Exploit for OS Command Injection in Exiftool_Project Exiftool

Introduction CVE-2022-23935 exploit PoC exiftool...

OESA-2023-1059 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

By Waqas Several fake ChatGPT clone apps have surfaced on the official iOS and Play Stores, collecting user data and sending it to remote servers. This is a post from HackRead.com Read the original post: ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store...

@unete/cli (>=1.0.0-13 <=1.0.0-17), bootcamp-cli (=0.0.1) potentially affected by CVE-2024-21531 via git-shallow-clone (=0.0.2)

git-shallow-clone NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on git-shallow-clone and may be impacted: - @unete/cli =1.0.0-13, =1.0.0-17 - bootcamp-cli =0.0.1 Source cves: CVE-2024-21531 Source advisory:...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. PoC javascript const clone =...

[SECURITY] Fedora 36 Update: rust-bat-0.21.0-6.fc36

Cat1 clone with wings...

[SECURITY] Fedora 37 Update: rust-bat-0.21.0-6.fc37

Cat1 clone with wings...

Fedora: Security Advisory for rust-bat (FEDORA-2023-e3c8abd37e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

simple-git 安全漏洞

simple-git is a lightweight interface for running git commands in any node.js application. A security vulnerability exists in simple-git prior to version 3.16.0, which stems from the clone, pull, push, and listRemote methods not being properly cleaned up and escaped...

CVE-2022-25860

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

Git clone remote code execution vulnerability in git-for-windows

...

AZL-13025 CVE-2022-41953 affecting package git for versions less than 2.33.8-2

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

CVE-2022-41953

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

GSD-2023-1000925 dm clone: Fix UAF in clone_dtr()

dm clone: Fix UAF in clonedtr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit 856edd0e92f3fe89606b704c86a93daedddfe6ec, it wa...

WordPress MainWP Clone Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Clone Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23642 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID fedefb75fe08 Credits Dave Jong...

PT-2023-34002 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: A use-after-free UAF issue was discovered in the clone dtr function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v5.4 and is fix...

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

UK gov website being used to redirect to porn sites

TL;DR UK Government Environment Agency web site had an open redirect that was actively being used to redirect to various porn sites, including OnlyFans clone sites. Disclosure should have been easy but wasn’t, as the agency haven’t followed wider UK government policy on vulnerability disclosure...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1099)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...