS8.6AI score0.32304EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2019/10/24 11:15 a.m.11 views

Directory traversal

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...

5CVSS5.2AI score0.13945EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2019/10/24 10:58 a.m.17 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

8.7AI score0.32304EPSS
Exploits1References2
CVE
CVEadded 2019/10/24 10:58 a.m.231 views

CVE-2019-18394

Ignite Realtime Openfire before version 4.4.3 is affected by a Server-Side Request Forgery (SSRF) in FaviconServlet.java, allowing attackers to send arbitrary HTTP GET requests. The vulnerability affects Openfire up to 4.4.2; exploitation is facilitated by the SSRF flaw in the FaviconServlet. Rem...

9.8CVSS8.5AI score0.32304EPSS
In wildExploits1References2Affected Software1
Cvelist
Cvelistadded 2019/10/24 10:58 a.m.19 views

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...

5.6AI score0.13945EPSS
Exploits1References2
CVE
CVEadded 2019/10/24 10:58 a.m.107 views

CVE-2019-18393

Openfire

5.3CVSS5.5AI score0.13945EPSS
In wildExploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2019/10/24 12:0 a.m.22 views

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Recent assessments: ericalexanderorg at August 04, 2020 4:44pm UTC reported: More detail: Stupid easy GET...

5.3CVSS2.1AI score0.13945EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2019/10/24 12:0 a.m.23 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Recent assessments: ericalexanderorg at August 04, 2020 4:42pm UTC reported: More detail Stupid easy SSRF...

9.8CVSS2.7AI score0.32304EPSS
Exploits1References3
Packet Storm
Packet Stormadded 2019/10/11 12:0 a.m.217 views

Openfire 4.4.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1 Affected Software: Openfire Affected Versions: 4.4.1 Vendor Homepage: https://www.igniterealtime.org/ Vulnerability Type: Cross-site Scripting Severity: Medium Status: Fix...

7.4AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2019/10/03 12:0 a.m.2 views

PT-2019-5531 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Openfire versions through 4.4.2 Description: A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java allows attackers to send arbitrary HTTP GET requests. The issue is related to insufficient validation of incoming requests,...

10CVSS7.5AI score0.32304EPSS
Exploits1References13
Github Security Blog
Github Security Blogadded 2019/08/27 5:37 p.m.37 views

Cross-site Scripting in Ignite Realtime Openfire

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

6.1CVSS2AI score0.00905EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2019/08/27 5:37 p.m.21 views

GHSA-5QFV-RR79-CHX5 Cross-site Scripting in Ignite Realtime Openfire

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

6.1CVSS5.9AI score0.00905EPSS
Exploits0References4
CNVD
CNVDadded 2019/08/27 12:0 a.m.3 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2019-29164)

Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...

6.1CVSS6.3AI score0.00905EPSS
Exploits0References1
Veracode
Veracodeadded 2019/08/26 6:31 a.m.24 views

Cross-site Scripting (XSS)

Openfire Core XMPP Server is vulnerable to cross-site scripting XSS. The attack is possible because it does not sanitize the parameters in LDAP setup test, allowing an attacker to inject arbitrary script through it...

6.1CVSS4AI score0.00905EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2019/08/23 1:15 p.m.14 views

CVE-2019-15488

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

6.1CVSS6AI score0.00905EPSS
Exploits0References2
OSV
OSVadded 2019/08/23 1:15 p.m.10 views

CVE-2019-15488

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

6.1CVSS6.2AI score
Exploits0References2
Prion
Prionadded 2019/08/23 1:15 p.m.14 views

Cross site scripting

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

4.3CVSS5.9AI score0.00905EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/08/23 12:37 p.m.14 views

CVE-2019-15488

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

6AI score0.00905EPSS
Exploits0References2
Rows per page
Query Builder