Lucene search
K

454 matches found

Tenable Nessus
Tenable Nessus
added 2017/03/23 12:0 a.m.18 views

Atlassian Crowd 2.6.x < 2.6.3 Information Disclosure

Binary data 700021.prm...

5.8CVSS7.3AI score0.01758EPSS
Exploits1References3
n0where
n0where
added 2017/03/17 6:13 a.m.64 views

Online Malware & URL Analysis: MalSub

Online Malware & URL Analysis malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces APIs . It supports submitting files or URLs for analysis, retrieving reports by hash values, domains,...

0.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/03/15 12:0 a.m.268 views

Atlassian Crowd Struts2 RCE Vulnerability (CWD-4879)

Atlassian Crowd is prone to a remote code execution RCE vulnerability in Struts2. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

10CVSS10AI score0.99999EPSS
Exploits44References3
Atlassian
Atlassian
added 2017/03/10 4:31 a.m.835 views

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...

10CVSS1.4AI score0.99999EPSS
Exploits44Affected Software1
Atlassian
Atlassian
added 2017/03/10 4:31 a.m.101 views

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...

10CVSS1.4AI score0.99999EPSS
Exploits44
Tenable Nessus
Tenable Nessus
added 2017/01/24 12:0 a.m.10 views

Atlassian Crowd 2.x < 2.11.0 Information Disclosure

Binary data 9903.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/24 12:0 a.m.16 views

Atlassian Crowd < 2.5.2 Information Disclosure

Binary data 9901.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/23 12:0 a.m.12 views

Atlassian Crowd Version Detection

Binary data 9900.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/23 12:0 a.m.5 views

Atlassian Crowd < 2.5.3 Information Disclosure

Binary data 9902.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/23 12:0 a.m.10 views

Atlassian Crowd Detection

Binary data 9899.prm...

7.3AI score
Exploits0References1
OSV
OSV
added 2016/12/09 10:59 p.m.3 views

CVE-2016-6496

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...

9.8CVSS6.1AI score0.04705EPSS
Exploits0References5
Prion
Prion
added 2016/12/09 10:59 p.m.19 views

Design/Logic Flaw

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...

7.5CVSS8.2AI score0.04705EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2016/12/09 10:0 p.m.26 views

CVE-2016-6496

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...

9.7AI score0.04705EPSS
Exploits0References5
CVE
CVE
added 2016/12/09 10:0 p.m.61 views

CVE-2016-6496

CVE-2016-6496 affects Atlassian Crowd LDAP entry handling. The LDAP directory connector is vulnerable to LDAP Java object injection: an attacker can cause remote code execution by sending a crafted serialized Java object in an LDAP attribute. Affected versions are all Crowd 1.4.1 to 2.8.7 (and 2....

9.8CVSS9.6AI score0.04705EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2016/11/04 12:0 a.m.18 views

Atlassian Crowd Detection (HTTP)

HTTP based detection of Atlassian Crowd. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute...

7.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/04 12:0 a.m.26 views

Atlassian Crowd LDAP Java Object Injection Vulnerability (CWD-4790)

Atlassian Crowd is prone to a LDAP Java object injection vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

9.8CVSS9.6AI score0.04705EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/27 12:0 a.m.5 views

Atlassian Crowd LDAP Entry Injection Vulnerability

Atlassian Crowd is a web-based single sign-on system. A security vulnerability exists in Atlassian Crowd that could be exploited by a remote attacker to submit a special LDAP entry that injects malicious elements to execute arbitrary code...

9.8CVSS7.5AI score0.04705EPSS
Exploits0References1
Atlassian
Atlassian
added 2016/09/26 7:5 a.m.96 views

CVE-2016-6496: LDAP Java Object Injection in Crowd

The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries. To exploit this issue, attackers need to modify an entry in your LDAP directory or successfully execute a Man-in-The-Middle attack between an LDAP serve...

9.8CVSS2.5AI score0.04705EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/09/26 7:5 a.m.34 views

CVE-2016-6496: LDAP Java Object Injection in Crowd

The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries. To exploit this issue, attackers need to modify an entry in your LDAP directory or successfully execute a Man-in-The-Middle attack between an LDAP serve...

9.8CVSS2.5AI score0.04705EPSS
Exploits0
Atlassian
Atlassian
added 2016/03/02 3:36 p.m.21 views

Responses with Set-Cookie header cached

h3. Context We have Jira running with SSO from Crowd. Jira is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get the Crowd...

0.3AI score
Exploits0Affected Software1
Rows per page
Query Builder