CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

558 matches found

Gentoo Linux•added 2008/04/23 12:0 a.m.•53 views

Openfire: Denial of service

Background Openfire formerly Wildfire is a Java implementation of a complete Jabber server. Description Openfire's connection manager in the file ConnectionManagerImpl.java cannot handle clients that fail to read messages, and has no limit on their session's send buffer. Impact Remote authenticat...

4CVSS6.2AI score0.01657EPSS

Exploits0

Tenable Nessus•added 2008/04/14 12:0 a.m.•15 views

Openfire < 3.5.0 Queue Handling Remote DoS

Binary data 4463.prm...

4CVSS7.3AI score0.01657EPSS

Exploits0References3

NVD•added 2008/04/11 7:5 p.m.•15 views

CVE-2008-1728

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service daemon outage by triggering large outgoing queues without reading messages...

4CVSS6AI score0.01657EPSS

Exploits0References10

Cvelist•added 2008/04/11 7:0 p.m.•31 views

CVE-2008-1728

5.9AI score0.01657EPSS

Exploits0References10

CVE•added 2008/04/11 7:0 p.m.•54 views

CVE-2008-1728

CVE-2008-1728 : The Ignite Realtime Openfire 3.4.5 open-source Jabber server is affected via ConnectionManagerImpl.java, where remote authenticated users can trigger large outgoing queues without reading messages, causing a denial of service (daemon outage). The NVD entry lists a base CVSS v2 sco...

4CVSS5.9AI score0.01657EPSS

Exploits0References10Affected Software1

Tenable Nessus•added 2008/04/11 12:0 a.m.•29 views

Openfire < 3.5.0 ConnectionManagerImpl.java Queue Handling Remote DoS

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. According to its version, the installation of Openfire or Wildfire on the remote host suffers from a denial of service vulnerability that could bring the server down because it has no limit o...

4CVSS5.8AI score0.01657EPSS

Exploits0References3

FreeBSD•added 2008/04/10 12:0 a.m.•31 views

openfire -- unspecified denial of service

Secunia reports: A vulnerability has been reported in Openfire, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to an unspecified error and can be exploited to cause a Denial of Service...

4CVSS6.3AI score0.01657EPSS

Exploits0References2

seebug.org•added 2007/06/03 12:0 a.m.•19 views

Ignite Realtime Openfire未明特权提升漏洞

Ignite Realtime Openfire是一款实时协作服务程序。 Ignite Realtime Openfire存在多个问题，远程攻击者可以利用漏洞提升特权。漏洞允许恶意用户通过内置的管理控制台上传代码到Openfire而执行任意指令。目前没有详细漏洞细节提供。 Ignite Realtime Openfire 3.3 升级程序： Ignite Realtime Openfire 3.3 Ignite Realtime openfire-3.3.1-1.i386.rpm...

7.1AI score

Exploits0

Prion•added 2007/06/01 1:30 a.m.•13 views

Design/Logic Flaw

The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...

7.5CVSS8.4AI score0.02541EPSS

Exploits0References5Affected Software1

NVD•added 2007/06/01 1:30 a.m.•11 views

CVE-2007-2975

7.5CVSS7.8AI score0.02541EPSS

Exploits0References5

Cvelist•added 2007/06/01 1:0 a.m.•15 views

CVE-2007-2975

7.8AI score0.02541EPSS

Exploits0References5

CVE•added 2007/06/01 1:0 a.m.•44 views

CVE-2007-2975

CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...

7.5CVSS7.8AI score0.02541EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2007/05/30 12:0 a.m.•11 views

Openfire < 3.3.1 Admin Console Privilege Escalation

Binary data 4070.prm...

7.5CVSS7.3AI score0.02541EPSS

Exploits0References2

Tenable Nessus•added 2007/05/29 12:0 a.m.•23 views

Openfire Admin Console Remote Privilege Escalation

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. The version of Openfire or Wildfire installed on the remote host allows unauthenticated access to a servlet, which could allow a malicious user to upload code to Openfire via its admin consol...

7.5CVSS5.7AI score0.02541EPSS

Exploits0References2

NVD•added 2006/12/31 5:0 a.m.•9 views

CVE-2006-7233

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS5.8AI score0.01223EPSS

Exploits0References6

NVD•added 2005/12/31 5:0 a.m.•9 views

CVE-2005-4877

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876...

4.3CVSS5.6AI score0.00852EPSS

Exploits0References2

NVD•added 2005/12/31 5:0 a.m.•11 views

CVE-2005-4876

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than...

4.3CVSS5.8AI score0.00852EPSS

Exploits0References2

Tenable Nessus•added 2004/08/18 12:0 a.m.•14 views

Openfire < 3.6.4 Arbitrary Password Manipulation

Binary data 5018.prm...

6.5CVSS7.3AI score0.02228EPSS

Exploits2References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by