FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openfire -- multiple vulnerabilities

Affected packages
openfire < 3.6.3

Details

VuXML ID c3aba586-ea77-11dd-9d1e-000bcdc1757a
Discovery 2009-01-08
Entry 2009-01-25
Modified 2010-05-02

Core Security Technologies reports:

Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code.

References

Bugtraq ID 32935
Bugtraq ID 32937
Bugtraq ID 32938
Bugtraq ID 32939
Bugtraq ID 32940
Bugtraq ID 32943
Bugtraq ID 32944
Bugtraq ID 32945
CVE Name CVE-2009-0496
CVE Name CVE-2009-0497
URL http://www.coresecurity.com/content/openfire-multiple-vulnerabilities