what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from David Black

Email addressdblack at atlassian.com
First Active2015-09-02
Last Active2018-02-09
Fisheye / Crucible Remote Code Execution
Posted Feb 9, 2018
Authored by David Black | Site atlassian.com

Fisheye and Crucible suffer from a remote code execution vulnerability through OGNL double evaluation. Versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-16861
SHA-256 | 35ef4535e3daa3e68378bcdc040495f7a74cf8f45f2407bd08ca9a68199b42e0
SourceTree Remote Code Execution
Posted Sep 7, 2017
Authored by David Black | Site atlassian.com

SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.

tags | advisory, remote, vulnerability, code execution
systems | windows
advisories | CVE-2017-1000115, CVE-2017-1000116, CVE-2017-1000117, CVE-2017-9800
SHA-256 | 1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761
Confluence 6.0.x Information Disclosure
Posted Apr 26, 2017
Authored by David Black | Site atlassian.com

The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.

tags | advisory, web, info disclosure
advisories | CVE-2017-7415
SHA-256 | 81936b182168b27dc4d9e1c13e26ed7b479fb032c93be23162cb3365c172323e
Crowd LDAP Java Object Injection
Posted Oct 31, 2016
Authored by David Black

This advisory discloses a critical severity security vulnerability which was introduced in version 1.4.1 of Crowd. Versions of Crowd starting with 1.4.1 before 2.8.8 (the fixed version for 2.8.x) and from 2.9.0 before 2.9.5 (the fixed version for 2.9.x) are affected by this vulnerability. The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries.

tags | advisory, remote, code execution
advisories | CVE-2016-6496
SHA-256 | 00e91976667b938daa14e3aa6743fb0498e57d84e1eb456c7cb1f29f942fcf81
Atlassian HipChat Secret Key Disclosure
Posted Oct 6, 2016
Authored by David Black

The Atlassian HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.

tags | advisory, info disclosure
advisories | CVE-2016-6668
SHA-256 | 345b646185427493eb236fd026b44691cfbcfec6cebe1f1fb55177bfcea28fd7
Bamboo Deserialization Issue
Posted Jul 26, 2016
Authored by David Black, Moritz Bechler

This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2016-5229
SHA-256 | dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4
Hipchat Server Remote Code Execution / File Read / SSRF
Posted May 14, 2016
Authored by David Black

HipChat Server versions below 2.0 build 1.4.1 suffer from vulnerabilities including code execution, insufficient shell characters, file deletion, file moving, local file read, and Server-Side Request Forgery.

tags | advisory, shell, local, vulnerability, code execution
SHA-256 | 51f7ff56cb32406c73d6232aee84e2cf2951d8dbfedaba6c3b94f1aa3ec2d083
Bamboo Deserialization / Missing Authentication Checks
Posted Jan 22, 2016
Authored by David Black

Bamboo suffers from deserialization and missing authentication check vulnerabilities. This advisory discloses multiple critical severity security vulnerabilities of which the earliest vulnerability was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.9.9 (the fixed version for 5.9.x) are vulnerable.

tags | advisory, vulnerability
advisories | CVE-2014-9757, CVE-2015-8360, CVE-2015-8361
SHA-256 | 27f3a84e5ff5328e43491d29c853f00c327b6ccf574c0b242b8a87e43667a2da
Bamboo Java Code Execution
Posted Oct 23, 2015
Authored by David Black

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface.

tags | advisory, java, web, arbitrary
advisories | CVE-2015-6576
SHA-256 | d92d7a7741f8085d106c9c636c2d5147d69c3234f902a1eccb57a0203ec89b96
Jira / HipChat For Jira Java Code Execution
Posted Sep 2, 2015
Authored by David Black

It was discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA. All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability. All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.

tags | advisory, java, web
advisories | CVE-2015-5603
SHA-256 | 83c334c08327df0dc9754cc92b35813430f7bacb3e42061816848445100e76f0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close