Openfire 3.10.2 - Privilege Escalation

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product:...

Openfire 3.10.2 - Unrestricted Arbitrary File Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-FILE-UPLOAD.txt Vendor: ========================================= www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product:...

Openfire 3.10.2 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

Openfire 3.10.2 Cross Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

Openfire XMPP Server Man-in-the-Middle Attack Vulnerability

Openfire XMPP Server is a Java development and based on XMPP cross-platform open source real-time collaboration RTC server , it can build efficient instant messaging server . Openfire XMPP Server has a security vulnerability that allows attackers to exploit the vulnerability to conduct...

OpenFire certificate validation vulnerability

No description provided...

Incorrect handling of self signed certificates in OpenFire XMPP Server

Incorrect handling of self signed certificates in OpenFire XMPP Server Affected software: OpenFire XMPP server Affected versions: 3.9.3 and earlier Vulnerabilities addressed: CVE-2014-3451, CVE-2015-2080 Openfire is a real time collaboration RTC server licensed under the Open Source Apache Licens...

Openfire < 3.9.2 XMPP-Layer DoS

The remote host is running a version of Openfire prior to 3.9.2. It is, therefore, affected by an XMPP-layer denial of service vulnerability. The vulnerability exists in 'nio/XMLLightweightParser.java' which fails to properly restrict the processing of compressed XML elements, which allows remote...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities

No description provided by source. Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a...

Openfire <= 3.6.2 'log.jsp' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32940/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Openfire <= 3.6.0a Admin Console Authentication Bypass

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Openfire <= 3.6.2 'user-properties.jsp' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32938/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Openfire 3.6.2 'log.jsp' Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32945/info Openfire is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could...

Openfire 3.x jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized access to the affected application a...

Openfire <= 3.6.2 'group-summary.jsp' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32937/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Openfire <= 3.5.2 'login.jsp' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30696/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Openfire 3.6.4 - Multiple CSRF Vulnerabilities

No description provided by source. Title: Multiple CSRF Vulnerabilities in Openfire 3.6.4 Administrative Section ------------------------------------------------------------------------ ------------------------------------------------------------------------ -- Project: Openfire Severity: High...

GLSA-201406-35 : Openfire: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-35 Openfire: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of...

Openfire: Multiple vulnerabilities

Background Openfire is a real time collaboration RTC server. Description Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition or bypass security...

Openfire contains an uncontrolled resource consumption vulnerability

Overview Openfire 3.9.1, and possibly earlier versions, contains an uncontrolled resource consumption CWE-400 vulnerability when using XMPP DEFLATE message compression. Description Openfire 3.9.1, and possibly earlier versions, contains an uncontrolled resource consumption CWE-400 vulnerability...