20 matches found
Exploit for Injection in Apache Solr
Apache-Solr-RCE-CVE-2019-17558 🛡️ Apache Solr Remote Code E...
CVE-2020-4027
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version...
Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...
Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...
Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Atlassian Confluence Widget Connector Macro Velocity Template Injection", 'Description' = %q Widget Connector Macro is part of Atlassian Confluen...
Atlassian Confluence Widget Connector Macro Velocity Template Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Atlassian Confluence Widget Connector Macro Velocity Template Injection", 'Description' = %q Widget Connector Macro is part of Atlassian Confluen...
Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...
Atlassian Confluence Widget Connector Macro Velocity Template Injection
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is...
Atlassian HipChat for Jira Plugin Velocity Template Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'json' class Metasploit3 "Atlassian HipChat for Jira Plugin Velocity Template Injection", 'Description' = %q Atlassian Hipchat is a web service...
Atlassian HipChat for Jira Plugin Velocity Template Injection
Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collaboration at real time. A message can be used to inject Java code into a Velocity template, and gain code execution as Jira. Authentication is required to exploit this...
JIRA and HipChat for JIRA Plugin - Velocity Template Injection
JIRA and HipChat for JIRA Plugin - Velocity Template Injection JIRA and HipChat for JIRA plugin Velocity Template Injection Vulnerability Date: 2015-08-26 CVE ID: CVE-2015-5603 Vendor Link:...
JIRA and HipChat for JIRA Plugin Velocity Template Injection Vulnerability
Exploit for java platform in category web applications JIRA and HipChat for JIRA plugin Velocity Template Injection Vulnerability Date: 2015-08-26 CVE ID: CVE-2015-5603 Vendor Link: https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html...
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...
Design/Logic Flaw
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."...
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."...
CVE-2015-5603
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."...
CVE-2015-5603
The CVE-2015-5603 issue affects Atlassian Jira when used with the HipChat for Jira plugin (versions prior to 6.30.0). An authenticated Jira user can trigger a Velocity Template Injection in the plugin, enabling arbitrary Java code execution. Exploitation targets the plugin’s template handling and...
CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...
CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...
CVE-2015-5603: HipChat for JIRA plugin - Velocity Template Injection
We internally discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the...