Full title: Openfire 3.8.2 server new admin password/add new admin Exploit 
Category: web applications
Platform: multiple
This expoit use multiple vulnerabilites in Openfire.
Openfire admin must visit exploit link.
Attacker can create new admin or change admin password.

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.

# 0day.today @ http://0day.today/