ManageEngine ADAudit Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode server i...

CLSA-2024-1725012440 git: Fix of 2 CVEs

CVE-2024-32004: fetch/clone: detect dubious ownership of local repositories - CVE-2024-32465: upload-pack: disable lazy-fetching by default...

PT-2024-31495

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing a bit string that doesn't properly decode into a...

CVE-2024-43785

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide that originated from not eliminating line breaks, backspaces, or control characters that appear in repository paths, author and committer names, commit message...

PT-2024-30655 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometim...

GO-2023-1887 1Panel vulnerable to command injection when adding container repositories in github.com/1Panel-dev/1Panel

1Panel vulnerable to command injection when adding container repositories in github.com/1Panel-dev/1Panel...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

BIT-GITLAB-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

CVE-2024-3035

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

CVE-2024-3035

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

UBUNTU-CVE-2024-3035

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

CVE-2024-3035

CVE-2024-3035 is a GitLab CE/EE permission-check vulnerability affecting all versions from 8.12 up to 17.0.6, 17.1 up to 17.1.4, and 17.2 up to 17.2.2, allowing LFS tokens to read and write to user-owned repositories. Root cause: permission check flaw in the LFS path. Impact: read/write access to...

CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

CVE-2024-3035

Removed by vendor...

PT-2024-5510 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.12 through 17.0.5 GitLab CE/EE versions 17.1 through 17.1.3 GitLab CE/EE versions 17.2 through 17.2.1 Description: The issue is related to an error in handling LFS tokens, which can be exploited by a remote attacker to...

CLSA-2024-1722529344 git: Fix of CVE-2024-32004

CVE-2024-32004: detect dubious ownership of local repositories, backport the necessary functions...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

PoC exploit for CVE-2024-32002, a remote code execution vulnerab...

Important: composer

Issue Overview: Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories...