7.5
CVSSv2

CVE-2019-11580

Published: 03/06/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 672
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 prior to 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 prior to 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 prior to 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 prior to 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 prior to 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at confluenceatlassiancom/x/3ADVOQ CVE ID: * CVE-2019-11580 Product: Crowd and Crowd Data Center Affected Crowd and Crowd Data Center product versions: 210 <= version < 305 310 <= version < 316 320 <= version < 3 ...

Github Repositories

Exploit CVE 2019 11580

CVE_2019_11580 Exploit CVE 2019 11580

CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE

CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE Usage: python CVE-2019-11580py xxxxxxxx/ Crowd-2110 Vuln_Version Donwload product-downloadsatlassiancom/software/crowd/downloads/atlassian-crowd-2110targz Powered by Atlassian Crowd Version: 2110 (Build:#725 - 2017-01-11) 101020166:8095/crowd/admin/uploadpluginaction 101

A CVE-2019-11580 shell

CVE-2019-11580 A CVE-2019-11580 shell for exploit vulnerability remotely

A CVE-2019-11580 shell

CVE-2019-11580 A CVE-2019-11580 shell for exploit vulnerability remotely

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

在线漏洞平台

前言 基于零组公开漏洞库 如何添加新的文章 先检查本地仓库是否为最新版本 找到对应分类或新建分类,新建Markdown文件,文件名为漏洞标题 Markdown文件内添加漏洞详情 图片保存到当前Markdown文件路径下的`/resource/文件名/mdeia/` 目录,Markdown插入时使用相对路径 按时间倒序在Change Log中添

前言 基于零组公开漏洞库 如何添加新的文章 先检查本地仓库是否为最新版本 找到对应分类或新建分类,新建Markdown文件,文件名为漏洞标题 Markdown文件内添加漏洞详情 图片保存到当前Markdown文件路径下的`/resource/文件名/mdeia/` 目录,Markdown插入时使用相对路径 按时间倒序在Change Log中添

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr