PT-2018-16202 · Unknown · Git-Dummy-Commit

Name of the Vulnerable Software and Affected Versions: git-dummy-commit version 1.3.0 Description: A command injection issue allows OS level commands to be executed due to an unescaped parameter. Recommendations: For git-dummy-commit version 1.3.0, consider restricting the use of the vulnerable...

Git-fastclone passes user modifiable strings directly to a shell command

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...

GHSA-MF6W-45CF-QHMP Git-fastclone passes user modifiable strings directly to a shell command

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...

GHSA-8GG6-3R63-25M8 git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

openSUSE Security Update : cgit (openSUSE-2018-864)

This update for cgit to version 1.2.1 fixes the following issues : The following security vulnerability was addressed : - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made : - Update to upstream...

[SECURITY] Fedora 28 Update: cgit-1.1-11.fc28

Cgit is a fast web interface for git. It uses caching to increase performa nce...

[SECURITY] Fedora 27 Update: cgit-1.1-11.fc27

Cgit is a fast web interface for git. It uses caching to increase performa nce...

cgit 1.2.1 - Directory Traversal Exploit

Exploit for linux platform in category local exploits Title: cgit 1.2.1 - Directory Traversal Metasploit Author: Dhiraj Mishra Software: cgit Link: https://git.zx2c4.com/cgit/ CVE: CVE-2018-14912 This module exploits a directory traversal vulnerability which exists in cgit 'cgit Directory...

CMSeeK v1.0.7 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 50 Other CMSs)

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.7 07-08-2018 - Version 1.0.6...

Security update for cgit (moderate)

This update for cgit to version 1.2.1 fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made: - Update to upstream...

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

[SECURITY] Fedora 28 Update: libgit2-0.26.6-1.fc28

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Debian: Security Advisory (DLA-1459-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Copycat Kali, with mykali for Kali Linux

If you’re anything like me, you like to customise your environment quite a bit. I do most of my work from a Kali Linux VM which has had a plethora of changes made to it. I like to use i3 instead of gnome, I’ve a ton of git repositories cloned, packages installed, custom configuration files and...

Block.one: [FG-VD-18-126] Buffer Overflow Vulnerability in Latest EOS's EOSIO.WASMSDK Repository II

Hello Block.One / EOS Product Security Team, Good Afternoon. There exists a Memory Corruption vulnerability in the latest EOS WASMSDK Library. The PoC.wasm file is attached along with this report. Reproduction Steps: - 1 Fetch latest EOS WASMSDK repsository from...

Debian DSA-4263-1 : cgit - security update

Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' default is not turned off. C Tenable...

UBUNTU-CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

Design/Logic Flaw

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...