Web Server Exposed Git Repository Information Disclosure

An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information...

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories. Not yet officially announced, but Google started providing free beta access to its new...

FusionForge Git plugin is vulnerable

FusionForge is a collaborative team development environment , its main features include communication tools such as forums , news , etc. , development tools such as bug tracking , project management , etc. and community tools such as file distribution , software classification , etc..Git is one o...

Commix - Automated All-in-One OS Command Injection and Exploitation Tool

Commix short for command injection exploiter has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, ...

Authentication fails on Push to Stash

When I attempt to Push commit of a few dozen files to the Stash-hosted Git repository, I receive the attached error indicating an authentication failure...

USN-2470-1 git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that...

Fedora 19 : icecream-1.0.1-8.20140822git.fc19 (2014-10366)

This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...

TestLink 1.9.12 Multiple Vulnerabilities

TestLink versions 1.9.12 and below suffer from a path disclosure weakness and below suffer from a PHP object injection vulnerability in execSetResults.php ---------------------------------------------------------------- TestLink "; debugprintbacktrace; echo ""; 211. 212. else 213. 214. echo "";...

OpenSSL ECDSA Nonces恢复漏洞

CVE ID:CVE-2014-0076 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 OpenSSL椭圆曲线签名与校验ECDSA实现存在错误，允许攻击者通过FLUSH+RELOAD缓存边道攻击来获取nonce值并之后得出私钥。 0 OpenSSL 1.x 用户可参考厂商的GIT库以获得补丁修复此漏洞： http://www.openssl.org/...

[SECURITY] Fedora 19 Update: gitolite3-3.5.3.1-1.fc19

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

libguestfs security, bug fix, and enhancement update

1:1.20.11-2 - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz1019737 1:1.20.11-1 - Rebase to libguestfs 1.20.11. resolves: rhbz958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches...

phpMyAdmin 3.5.7 Cross Site Scripting Vulnerability

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability. Reflected XSS in phpMyAdmin 3.5.7 ==================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html...

phpMyAdmin 3.5.7 Cross Site Scripting

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

Git Repository Served by Web Server

The web server on the remote host allows read access to a Git repository. This potential flaw can be used to download content from the Web server that might otherwise be private. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

ViewGit "is a git web repository viewer that aims to be easy to set up and upgrade, light on dependencies, and comfortable to use." http://viewgit.fealdia.org/. ViewGit contains multiple persistent arbitrary script injection XSS vulnerabilities in its "Shortlog" and "Heads" tables. These...

[SECURITY] Fedora 17 Update: gitolite3-3.04-4.fc17

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

XSS in Horde Application Framework <=3.3.8, icon_browser.php

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...

Secunia Research: SWFTools Two Integer Overflow Vulnerabilities

====================================================================== Secunia Research 13/08/2010 - SWFTools Two Integer Overflow Vulnerabilities - ====================================================================== Table of Contents Affected...

Secunia Research: MantisBT "Add Category" Script Insertion Vulnerability

====================================================================== Secunia Research 05/08/2010 - MantisBT "Add Category" Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...

[SECURITY] Fedora 13 Update: gitolite-1.4.2-1.fc13

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...