Ignite Realtime community - Security Researcher - Exploit Intelligence Platform

CVE-2019-18393 NOMISEC MEDIUM STUB

Openfire < 4.4.2 - Path Traversal via PluginServlet.java

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

CVSS 5.3

View Code

CVE-2019-18394 NOMISEC CRITICAL STUB

Ignite Realtime Openfire < 4.4.2 - Server-Side Request Forgery via FaviconServlet

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

CVSS 9.8

View Code

CVE-2019-18393 NOMISEC MEDIUM STUB

Openfire < 4.4.2 - Path Traversal via PluginServlet.java

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

CVSS 5.3

View Code

CVE-2019-18394 NOMISEC CRITICAL STUB

Ignite Realtime Openfire < 4.4.2 - Server-Side Request Forgery via FaviconServlet

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

CVSS 9.8

View Code