4 matches found
[ASA-201612-21] openfire: multiple issues
Arch Linux Security Advisory ASA-201612-21 ========================================== Severity: High Date : 2016-12-23 CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707 Package : openfire Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-15 Summary ======= The package...
OpenFire <= 3.10.2 Multiple Vulnerabilities
OpenFire Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp...
CVE-2015-7707
Openfire 3.10.2 is affected by CVE-2015-7707, where remote authenticated users can gain administrator access via the isadmin parameter in user-edit-form.jsp. This is part of a set of linked issues (CVE-2015-6972/6973/7707) that also include CSRF and XSS vulnerabilities, enabling privilege escalat...