Page 26 of 127 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el plugin Importers en Atlassian JIRA anterior a 6.0.5 permite a atacantes remotos crear archivos arbitrarios a través de vectores no especificados. • https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 2

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. Vulnerabilidad XSS en secure/admin/user/views/deleteuserconfirm.jspen el panel de administración de Atlassian JIRA anterior a 6.0.5, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "name" en secure/admin/user/DeleteUser!default.jspa. • http://cxsecurity.com/issue/WLB-2013080065 http://packetstormsecurity.com/files/122721 http://secunia.com/advisories/54417 http://www.securityfocus.com/bid/61647 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5151.php https://jira.atlassian.com/browse/JRA/fixforversion/33790 https://jira.atlassian.com/i#browse/JRA-34160 https://jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=33790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •