110 matches found
Security Vulnerability in Confluence Remote API
We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...
Security Vulnerability in Confluence Remote API
We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API allows an attacker to escalate user privileges, excluding the level of syst...
CVE-2009-4261
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...
DEBIAN-CVE-2009-4261
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...
CVE-2009-4261
Ganeti CVE-2009-4261 affects the iallocator framework with path sanitization errors in Ganeti versions 1.2.4–1.2.8, 2.0.0–2.0.4, and 2.1.0 before 2.1.0~rc2. The vulnerability allows (1) remote attackers to execute arbitrary programs via a crafted external script name through the HTTP remote API (...
CVE-2009-4261
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...
CVE-2009-4261
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...
Need ability to limit use of remote API to certain users, or a certain group
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...
Need ability to limit use of remote API to certain users, or a certain group
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...
Need ability to limit use of remote API to certain users, or a certain group
The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many pages can take several minutes, and all other users are locked from the wiki until it completes Reading or writing pages too rapidly through the API can impact the responsiveness of...