559 matches found
Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting (CVE-2015-6972)
A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "search" parameter within the group-summary.jsp page. By convincing an authenticated user to visit a malicious website, a remote attacker can explo...
CVE-2016-1307
The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...
CVE-2016-1307
The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...
Hardcoded credentials
The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...
CVE-2016-1307
CVE-2016-1307 affects Cisco Finesse Desktop and Cisco Unified Contact Center Express Openfire server. A default, non-changeable XMPP account enables unauthenticated remote login to the Openfire service, allowing access via XMPP with a non-administrative account. Cisco’s advisory Cisco Security Ad...
CVE-2016-1307
The Openfire server in Cisco Finesse Desktop 10.51 and 11.01 and Unified Contact Center Express 10.61 has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085...
Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability
A vulnerability in the Extensible Messaging and Presence Protocol XMPP in the Cisco Finesse Desktop and Cisco Unified Contact Center Express applications could allow an unauthenticated, remote attacker to log in to the device with a default account with a static password. This account provides...
Openfire 3.10.2 CSRF Vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...
OpenFire <= 3.10.2 Multiple Vulnerabilities
OpenFire Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...
Ignite Realtime Openfire server-props.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire's server-props.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrative privileges to visit a page which...
Ignite Realtime Openfire user-create.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire's user-create.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which...
Ignite Realtime Openfire Elevation of Privilege Vulnerability
Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...
Ignite Realtime Openfire user-password.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire user-password.jsp. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrative privileges to visit a page which sends a...
Ignite Realtime Openfire server-session-details.jsp Cross-Site Scripting
A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "hostname" parameter within the server-session-details.jsp page. By convincing an authenticated administrator to visit a malicious website, a remot...
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp...
Code injection
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp...
CVE-2015-7707
Openfire 3.10.2 is affected by CVE-2015-7707, where remote authenticated users can gain administrator access via the isadmin parameter in user-edit-form.jsp. This is part of a set of linked issues (CVE-2015-6972/6973/7707) that also include CSRF and XSS vulnerabilities, enabling privilege escalat...
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp...
Gentoo Security Advisory GLSA 201406-35
Gentoo Linux Local Security Checks GLSA 201406-35 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Multiple Cross-Site Request Forgery Vulnerabilities in Ignite Realtime Openfire
Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...