Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crowd vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2013-3925
Atlassian Crowd 2.5.x prior to 2.5.4, 2.6.x prior to 2.6.3, 2.3.8, and 2.4.9 allows remote malicious users to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity decla...
Atlassian Crowd 2.5.2
Atlassian Crowd 2.5.1
Atlassian Crowd 2.5.3
Atlassian Crowd 2.5.0
Atlassian Crowd 2.6.0
Atlassian Crowd 2.6.1
Atlassian Crowd 2.6.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.3.8
1 Article
668
VMScore
CVE-2016-6496
The LDAP directory connector in Atlassian Crowd prior to 2.8.8 and 2.9.x prior to 2.9.5 allows remote malicious users to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
Atlassian Crowd
Atlassian Crowd 2.9.0
Atlassian Crowd 2.9.1
NA
CVE-2023-22521
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated malicious user to execute arbitrary code which has high ...
Atlassian Crowd
Atlassian Crowd 5.2.0
516
VMScore
CVE-2017-18109
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
Atlassian Crowd
Atlassian Crowd 3.1.0
356
VMScore
CVE-2017-18110
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote malicious users to read files from the filesystem via a XXE vulnerability.
Atlassian Crowd
Atlassian Crowd 3.1.0
534
VMScore
CVE-2017-18106
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for auth...
Atlassian Crowd
356
VMScore
CVE-2017-18107
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote malicious users to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled...
Atlassian Crowd
490
VMScore
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote malicious users to authenticate using an expired user session via an insufficient session expiration vulnerability.
Atlassian Crowd
605
VMScore
CVE-2017-18105
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources ...
Atlassian Crowd
578
VMScore
CVE-2017-18108
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
Atlassian Crowd
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »