CVE-2014-2313
https://notcve.org/view.php?id=CVE-2014-2313
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Importers en Atlassian JIRA anterior a 6.0.5 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-5319
https://notcve.org/view.php?id=CVE-2013-5319
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. Vulnerabilidad XSS en secure/admin/user/views/deleteuserconfirm.jspen el panel de administración de Atlassian JIRA anterior a 6.0.5, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "name" en secure/admin/user/DeleteUser!default.jspa. • http://cxsecurity.com/issue/WLB-2013080065 http://packetstormsecurity.com/files/122721 http://secunia.com/advisories/54417 http://www.securityfocus.com/bid/61647 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5151.php https://jira.atlassian.com/browse/JRA/fixforversion/33790 https://jira.atlassian.com/i#browse/JRA-34160 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=33790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2928
https://notcve.org/view.php?id=CVE-2012-2928
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. El complemento Gliffy para Atlassian JIRA v3.7.1, y en version anteriores ala v4.2 para Atlassian Confluence, no restringe correctamente las capacidades de los analizadores XML de tercer nivel, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. • http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia.com/advisories/49166 http://www.securityfocus.com/bid/53595 https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2926 – Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2012-2926
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. Atlassian JIRA antes de v5.0.1; Confluence antes de v3.5.16, v4.0 antes de v4.0.7, y v4.1 antes del v4.1.10; 'FishEye and Crucible' antes de v2.5.8, v2.6 antes de v2.6.8, y v2.7 antes de v2.7.12; Bamboo antes de v3.3.4 y v3.4.x antes de v3.4.5, y Crowd antes de v2.0.9, v2.1 antes de v2.1.2, v2.2 antes de v2.2.9, v2.3 antes de v2.3.7 y v2.4 antes de v2.4.1 no restringen correctamente las capacidades de los analizadores XML de de terceros, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. • https://www.exploit-db.com/exploits/37218 http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia •
CVE-2012-2927
https://notcve.org/view.php?id=CVE-2012-2927
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. El complemento "Software TM Tempo" para Atlassian JIRA antes de v6.4.3.1 , v6.5.x antes de v6.5.0.2 y v7.x antes de v7.0.3 no tiene restringe correctamente las capacidades de los analizadores XML de terceros, lo que permite provocar una denegación de servicio (por excesivo consumo de recursos) a usuarios remotos autenticados a través de vectores no especificados. • http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia.com/advisories/49166 http://www.securityfocus.com/bid/53595 https://exchange.xforce.ibmcloud.com/vulnerabilities/75697 • CWE-399: Resource Management Errors •