exploit the possibilities
Showing 1 - 25 of 50 RSS Feed

Files

Atlassian JIRA 8.11.1 User Enumeration
Posted Mar 10, 2021
Authored by Dolev Farhi

Atlassian JIRA version 8.11.1 suffers from a user enumeration vulnerability.

tags | exploit
advisories | CVE-2020-14181
MD5 | 0714aa88ecffa84268491301c15d682a

Related Files

Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting
Posted Jun 26, 2021
Authored by Captain_hook

Atlassian Jira Server / Data Center version 8.16.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-26078
MD5 | cf784a036af7c8f27e355469c33191ea
Atlassian Jira 8.15.0 Username Enumeration
Posted Jun 1, 2021
Authored by Mohammed Aloraimi

Atlassian Jira version 8.15.0 suffers from a username enumeration vulnerability.

tags | exploit
MD5 | 4b92e462658e679d7ad87e278f5d71dd
Atlassian Jira Service Desk 4.9.1 Cross Site Scripting
Posted Apr 7, 2021
Authored by Captain_hook

Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.

tags | exploit, xss, file upload
advisories | CVE-2020-14166
MD5 | 840e289057a75abee3ebef734b12ec0a
Gantt-Chart For Jira 5.5.4 Cross Site Scripting
Posted Aug 4, 2020
Authored by Sebastian Auwaerter

Gantt-Chart for Jira versions 5.5.4 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-15944
MD5 | 94808b4b06f1ab53f6751d0a04456ee8
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
Posted Aug 4, 2020
Authored by Sebastian Auwaerter

Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users.

tags | exploit
advisories | CVE-2020-15943
MD5 | 52b4993502b0e711055c769961f5bb65
Jira 8.3.4 Information Disclosure
Posted Feb 2, 2020
Authored by Mufeed VH

Jira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2019-8449
MD5 | 3cc6ad6b7584b810553e95e611e2c356
Jira Service Desk Server / Data Center Path Traversal
Posted Nov 8, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-15003, CVE-2019-15004
MD5 | 0b5fcfe5c5e79daa7fc9013b16f45ff0
Infosysta Jira 1.6.13_J8 User Name Disclosure
Posted Oct 28, 2019
Authored by Erik Steltzner, Sascha Heider, Fabian Krone

Infosysta Jira version 1.6.13_J8 suffers from a user name disclosure vulnerability.

tags | exploit
advisories | CVE-2019-16907
MD5 | d8eaa0fd58944cde06c22cc0a580a83a
Infosysta Jira 1.6.13_J8 Project List Authentication Bypass
Posted Oct 28, 2019
Authored by Erik Steltzner, Sascha Heider, Fabian Krone

Infosysta Jira version 1.6.13_J8 suffers from an authentication bypass vulnerability that allows you to see project lists.

tags | exploit, bypass
advisories | CVE-2019-16908, CVE-2019-16909
MD5 | 58b9e2b857edf27d3b79eed3151ffa98
Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass
Posted Oct 28, 2019
Authored by Erik Steltzner, Sascha Heider, Fabian Krone

Infosysta Jira version 1.6.13_J8 suffers from an authentication bypass vulnerability that allows you to see push notifications for a given user.

tags | exploit, bypass
advisories | CVE-2019-16906
MD5 | e978dd491985424573c50baaaec4bc19
Jira Server / Data Center Template Injection
Posted Sep 25, 2019
Authored by Atlassian

Jira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to 7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.

tags | advisory
advisories | CVE-2019-15001
MD5 | c9f6b4eac4f5ce4658f8f2f1eb712aea
Jira Service Desk Server And Data Center Path Traversal
Posted Sep 22, 2019
Authored by Atlassian

Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2019-14994
MD5 | 2cafb83261ba57820b981e48d69e5d22
Jira Server / Data Center Template Injection
Posted Jul 23, 2019
Authored by Anton Black

Jira Server and Data Center products suffer from a template injection vulnerability. Many versions are affected.

tags | advisory
advisories | CVE-2019-11581
MD5 | e5f348d745031e276bcd819325bad206
Atlassian Jira Authenticated Upload Code Execution
Posted Nov 14, 2018
Authored by Alexander Gonzalez | Site metasploit.com

