Ignite Realtime Openfire <4.42 - Local File Inclusion

Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory. id: CVE-2019-18393 info: name: Ignite Realtime Openfire 4.42 - Local File Inclusion author: pikpikcu severity...

Openfire 4.8.0 Code Injection

============================================================================================================================================= | Title : Openfire release 4.8.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire Authentication Bypass This reposito...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py O...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire's administrative console the Admin...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 Openfire Console Authentication Bypass Vulnerab...

Cross-site Scripting (XSS) - Generic in igniterealtime/openfire-bookmarks-plugin

Description openfire-bookmarks-plugin is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Download openfire and install https://www.igniterealtime.org/downloads/ 2. Run the server http://localhost:9090/index.jsp 3. Click on "Plugins" http://localhost:9090/plugin-admin.jsp and install...

Openfire 4.4.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1 Affected Software: Openfire Affected Versions: 4.4.1 Vendor Homepage: https://www.igniterealtime.org/ Vulnerability Type: Cross-site Scripting Severity: Medium Status: Fix...

community.igniterealtime.org XSS vulnerability

Vulnerable URL: https://community.igniterealtime.org/external-link.jspa?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 18.12.2016 Latest check for patch:| 18.12.2016 12:29 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities

Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...

Openfire 3.10.2 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Openfire 3.10.2 - Unrestricted File Upload Vendor: ========================================= www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================ Openfire 3.10.2 Openfire...

Openfire 3.10.2 - Unrestricted Arbitrary File Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-FILE-UPLOAD.txt Vendor: ========================================= www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product:...

Incorrect handling of self signed certificates in OpenFire XMPP Server

Incorrect handling of self signed certificates in OpenFire XMPP Server Affected software: OpenFire XMPP server Affected versions: 3.9.3 and earlier Vulnerabilities addressed: CVE-2014-3451, CVE-2015-2080 Openfire is a real time collaboration RTC server licensed under the Open Source Apache Licens...

Openfire Admin Console Detection

An Openfire admin console was detected on the remote host. Openfire is a collaboration server based on the XMPP Jabber protocol. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid51142; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

Openfire Multiple Vulnerabilities (Mar09)

This host is running Openfire and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodopenfiremultvulnmar09.nasl 5122 2017-01-27 12:16:00Z teissa $ Openfire Multiple Vulnerabilities Mar09 Authors: Sujit Ghosal Copyright: Copyright c 2009 SecPod, http://www.secpod.com This...

OpenFire < 3.6.3 Multiple Vulnerabilities

OpenFire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...

Openfire Server &lt;= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities

No description provided by source. Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a...