558 matches found
Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability
Exploit for unknown platform in category web applications ======================================================================== Openfire Server = 3.6.0a Auth Bypass/SQL/XSS Multiple Vulnerabilities ======================================================================== Advisory: Openfire Serv...
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a Remotely Exploitable: Yes Risk:...
AKADV2008-001-v1.0.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Serve...
openfire -- multiple vulnerabilities
Andreas Kurtz reports: The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Authentication bypass - This vulnerabili...
Gentoo Security Advisory GLSA 200804-26 (openfire)
The remote host is missing updates announced in advisory GLSA 200804-26. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200804-26 (openfire)
The remote host is missing updates announced in advisory GLSA 200804-26. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: openfire
The remote host is missing an update to the system as announced in the referenced advisory. VID b84a992a-12ab-11dd-bab7-0016179b2dd5 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: openfire
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2005-4877
Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876...
CVE-2005-4876
The CVE describes an XSS in Openfire’s admin console login.jsp. Affected: Openfire (Wildfire) 2.2.2, and possibly earlier than 2.3.0 Beta 2. The vulnerability arises from improper handling of the username parameter, allowing remote attackers to inject arbitrary script/HTML. This is a component-le...
CVE-2005-4876
Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than...
CVE-2006-7233
Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-2006-7233
Openfire (formerly Wildfire) 2.6.0 admin console login.jsp suffers a Cross-site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter, potentially affecting versions prior to 3.5.3. The description does not specify a concrete...
CVE-2005-4877
Openfire 2.3.0 Beta 2 (formerly Wildfire) is affected by CVE-2005-4877, a cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console. The issue arises from the username parameter, where remote attackers can inject arbitrary web script or HTML via Javascript events...
Openfire 3.5.2 - login.jsp Cross-Site Scripting
Openfire 3.5.2 - login.jsp Cross-Site Scripting...
Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30696/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
FreeBSD : openfire -- unspecified denial of service (b84a992a-12ab-11dd-bab7-0016179b2dd5)
Secunia reports : A vulnerability has been reported in Openfire, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to an unspecified error and can be exploited to cause a Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
GLSA-200804-26 : Openfire: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200804-26 Openfire: Denial of Service Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Impact : Remote...
OpenFire jabber server DoS
Memory exhaustion if client fails to receive messages...
[ GLSA 200804-26 ] Openfire: Denial of Service
Gentoo Linux Security Advisory GLSA 200804-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...