This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin Manager(UPM). The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request against the UPM component. The check command will test the validity of user supplied credentials and test for access to the plugin manager.

tags | exploit
MD5 | cf80c47ca31e937db6c99f242138638c
Debian Security Advisory 3950-1
Posted Aug 23, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-6886, CVE-2017-6887
MD5 | 6b2dcf3f03044b5b372b42ba49189156
Ubuntu Security Notice USN-3309-2
Posted Jul 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3309-2 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
MD5 | d9adc4a5e568efdb1a578bb72c43a3d3
Ubuntu Security Notice USN-3309-1
Posted Jun 5, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3309-1 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6891
MD5 | 949e7196ad87a00fcaf7ce74a57a51f8
Ubuntu Security Notice USN-3306-1
Posted Jun 1, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3306-1 - Agostino Sarubbo and Jakub Jirasek discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-7585, CVE-2017-7586, CVE-2017-7741, CVE-2017-7742, CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
MD5 | 505798742cdc6a942c1726695da1c6ae
Debian Security Advisory 3861-1
Posted May 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3861-1 - Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2017-6891
MD5 | 788c0ad49d20fd8197c64ffb108a18ec
Atlassian Jira 7.1.7 Cross Site Scripting
Posted Jan 17, 2017
Authored by Roberto Soares

Tempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira version 7.1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-6285
MD5 | e6472969a5940d87f287d0be2baf9fe3
JIRA Artezio Board 1.4 Cross Site Scripting / Information Disclosure
Posted Jun 25, 2016
Authored by Omkar Joshi

JIRA Artezio Board plugin version 1.4 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 1c24a60ec3d8149cf3299c47754c5fa1
JIRA Mail.ru Calendar 2.4.2.50_JIRA6 Cross Site Scripting
Posted Jun 25, 2016
Authored by Omkar Joshi

JIRA Mail.ru Calendar plugin version 2.4.2.50_JIRA6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 99b64dd1a3498c91c31b5c034707f0b5
Atlassian Jira 6.1.4 Cross Site Scripting
Posted Jan 27, 2016
Authored by Razvan Cernaianu

Atlassian Jira versions 6.1.4 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f2066524c8844fcd389f6136cb11be05
Atlassian HipChat for Jira Plugin Velocity Template Injection
Posted Dec 4, 2015
Authored by sinn3r, Chris Wood | Site metasploit.com

Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collaboration at real time. A message can be used to inject Java code into a Velocity template, and gain code execution as Jira. Authentication is required to exploit this vulnerability, and you must make sure the account you're using isn't protected by captcha. By default, Java payload will be used because it is cross-platform, but you can also specify which native payload you want (Linux or Windows). HipChat for Jira plugin versions between 1.3.2 and 6.30.0 are affected. Jira versions between 6.3.5 and 6.4.10 are also affected by default, because they were bundled with a vulnerable copy of HipChat. When using the check command, if you supply a valid username and password, the module will be able to trigger the bug and check more accurately. If not, it falls back to passive, which can only tell if the target is running on a Jira version that is bundled with a vulnerable copy of Hipchat by default, which is less reliable. This vulnerability was originally discovered internally by Atlassian.

tags | exploit, java, web, code execution
systems | linux, windows
advisories | CVE-2015-5603
MD5 | a54781f03c289243bbf8ac03e090245a
Endian Firewall Proxy Password Change Command Injection
Posted Sep 7, 2015
Authored by Ben Lincoln | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd (which changes the password for the Linux root account on the system to the value specified by console input once it is executed). The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use (http://jira.endian.com/browse/UTM-1002). Versions 2.3.x and 2.4.0 are not vulnerable because of a similar bug (http://bugs.endian.com/print_bug_page.php?bug_id=3083). Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.2, 2.5.1, 2.5.2. Should function against any version from 1.1 RC5 to 2.2.x, as well as 2.4.1 and 2.5.x.

tags | exploit, web, local, cgi, root, php
systems | linux
advisories | CVE-2015-5082
MD5 | 2da9577bea5e5b9856246321c15b9a23
Page 1 of 2
Back12Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close