Unexpected command execution in untrusted VCS repositories in cmd/go

...

SUSE CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. PoC 1 login into the...

find_dvcs

This plugin search git, hg, bzr, svn or cvs repositories and checks for files containing. For example, if the input is: http://host.tld/w3af/index.php The plugin will perform requests to: http://host.tld/w3af/.git/index http://host.tld/w3af/.gitignore http://host.tld/w3af/.hg/store/fncache...

[SECURITY] Fedora 12 Update: pootle-2.1.2-1.fc12

Pootle is web application for managing distributed or crowdsourced translation. It's features include:: Translation of Gettext PO and XLIFF files. Translation of monolingual files subtitles, Java properties, etc Submitting to remote version control systems VCS. Managing groups of translators Onli...

[SECURITY] Fedora 13 Update: pootle-2.1.2-1.fc13

Pootle is web application for managing distributed or crowdsourced translation. It's features include:: Translation of Gettext PO and XLIFF files. Translation of monolingual files subtitles, Java properties, etc Submitting to remote version control systems VCS. Managing groups of translators Onli...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. Version control systems Modern version control systems such as CVS, Subversion, or commercial products can and sometimes quit...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. The introduction of any technology is associated with costs and risks in one way or another. This applies to backup as much a...