23 matches found
EUVD-2017-8034
Malware in sbrugna...
EUVD-2018-17010
Malware in sbrugna...
EUVD-2019-10661
Malware in sbrugna...
EUVD-2017-9248
Malware in sbrugna...
EUVD-2019-10656
Malware in sbrugna...
EUVD-2017-9233
Malware in sbrugna...
Atlassian JIRA < 7.13.12 / 8.x < 8.5.4 / 8.6.x < 8.6.1 'Atlassian Application Links' Plugin Privilege Escalation
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is before 7.13.12, or 8.x before 8.5.4, or 8.6.x before 8.6.1. It is, therefore, affected by an improper authorization check related to the Atlassian Application Links plugin that allows ...
Atlassian Application Links plugin Access Control Error Vulnerability
Atlassian Application Links is a plug-in from Atlassian Australia that is used in Atlassian products to create buttons that connect to other applications. An access control error vulnerability exists in the Atlassian Application Links plugin. The vulnerability arises from a network system or...
CVE-2019-20105
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have...
CVE-2019-20105
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have...
Improper access control
The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have...
Atlassian JIRA 8.5.x / 8.6.x 'Atlassian Application Links' Plugin CSRF
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is 8.5.x or 8.6.x. It is, therefore, affected by an input-validation flaw related to the Atlassian Application Links plugin that allows cross-site request forgery attacks. %NASLMINLEVEL...
CVE-2019-20100
The Atlassian Application Links plugin is vulnerable to cross-site request forgery CSRF. The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version...
Application Links Information Disclosure Vulnerability
Atlassian Application Links is a plug-in from Atlassian Australia for creating buttons in Atlassian products to connect to other applications. A security vulnerability exists in the ListEntityLinksServlet resource in Atlassian Application Links. An attacker could exploit the vulnerability to...
Xxe
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked...
CVE-2017-18111
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked...
Atlassian Application Links Cross-Site Scripting Vulnerability (CNVD-2018-10218)
Atlassian Application Links is a plug-in from Atlassian Australia that is used in Atlassian products to create buttons that connect to other applications. A cross-site scripting vulnerability exists in the invalidRedirectUrl template in Atlassian Application Links versions prior to 5.2.7, 5.3.0...
Cross site scripting
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the redirectUrl...
CVE-2017-16860
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the redirectUrl...
Atlassian Application Links Cross-Site Scripting Vulnerability
Atlassian Application Links is a plug-in from Atlassian Australia that is used in Atlassian products to create buttons that connect to other applications. A cross-site scripting vulnerability exists in several managed application link resources in Atlassian Application Links versions prior to...