30 matches found
CVE-2019-20528
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...
CVE-2019-20366
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...
EUVD-2020-22821
Malware in sbrugna...
EUVD-2015-7608
Malware in sbrugna...
EUVD-2019-0622
Malware in sbrugna...
EUVD-2020-22889
Malware in sbrugna...
EUVD-2020-17318
Malware in sbrugna...
EUVD-2005-4868
Malware in sbrugna...
EUVD-2005-4867
Malware in sbrugna...
EUVD-2020-22887
Malware in sbrugna...
EUVD-2022-4408
Malicious code in bioql PyPI...
EUVD-2022-4044
Malicious code in bioql PyPI...
Openfire < 5.0.2 / 5.1.0 Identity Spoofing
The remote host is running a version of Openfire that is affected by an identity spoofing vulnerability. Openfireâs SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1...
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
CVE-2020-35201
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...
CVE-2019-15488
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...
Exploit for Path Traversal in Igniterealtime Openfire
It is an exploit module for Openfire, a Jabber/XMPP server. The...
Exploit for Path Traversal in Igniterealtime Openfire
It is an offensive tool for Openfire. This repository contains a...