Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

Arbitrary File Read

redmine allows arbitrary file read. Insufficient input validation in the Git repository allows users to read arbitrary local files that are accessible by the application server process...

CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process...

Redmine 输入验证错误漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . An input validation error vulnerability exists in Redmine versions prior to 4.0.9, 4.1.x series...

PT-2021-4575 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.0.9 Redmine versions 4.1.x prior to 4.1.3 Redmine versions 4.2.x prior to 4.2.1 Description: The issue is related to insufficient input validation in the Git repository integration of Redmine, allowing remote...

GO-2021-0098 Arbitrary code execution on Windows in github.com/git-lfs/git-lfs

Due to the standard library behavior of exec.LookPath on Windows a number of methods may result in arbitrary code execution when cloning or operating on untrusted Git repositories...

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...

MangaDex Site Offline Following Hacking Incident

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. Last week, the site reported that a cyberattacker had gained access to an administrative account, “through the reuse of a session token found in an old database leak throug...

Remote Code Execution (RCE)

Golang is vulnerable to remote code execution. When executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly, it is only vulnerable in GOPATH mode, but not in module mode the distinction is documented at...

Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git...

Command Injection

Overview git-archive is a module to take a bare git repo, archive it, and export it as a tarball to a given path Affected versions of this package are vulnerable to Command Injection via the exports function. Remediation There is no fixed version for git-archive. Credit: JHU System Security Lab...

Default credentials

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...

CVE-2020-15187

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

PT-2020-14258 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: A Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs...

Kubernetes: exposed Git Repo at http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io/.git/

Dear Security team, If this report is out of scope, please let me know and I will close the report myself I found a git repository on http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io/.git/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this...

CVE-2020-9708

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of th...

CVE-2020-9708

CVE-2020-9708 describes a path traversal in the resolveRepositoryPath function that does not properly validate input, allowing a malicious user to traverse to any valid Git repository outside the repoRoot and potentially access private repositories. Public documents (NVD/NVD entry) note a high-se...

Fedora 31 : coturn (2020-9eadf517de)

Coturn 4.5.1.3 ============== - merge PR 575: Fix rpm packaging - merge PR 576: Tell tar to not include the metadata into release - merge PR 574: Change Docker turnserver.conf to latest turnserver.conf - merge PR 566: Remove reference to SSLv3 - merge PR 579: Ignore MD5 for BoringSSL - merge PR...

h1-ctf: [H1-2006 2020] From multiple vulnerabilities to complete ATO on any customer account and staff admin

First of all, thanks for the awesome CTF. I enjoyed it very much : Summary The CTF was about helping HackerOne's beloved CEO, @martenmickos, to approve May bug bounty payments after he has lost his login details for BountyPay. It all started with this tweet: F860982 And as you all know, I had to...

h1-ctf: [H1-2006 2020] In-depth resolution of the h1-2006 CTF

H1-2006 Write-up bountypay.h1ctf.com First of all, huge thanks to the creators for this CTF, it was really fun and got me to improve a lot ! It was my first h1 ctf, and it for sure won't be my last ! For this report, I'll try to define for each step : an abstract of what was the bug the real life...