9.8
CVSSv3

CVE-2019-11580

Published: 03/06/2019 Updated: 19/04/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 674
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 prior to 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 prior to 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 prior to 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 prior to 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 prior to 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian crowd

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at confluenceatlassiancom/x/3ADVOQ CVE ID: * CVE-2019-11580 Product: Crowd and Crowd Data Center Affected Crowd and Crowd Data Center product versions: 210 <= version < 305 310 <= version < 316 320 <= version < 3 ...

Github Repositories

CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE

CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE Usage: python CVE-2019-11580py xxxxxxxx/ Crowd-2110 Vuln_Version Donwload product-downloadsatlassiancom/software/crowd/downloads/atlassian-crowd-2110targz Powered by Atlassian Crowd Version: 2110 (Build:#725 - 2017-01-11) 101020166:8095/crowd/admin/uploadpluginaction 101

A CVE-2019-11580 shell

CVE-2019-11580 A CVE-2019-11580 shell for exploit vulnerability remotely

A CVE-2019-11580 shell

CVE-2019-11580 A CVE-2019-11580 shell for exploit vulnerability remotely

Exploit CVE 2019 11580

CVE_2019_11580 Exploit CVE 2019 11580

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

前言 基于零组公开漏洞库 如何添加新的文章 先检查本地仓库是否为最新版本 找到对应分类或新建分类,新建Markdown文件,文件名为漏洞标题 Markdown文件内添加漏洞详情 图片保存到当前Markdown文件路径下的`/resource/文件名/mdeia/` 目录,Markdown插入时使用相对路径 按时间倒序在Change Log中添

在线漏洞平台

前言 基于零组公开漏洞库 如何添加新的文章 先检查本地仓库是否为最新版本 找到对应分类或新建分类,新建Markdown文件,文件名为漏洞标题 Markdown文件内添加漏洞详情 图片保存到当前Markdown文件路径下的`/resource/文件名/mdeia/` 目录,Markdown插入时使用相对路径 按时间倒序在Change Log中添

前言 基于零组公开漏洞库 + PeiQi文库 Change Log 2021-04-18 安天 高级可持续威胁安全检测系统 越权访问漏洞 2021-04-17 飞鱼星 家用智能路由 cookiecgi 权限绕过 2021-04-17 Coremail邮箱系统 目录穿越泄漏后台漏洞 2021-04-17 SmartBi全版本 SQl注入 任意文件上传漏洞 2021-04-17 金山终端安全系统 V8 V9文件上

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

漏洞研究 关于漏洞研究,我想引用图南&Veraxy@QAX CERT这篇文章《一个简单的 RCE 漏洞到底能挖出什么知识》中的一段话来给出我的理解: 漏洞研究其实不应该只盯着漏洞本身,漏洞可以扩展的知识点太多了: 偏应用架构:了解这个软件/组件/中间件是干什么的的、尝试搭建起来写点

漏洞研究 关于漏洞研究,我想引用图南&Veraxy@QAX CERT这篇文章《一个简单的 RCE 漏洞到底能挖出什么知识》中的一段话来给出我的理解: 漏洞研究其实不应该只盯着漏洞本身,漏洞可以扩展的知识点太多了: 偏应用架构:了解这个软件/组件/中间件是干什么的的、尝试搭建起来写点

漏洞索引 Program List 开源产品、国外应用软件 应用列表 国产应用软件 Program List Apache APISIX Apache Druid Apache Flink Apache HTTP Server Apache JSPWiki Apache OFBiz Apache ShenYu Apache SkyWalking Apache Solr Apache Storm Apache Struts2 Atlassian Confluence Atlassian Crowd Atlassian Jira Citrix Cisco ECShop Exchange F5 BIG-IP Gitlab Grafana Harbo

漏洞索引 Program List 开源产品、国外应用软件 应用列表 国产应用软件 Program List Apache APISIX Apache Druid Apache Flink Apache HTTP Server Apache JSPWiki Apache OFBiz Apache ShenYu Apache SkyWalking Apache Solr Apache Storm Apache Struts2 Atlassian Confluence Atlassian Crowd Atlassian Jira Citrix Cisco ECShop Exchange F5 BIG-IP Gitlab Grafana Harbo

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

漏洞索引 Program List 开源产品、国外应用软件 应用列表 国产应用软件 Program List Apache APISIX Apache Druid Apache Flink Apache HTTP Server Apache JSPWiki Apache OFBiz Apache ShenYu Apache SkyWalking Apache Solr Apache Storm Apache Struts2 Atlassian Confluence Atlassian Crowd Atlassian Jira Citrix Cisco ECShop Exchange F5 BIG-IP Gitlab Grafana Harbo

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

SecBooks 各大文库公众号文章收集,部分文库使用gitbook部署;部分公众号使用杂散文章为主。 使用插件 "hide-element", "back-to-top-button", "-lunr", "-search", "search-pro", "splitter" #目录自动生成插件(book sm) npm install -g gitbook-summ

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\cvescan\critical\CVE-2018-1

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr