Lucene search
K

128 matches found

Atlassian
Atlassian
added 2015/02/05 8:33 p.m.23 views

Authentication fails on Push to Stash

When I attempt to Push commit of a few dozen files to the Stash-hosted Git repository, I receive the attached error indicating an authentication failure...

2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/02/05 8:33 p.m.17 views

Authentication fails on Push to Stash

When I attempt to Push commit of a few dozen files to the Stash-hosted Git repository, I receive the attached error indicating an authentication failure...

2AI score
Exploits0
Atlassian
Atlassian
added 2014/07/22 5:5 a.m.21 views

XSS when adding Stash Linked Repositories

Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...

Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/22 5:5 a.m.23 views

XSS when adding Stash Linked Repositories

Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

IBM WebSphere 2.0/3.0 ikeyman Weak Encrypted Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1763/info IBM WebSphere ships with a tool called 'ikeyman' that encrypts server certificates/key pairs when the IBM HTTP Server and SSL connections are enabled. Ikeyman stores the password in a stash file which can be...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Stash 1.0.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. Stash v1.0.3 Admin bypass / Remote File Disclosure AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2014/06/06 7:21 a.m.19 views

Cannot create page/s using "Create Page" Button

We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...

Exploits0
Atlassian
Atlassian
added 2014/06/03 6:36 p.m.26 views

Stash uses plain text passwords in the database for the Crowd User Directory

I managed to accidentely lock myself out of my stash instance this morning during a routine upgrade and while looking for the name of a local stash user account I noticed that the password for the Crowd User Directory I'd setup incorrectly was stored as plain text in table cwddirectoryattribute...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/06/03 6:36 p.m.22 views

Stash uses plain text passwords in the database for the Crowd User Directory

I managed to accidentely lock myself out of my stash instance this morning during a routine upgrade and while looking for the name of a local stash user account I noticed that the password for the Crowd User Directory I'd setup incorrectly was stored as plain text in table cwddirectoryattribute...

6.7AI score
Exploits0
Atlassian
Atlassian
added 2014/03/14 12:35 a.m.20 views

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

1.3AI score
Exploits0
Atlassian
Atlassian
added 2014/03/14 12:35 a.m.27 views

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/21 4:35 a.m.57 views

Privilege escalation

We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...

3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/11/21 4:35 a.m.15 views

Privilege escalation

We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...

3AI score
Exploits0
Atlassian
Atlassian
added 2013/07/17 12:10 a.m.22 views

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...

2.4AI score
Exploits0
Atlassian
Atlassian
added 2013/07/17 12:10 a.m.37 views

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access

Able to create a repository from Source Tree on a Stash project on which i do not have 'admin' access. On Stash, only admin access will have option to create repositories, however Source Tree allows users to create repository on a Stash project where users have only 'write' access. This is a majo...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/21 4:29 a.m.46 views

Upgrade bundled Tomcat due to security vulnerabilities

There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32: CVE-2013-2067|http://mail-archives.apache.org/modmbox/www-announce/201305.mbox/%[email protected]%3E...

6.8CVSS2.5AI score0.11001EPSS
Exploits5
Atlassian
Atlassian
added 2013/05/21 4:29 a.m.81 views

Upgrade bundled Tomcat due to security vulnerabilities

There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32: CVE-2013-2067|http://mail-archives.apache.org/modmbox/www-announce/201305.mbox/%[email protected]%3E...

6.8CVSS2.5AI score0.11001EPSS
Exploits5Affected Software1
Atlassian
Atlassian
added 2012/08/20 4:13 a.m.22 views

Persistent Cross Site Scripting Vulnerability

We have identified and fixed a persistent cross-site scripting XSS vulnerabilities that affects Stash instances, including publicly available instances that is, Internet-facing servers. XSS vulnerabilities allow an attacker to embed their own JavaScript into a Stash page. More information is...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2012/08/20 4:13 a.m.20 views

Persistent Cross Site Scripting Vulnerability

We have identified and fixed a persistent cross-site scripting XSS vulnerabilities that affects Stash instances, including publicly available instances that is, Internet-facing servers. XSS vulnerabilities allow an attacker to embed their own JavaScript into a Stash page. More information is...

1.7AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2009/12/30 12:0 a.m.31 views

Stash 1.0.3 Cross Site Scripting

Author: Author: Mr.SeCreT E-mail: [email protected] From: Syria http://english.islamweb.net/ Script Information: Script: Stash 1.0.3 Remote XSS Vulnerability Language: PHP Download: http://garr.dl.sourceforge.net/project/nice-stash/Stash%20CMS/1.0.3/stash-1.0.3.zip Vul Code: footer.inc.php: "My In...

Exploits0
Rows per page
Query Builder