7 matches found
EUVD-2012-4435
Malware in sbrugna...
Code injection
The parsecmd function in lib/gitlabshell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories...
CVE-2013-4583
Removed by vendor...
Improper Privilege Management
The parsecmd function in lib/gitlabshell.rb allows remote authenticated users to gain privileges and clone arbitrary repositories...
Directory traversal
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...
CVE-2012-4506
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. dot dot in a repository name...
CVE-2012-4506
CVE-2012-4506 affects gitolite 3.x prior to 3.1. When wild card repositories are used and a pattern matching ".." is enabled, a directory traversal vulnerability can allow remote authenticated users to create arbitrary repositories and potentially perform other actions via a ".." in a repository ...