CVE-2017-15911

The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...

Open Fire User Import Export Plugin XML External Entity Injection(CVE-2017-2815)

Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

Openfire 3.10.2 - Multiple Vulnerabilities

Product: Openfire 3.10.2 Openfire is a real time collaboration RTC server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP also called Jabber. Vulnerability Type: Unrestricted File Upload Vulnerability Details: Application...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Vulnerability description: -------------------------- The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. 1...

OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities

Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 Product Description OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime community. The actual version of the product is...

Openfire 3.6.4 Multiple CSRF Vulnerabilities

Product Description: Openfire is a real time collaboration RTC server licensed under the Open Source GPL. It uses the only widely adopted open protocol for instant messaging, XMPP also called Jabber. Openfire is incredibly easy to setup and administer, but offers rock-solid security and...

CVE-2014-3451

OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks...

Design/Logic Flaw

OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks...

CVE-2014-3451

OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks...

CVE-2014-3451

OpenFire XMPP Server prior to 3.10 is affected by CVE-2014-3451 due to incorrect handling of self-signed certificates, allowing potential spoofing. The root cause is improper certificate validation for self-signed certificates. The vulnerability is addressed in the 3.10 release (OF-405). No explo...

Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched

Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers, Talos has also...

Open Fire User Import Export Plugin XML External Entity Injection

Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

GLSA-201612-50 : Openfire: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-50 Openfire: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could bypass the CSRF protection...

Openfire: Multiple vulnerabilities

Background Openfire formerly Wildfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. Description Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact A remote attacker could bypass...

[ASA-201612-21] openfire: multiple issues

Arch Linux Security Advisory ASA-201612-21 ========================================== Severity: High Date : 2016-12-23 CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707 Package : openfire Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-15 Summary ======= The package...

OpenFire 3.10.2 4.0.1 - Multiple Vulnerabilities

OpenFire 3.10.2 4.0.1 - Multiple Vulnerabilities Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 Product Description OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime...

OpenFire 3.10.2 &lt; 4.0.1 - Multiple Vulnerabilities

Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 Product Description OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime community. The actual version of the product is...

OpenFire 4.0.1 Cross Site Request Forgery / Cross Site Scripting

Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 Product Description OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime community. The actual version of the product is...

OpenFire 3.10.2 < 4.0.1 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Several vulnerabilities doscovered in OpenFire version 3.10.2 to 4.0.1 Product Description OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realti...

Cisco Finesse Desktop and Unified Contact Center Express Privilege Gain Vulnerability

Cisco Finesse Desktop and Unified Contact Center Express Unified CCX are both products of Cisco, Inc.Cisco Finesse Desktop is a suite of software for next-generation agent and desktop management in customer collaboration solutions; Unified CCX is a customer relationship management component of a...