12 matches found
CVE-2025-66021
creationtimestamp| type| source ---|---|--- 2025-11-25 00:00:02+00:00| published-proof-of-concept| https://github.com/OWASP/java-html-sanitizer/security/advisories/GHSA-g9gq-3pfx-2gw2 2026-02-20 13:38:22+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-di-sicurezza-prodotti-atlassian...
Atlassian Confluence Improper Authorization
Atlassian Confluence Server and Atlassian Confluence Data Center prior to 7.19.16 or 7.20.x prior to 8.3.4 or 8.4.x prior to 8.4.4 and 8.5.x prior to 8.5.3 are affected by an Improper Authorization. This vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence...
Confluence Data Center - Java Deserialization Vulnerability In Hazelcast - CVE-2016-10750
h3. Vulnerability Details Confluence Data Center uses the third-party software Hazelcast, which is vulnerable to Java deserialization attacks CVE-2016-10750|https://vulners.com/cve/CVE-2016-10750. Hazelcast provides functionality needed to run Confluence Data Center as a cluster. A remote,...
CVE-2017-18111
The CVE-2017-18111 issue affects Atlassian Application Links: the OAuthHelper component. Versions affected include before 5.0.10, 5.1.0 before 5.1.3, and 5.2.0 before 5.2.6. The root cause is an XML document builder that is vulnerable to XML External Entity (XXE) processing when handling a client...
Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ghostscript Type Confusion Arbitrary Command Execution', 'Description' = %q This module exploits a type confusion vulnerability in Ghostscript tha...
Ghostscript Type Confusion Arbitrary Command Execution
This module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript versions 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow. This module requires Metasploit:...
JIRA Issues Collector Directory Traversal
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'JIRA Issues Collector Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw in JIRA 6.0.3. The...
XSS Vulnerability in About Me field
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Save...
Password History Count does not work for ATLASSIAN-SECURITY directories
Testing this locally on Crowd 227, I set the password history count to 1, then tried resetting my password through the interface and through 'Forgot Password' e-mail link, but was able to consistent use old passwords. I also expired the password, forcing a password change, but that also let me...
Password History Count does not work for ATLASSIAN-SECURITY directories
Testing this locally on Crowd 227, I set the password history count to 1, then tried resetting my password through the interface and through 'Forgot Password' e-mail link, but was able to consistent use old passwords. I also expired the password, forcing a password change, but that also let me...
Atlassian's Confluence Cross Site Scripting
A while back I reported some bugs in Atlassian's Confluence. As everyone should have upgraded by now I feel that I can now release my proof of concept for CONF-21508 and CONF-21819. note - I uncovered and reported these bugs at different times. Issue 1 CONF-21508: the document macro did not...
Implement salting of user passwords
Salting and Hashing of user passwords will require us to provide an upgrade path for users since all existing passwords will become invalid. This change should use the atlassian-security password encode library SEC-1...