155 matches found
Jetty 9.4.37.v20210219 Information Disclosure
Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Date: 2021-10-21 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and...
Jetty 9.4.37.v20210219 - Information Disclosure Vulnerability
Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and 9.4.38.v20210224 Tested...
MariaDB: Path Traversal CVE-2021-26086 CVE-2021-26085
These vulnerabilities were found with https://trickest.com https://trickest.io CVE-2021-26085: ===================== https://jira.mariadb.org:/s/123cfx//;/WEB-INF/web.xml CVE-2021-26086: ===================== https://jira.mariadb.org/s/cfx//;/WEB-INF/web.xml Video explanation: -------------------...
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
Exploit Title: Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6,...
Exploit for Path Traversal in Atlassian Jira_Data_Center
CVE-2021-26086 Atlassian Jira Server/Data Center 8.4.0 - Limit...
Exploit for Forced Browsing in Atlassian Confluence_Data_Center
CVE-2021-26085 Atlassian Confluence Server 7.5.1 Pre-Authoriza...
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Vulnerability
Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ version 7.12.3 Tested o...
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ versio...
Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability
Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0 ≤ version...
Atlassian Confluence Server 7.5.1 Arbitrary File Read
Exploit Title: Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability Date: 2021-10-05 Exploit Author: Mayank Deshmukh Author email: [email protected] Vendor Homepage: https://www.atlassian.com/ Software Link:...
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
Path traversal
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
CVE-2021-26086
CVE-2021-26086 affects Atlassian Jira Server/Data Center via a path traversal in /WEB-INF/web.xml. Affected versions are pre-8.5.14, 8.6.0–8.13.6, and 8.14.0–8.16.1. Impact is read access to arbitrary files (remote attacker). Fixed versions are 8.5.14, 8.13.6, 8.16.1, and 8.17.0; mitigations incl...
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
UBUNTU-CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
DEBIAN-CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...
Eclipse Jetty 安全漏洞
Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty versions 9.4.37.v20210219 through 9.4.38.v20210224, which stems from a default conformance mode that allows requests with URIs containing...
Unauthorized Access Vulnerability in Eas7 Integrated Management Platform of Tiandiweiye Technology Co.
Tiandiweiye is the world's leading intelligent security solution provider. Based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, Tiandiweiye provides intelligent video products, system solutions and high-quality technical services for public...
Security Bulletin: HTTP Trace Method is enabled
Summary HTTP Trace Method is enabled Vulnerability Details Third Party Entry: PSIRT-ADV0017246 DESCRIPTION: Created from Advisory: ADV0017246 CVSS Base score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products and Versions Affected Products| Versions ---|--- UCD - IBM...
Opening 404 page (page not found) without user session will open 404 page instead of opening login page.
h3. Issue Summary Opening a random page on Confluence with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information...