Gentoo Security Advisory GLSA 200904-01 (openfire)

The remote host is missing updates announced in advisory GLSA 200904-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200904-01 (openfire)

The remote host is missing updates announced in advisory GLSA 200904-01. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-200904-01 : Openfire: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200904-01 Openfire: Multiple vulnerabilities Two vulnerabilities have been reported by Federico Muttis, from CORE IMPACT's Exploit Writing Team: Multiple missing or incomplete input validations in several .jsps CVE-2009-0496...

Openfire: Multiple vulnerabilities

Background Ignite Realtime Openfire is a fast real-time collaboration server. Description Two vulnerabilities have been reported by Federico Muttis, from CORE IMPACT's Exploit Writing Team: Multiple missing or incomplete input validations in several .jsps CVE-2009-0496. Incorrect input validation...

Openfire Multiple Vulnerabilities (Mar09)

This host is running Openfire and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodopenfiremultvulnmar09.nasl 5122 2017-01-27 12:16:00Z teissa $ Openfire Multiple Vulnerabilities Mar09 Authors: Sujit Ghosal Copyright: Copyright c 2009 SecPod, http://www.secpod.com This...

Openfire < 3.6.1 Multiple Vulnerabilities

Openfire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...

Directory traversal

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. dot dot in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/...

Open redirect

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2008-6508

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. dot dot in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/...

CVE-2008-6511

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter...

CVE-2008-6510

Cross-site scripting XSS vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2008-6509

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp...

CVE-2008-6508

Openfire Openfire Admin Console is affected by a directory traversal (path traversal) vulnerability (CVE-2008-6508) in the AuthCheck filter, enabling remote attackers to bypass authentication and access the admin interface via a .. sequence in a URI that matches the Exclude-Strings list. Affected...

CVE-2008-6509

CVE-2008-6509 concerns Openfire (Jive Software) Openfire server. It is an SQL injection in the SIP plugin’s sipark-log-summary.jsp where the unsanitized input for the type parameter is used to build SQL statements. A remote attacker could execute arbitrary SQL via the type parameter, potentially ...

CVE-2008-6508

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. dot dot in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/...

CVE-2008-6510

CVE-2008-6510 is an XSS vulnerability in Openfire’s Admin Console login.jsp (Openfire, = net-im/openfire-3.6.3 to remediate. The connected documents do not provide details on exploitation in the wild.

CVE-2008-6511

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter...

CVE-2008-6511

Openfire is affected by CVE-2008-6511: an open redirect in login.jsp affects Openfire 3.6.0a and earlier, allowing remote attackers to redirect users to arbitrary sites and facilitate phishing via the url parameter. The issue is part of a set of vulnerabilities; remediation per Gentoo GLSA 200904...

CVE-2008-6509

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp...