zoukankan      html  css  js  c++  java
  • 应用安全

    CVE-2019-11580

    Date
    2019
    
    类型
    RCE
    
    影响范围
    Atlassian Crowd 3.4.3
    Atlassian Crowd 3.4
    Atlassian Crowd 3.3.4
    Atlassian Crowd 3.3.3
    Atlassian Crowd 3.3.1
    Atlassian Crowd 3.3
    Atlassian Crowd 3.2.1 - 3.2.7
    Atlassian Crowd 3.2
    Atlassian Crowd 3.1.5
    Atlassian Crowd 3.1
    Atlassian Crowd 3.0.4
    Atlassian Crowd 2.11.1
    Atlassian Crowd 2.11
    Atlassian Crowd 2.10.3
    Atlassian Crowd 2.10.1
    Atlassian Crowd 2.9.7
    Atlassian Crowd 2.9.1 - 2.9.5
    Atlassian Crowd 2.9
    Atlassian Crowd 2.8.8
    Atlassian Crowd 2.8.3
    Atlassian Crowd 2.7
    Atlassian Crowd 2.6.0 - 2.6.3
    Atlassian Crowd 2.5.3 - 2.5.4
    Atlassian Crowd 2.5.0 - 2.5.2
    Atlassian Crowd 2.4.9
    Atlassian Crowd 2.4.1
    Atlassian Crowd 2.4
    Atlassian Crowd 2.3.6 - 2.3.8
    Atlassian Crowd 2.3.1 - 2.3.4
    Atlassian Crowd 2.2.9
    Atlassian Crowd 2.2.7
    Atlassian Crowd 2.2.4
    Atlassian Crowd 2.2.2
    Atlassian Crowd 2.1.1 - 2.1.2
    Atlassian Crowd 2.1

    前置条件
    /crowd/admin/uploadplugin.action ---》返回400

    CVE-2018-20238

    Date
    2018
    
    类型
    身份验证绕过
    
    影响范围
    Atlassian Crowd 3.2.7之前版本和3.3.0版本至3.3.4之前版本中存在安全漏洞

    CVE-2017-18107

    Date
    2017
    
    漏洞类型
    XSS - 高危
    
    影响范围
    < Atlassian Crowd 3.1.1

    CVE-2017-18110

    Date
    2017
    
    类型
    XXE
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

    CVE-2017-18108

    Date
    2017
    
    漏洞类型
    代码注入
    
    影响范围
    <Atlassian Crowd 2.10.2之前版本

    CVE-2017-18106

    Date
    2017
    
    类型
    会话劫持
    
    影响范围
    <Atlassian Crowd 2.9.1

    CVE-2017-18105

    Date
    2017
    
    类型
    会话固定
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

    CVE-2017-18109

    Date
    2017
    
    类型
    输入验证错误漏洞
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中

    CVE-2017-16858

    Date
    2017
    
    类型
    crowd-application插件模块用户伪造漏洞
    
    影响范围
    Atlassian Crowd 1.5.0版本至3.1.2版本(不包括3.1.2版本)

    CVE-2016-10740

    Date
    2016
    
    类型
    远程目录密码漏洞
    
    影响范围
    Atlassian Crowd 2.10.1之前版本中存在安全漏洞

    CVE-2016-6496

    Date
    2016
    
    类型
    LADP注入导致RCE
    
    影响范围
    Atlassian Crowd 2.6.3
    Atlassian Crowd 2.3.8
    Atlassian Crowd 2.3.9
    Atlassian Crowd 1.5.3
    Atlassian Crowd 1.5.2
    Atlassian Crowd 1.5.1
    Atlassian Crowd 1.4.8
    Atlassian Crowd 1.4.7
    Atlassian Crowd 1.4.4
    Atlassian Crowd 1.4.3
    Atlassian Crowd 1.4.2
    Atlassian Crowd 1.4
    Atlassian Crowd 2.9.4
    Atlassian Crowd 2.9.3
    Atlassian Crowd 2.9.2
    Atlassian Crowd 2.9.1
    Atlassian Crowd 2.9
    Atlassian Crowd 2.6.2
    Atlassian Crowd 2.5.4
    Atlassian Crowd 2.5.3
    Atlassian Crowd 2.4.9
    Atlassian Crowd 2.7
    Atlassian Crowd 2.6.1
    Atlassian Crowd 2.6.0
    Atlassian Crowd 2.5.2
    Atlassian Crowd 2.5.1
    Atlassian Crowd 2.5.0
    Atlassian Crowd 2.4.2
    Atlassian Crowd 2.4.1
    Atlassian Crowd 2.3.7
    Atlassian Crowd 2.3.6
    Atlassian Crowd 2.3.4
    Atlassian Crowd 2.3.3
    Atlassian Crowd 2.3.2
    Atlassian Crowd 2.3.1
    Atlassian Crowd 2.2.9
    Atlassian Crowd 2.2.7
    Atlassian Crowd 2.2.4
    Atlassian Crowd 2.2.2
    Atlassian Crowd 2.1.2
    Atlassian Crowd 2.1.1
    Atlassian Crowd 2.0.9
    Atlassian Crowd 2.0.7
    Atlassian Crowd 2.0.6
    Atlassian Crowd 2.0.5
    Atlassian Crowd 2.0.4
    Atlassian Crowd 2.0.3
    Atlassian Crowd 2.0.2
    Atlassian Crowd 2.0.1
    Atlassian Crowd 1.6.3
    Atlassian Crowd 1.6.1
    Atlassian Crowd 1.6

    CVE-2013-3926

    Date
    2013
    
    类型
    Atlassian Crowd软件存在后门,允许任何人远程控制Crowd服务器,并损坏系统应用和数据
    
    影响范围
    <Atlassian Crowd 2.6.3

    CVE-2013-3925

    Date
    2013
    
    类型
    XML外部实体引用任意文件读取漏洞
    
    影响范围
    Atlassian Crowd 2.5.x
    Atlassian Crowd 2.6.x
    Atlassian Crowd 2.3.8
    Atlassian Crowd 2.3.9
  • 相关阅读:
    Autocomplete 使用——尽信书则不如无书!
    SQL累加注意点
    自己写的一个可行且简单的FTP操作类
    分割表值函数
    转载SQL游标
    一个存储过程包含了很多很多
    转载预防SQL注入攻击之我见
    Jquery温习1
    WMI远程启动软件(某个应用程序)
    struts如何实现国际化(转)
  • 原文地址:https://www.cnblogs.com/AtesetEnginner/p/12297208.html
Copyright © 2011-2022 走看看