17 matches found
gitWeb v1.5.2 Remote Command Execution
No description provided by source. Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command...
gitWeb 1.x Remote Command Execution
Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.X Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code:...
gitWeb 1.5.2 - Remote Command Execution
gitWeb 1.5.2 - Remote Command Execution Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind...
gitWeb 1.5.2 - Remote Command Execution
Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command execution ; Vulnerable functions in...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)
It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2008-3546 It was discovered that t...
Gentoo Security Advisory GLSA 200903-15 (git)
The remote host is missing updates announced in advisory GLSA 200903-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
git: Multiple vulnerabilties
Background GIT - the stupid content tracker, the revision control system used by the Linux kernel team. Description Multiple vulnerabilities have been reported in gitweb that is part of the git package: Shell metacharacters related to gitsearch are not properly sanitized CVE-2008-5516. Shell...
Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)
New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-051-02. The text itself is copyright...
git
New git packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-3546 There are other security issues related to gitweb, which...
USN-723-1: Git vulnerabilities
It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2008-3546 It was discovered that t...
Debian Security Advisory DSA 1708-1 (git-core)
The remote host is missing an update to git-core announced via advisory DSA 1708-1. OpenVAS Vulnerability Test $Id: deb17081.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1708-1 git-core Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
The remote host is missing updates announced in advisory SUSE-SR:2009:001. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
Debian DSA-1708-1 : git-core - shell command injection
It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...
DSA-1708-1 git-core - remote code execution
Bulletin has no description...
CVE-2008-5517
The web interface in git gitweb 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to 1 gitsnapshot and 2 gitobject...
CVE-2008-5517
CVE-2008-5517 affects the Git web interface (gitweb) 1.5.x up to 1.5.5, where gitweb.cgi fails to sanitize input and can pass shell metacharacters to a shell via git_snapshot/git_object, enabling remote command execution. Connected advisories (Ubuntu USN-723-1, Slackware SSA-2009-051-02, OpenVAS ...
openSUSE 10 Security Update : git (git-5892)
Insufficient quoting of shell characters allowed remote attackers to execute arbitrary commands via the git web interface CVE-2008-5517 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update git-5892...