25 matches found
Atlassian Confluence Server - Path Traversal
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
VulnCheck KEV: CVE-2019-3369
Atlassian Confluence and Data Center is vulnerable to a remote code execution vulnerability in the 'widget connector' component. The issue lies in a server-side template injection weakness...
Exploit for Path Traversal in Atlassian Confluence_Server
Confluence unauthorize template injection CVE-2019-3396...
QIWI: Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int
Summary This report describes a combination of two separate vulnerabilities in two separate services. This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. Vulnerability 1 Jira at https://jira.tochka.com is vulnerabl...
Atlassian Confluence 6.13.x < 6.13.3 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.6.12, 6.7.x prior to 6.12.3, 6.13.x prior to 6.13.3, or 6.14.x prior to 6.14.2. It is, therefore, affected by the following vulnerabilities : - A server-side request forger...
Atlassian Confluence 6.14.x < 6.14.2 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.6.12, 6.7.x prior to 6.12.3, 6.13.x prior to 6.13.3, or 6.14.x prior to 6.14.2. It is, therefore, affected by the following vulnerabilities : - A server-side request forger...
Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities
Binary data 700661.prm...
Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...
Atlassian Confluence and Data Center Remote Code Execution (CVE-2019-3396)
A remote code execution vulnerability exists in the Widget Connector component of Atlassian Confluence and Data Center. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation could result in execution of arbitrary code on the...
Atlassian Confluence Widget Connector Macro Velocity Template Injection
Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is...
Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Template Injection
According to the tests performed by Nessus, the remote host is affected by the following vulnerability: - A server-side template injection exists in the Widget Connector due to improper input validation. An attacker can exploit this, via unspecified vectors, to traverse directories or execute...
Atlassian Confluence Server Server-Side Template Injection Vulnerability
Atlassian Confluence Server is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server. The vulnerability can be exploited by a remote...
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
Path traversal
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
CVE-2019-3396
CVE-2019-3396 – Atlassian Confluence Widget Connector SSTI RCE : A server-side template injection flaw in the Widget Connector macro allows remote attackers to perform path traversal and achieve remote code execution on Confluence Server/Data Center. Fixes are in Confluence versions: 6.6.12 (6.6....
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
Confluence Unauthorized RCE Vulnerability
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...
CVE-2019-3396
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...