FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
937adf01-b64a-11dd-a55e-00163e000016openfire -- multiple vulnerabilities

Andreas Kurtz reports:

The jabber server Openfire (<= version 3.6.0a) contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level.

  1. Authentication bypass - This vulnerability provides an attacker full access to all functions in the admin webinterface without providing any user credentials. The Tomcat filter which is responsible for authentication could be completely circumvented.
  2. SQL injection - It is possible to pass SQL statements to the backend database through a SQL injection vulnerability. Depending on the particular runtime environment and database permissions it is even possible to write files to disk and execute code on operating system level.
  3. Multiple Cross-Site Scripting - Permits arbitrary insertion of HTML- and JavaScript code in login.jsp. An attacker could also manipulate a parameter to specify a destination to which a user will be forwarded to after successful authentication.

Discovery 2008-11-07
Entry 2008-11-19
Modified 2010-05-02
openfire
< 3.6.1

CVE-2008-6510
CVE-2008-6511
CVE-2008-6508
CVE-2009-1595
CVE-2008-1728
CVE-2008-6509
http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
http://secunia.com/Advisories/32478/
c3aba586-ea77-11dd-9d1e-000bcdc1757aopenfire -- multiple vulnerabilities

Core Security Technologies reports:

Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code.


Discovery 2009-01-08
Entry 2009-01-25
Modified 2010-05-02
openfire
< 3.6.3

32935
32937
32938
32939
32940
32943
32944
32945
CVE-2009-0496
CVE-2009-0497
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
e3e30d99-58a8-4a3f-8059-a8b7cd59b881openfire -- Openfire No Password Changes Security Bypass

Secunia reports:

A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.


Discovery 2009-05-04
Entry 2009-05-04
Modified 2010-05-02
openfire
< 3.6.4

CVE-2009-1596
http://secunia.com/advisories/34984/
http://www.igniterealtime.org/issues/browse/JM-1532
http://www.igniterealtime.org/community/message/190288#190288