Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution

Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit...

CVE-2016-10740

Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources...

EUVD-2013-3857

Malware in sbrugna...

EUVD-2017-9245

Malware in sbrugna...

EUVD-2018-12804

Malware in sbrugna...

EUVD-2019-10660

Malware in sbrugna...

EUVD-2016-7418

Malware in sbrugna...

EUVD-2017-9242

Malware in sbrugna...

EUVD-2017-9247

Malware in sbrugna...

EUVD-2017-9243

Malware in sbrugna...

EUVD-2017-9244

Malware in sbrugna...

EUVD-2017-9246

Malware in sbrugna...

EUVD-2016-1737

Malware in sbrugna...

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...

CVE-2013-3925

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...

Atlassian Crowd XML Entity Expansion Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Crowd XML Entity Expansion Remote File Access', 'Description' = %q This module simply attempts to read a remote file from the server...

Atlassian Crowd 3.4.x < 5.1.6 / 5.2.1 RCE (CWD-6139)

The version of Atlassian Crowd installed on the remote host is 3.4.x prior to 5.1.6, or 5.2.x prior to 5.2.1. It is, therefore, affected by a remote execution vulnerability. An authenticated, remote attacker can exploit this, to execute arbitrary code which has high impact to confidentiality, hig...

Atlassian Crowd Security Vulnerability

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization, and other functions for multiple users, web applications, and directory servers. A security vulnerability exists in Atlassian Crowd version 3.4.6 that stems from the...

Atlassian Crowd < 3.6.0 Improper Authorization Via ATST Plugin

According to its self-reported version number, the Atlassian Crowd application running on the remote host is prior to version 3.6.0. It is, therefore, shipped with a vulnerable version of the Atlassian Troubleshooting and Support plugin ATST, which permitted unprivileged users to initialte log...

Atlassian Crowd < 2.1.0 LDAP Directory Password leakage

According to its self-reported version number, the Atlassian Crowd application running on the remote host is prior to version 2.1.0. It is, therefore, affected by a LDAP directory password leakage, which permits remote attackers with administration rights to learn the passwords of configured LDAP...