CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

Updated gitolite packages fix security vulnerability

Updated gitolite package fixes security vulnerability: Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow...

UPDATED VERSION: RouterSploit 3.4.0

PenTestIT RSS Feed RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The...

Important: gitolite3

Issue Overview: Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

[SECURITY] Fedora 28 Update: gitolite3-3.6.9-1.fc28

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

CVE-2018-16976

Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

CVE-2018-16976

CVE-2018-16976 affects gitolite prior to 3.6.9. Multiple advisories describe a race condition of repos that are “in the process of being migrated”; under certain configurations (involving @all or a regex) this can allow valid users to obtain unintended access before migration completes. Connected...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...

GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...

Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 the fixed version for 4.14.x, from version 5.0.0 before 5.0.9 the fixed version for 5.0.x, from version 5.1.0 before 5.1.8 the fixed version for 5.1.x, from version 5.2.0 before 5.2.6 the fixed...

gOSINT - Open Source Intelligence Framework

gOSINT is a small OSINT framework in golang, it's actually in development and still not ready for production if you want, feel free to contribute! What gOSINT can do Find mails from git repository Find Dumps for mail address Search for mail address linked to domain/mail address in PGP keyring...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

CVE-2017-1000451

CVE-2017-1000451 affects fs-git version 1.0.1, a file-system-like API for Git repositories. The root cause is the buildCommand function used to construct exec strings not sanitizing input, making any code path that calls child_process.exec vulnerable to command injection. This could allow an atta...

Updated openssl packages fix security vulnerabilities

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points ...

[SECURITY] [DLA 1148-1] golang security update

Package : golang Version : 2:1.0.2-1.1+deb7u2 CVE ID : CVE-2017-15041 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points...

FruityWifi: An Open Source Wireless Network Auditor

PenTestIT RSS Feed Continuing with my current interest with Raspberry Pi based security tools again. My last post was about P4wnP1. This post is about FruityWiFi an open source tool that helps you with wireless network auditing. What is FruityWifi? FruityWifi is an open source tool based on WiFi...

SmoothCriminal Update: Additional Sandbox Detection Methods

PenTestIT RSS Feed About three months ago, I had written about a tool which helps you detect sandboxes using cursor movements. I was extremely busy, by the author of this tool - @G4lB1t was king enough to bring to my notice that it was about a SmoothCriminal update. This update brings in addition...

Exploits

Exploits Containing Self Made Perl Reproducers / PoC Codes -...

[ASA-201710-15] go: arbitrary command execution

Arch Linux Security Advisory ASA-201710-15 ========================================== Severity: High Date : 2017-10-12 CVE-ID : CVE-2017-15041 Package : go Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-442 Summary ======= The package go before version...