10097 matches found
Design/Logic Flaw
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...
CVE-2016-9645
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...
CVE-2016-9645
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...
CVE-2016-9645
The CVE-2016-9645 entry concerns ikiwiki and an editing restriction bypass flaw arising from an incomplete fix for CVE-2016-10026. Affected component: ikiwiki (versions around 3.20161219) when using git with git versions older than 2.8.0, where reverting a revision could bypass page edit restrict...
CVE-2016-9645 Editing restriction bypass for git revert
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...
CVE-2016-9645
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...
53R3N17Y - Python Based Script For Information Gathering
Python based script for Information Gathering. Operating Systems Tested OSX El Capitan 10.11 Ubuntu 16.04 Backbox 5 Install MacOSX as root git clone https://github.com/abaykan/53R3N17Y.git /usr/local/share/serenity echo 'alias serenity="/usr/local/share/serenity && ./serenity"' /.zshrc cd...
[SECURITY] Fedora 28 Update: libgit2-0.26.3-1.fc28
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
Jenkins Git Plugin Information Disclosure Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the GitStatus.java file in Jenkins Git Plugin 3.7.0 and earlier versions. An attacker can exploit the vulnerability to obtain a list of nodes and users...
The Firmware Analysis and Comparison Tool: FACT
The Firmware Analysis and Comparison Tool formerly known as Fraunhofer’s Firmware Analysis Framework FAF is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files...
Information Disclosure
maven-scm-api is vulnerable to information disclosure attacks. If a git push command failed, the password is printed in plaintext to the logs...
[SECURITY] Fedora 27 Update: libgit2-0.26.3-1.fc27
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
Information Disclosure Through Authorization Bypass
Jenkins Git Plugin is vulnerable to information disclosure through authorization bypass. The vulnerability allows users without Overall/Read permission to submit search queries to retrieve a list of user names and node names...
CVE-2018-1000110
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...
Authorization
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000110
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000110
The CVE-2018-1000110 entry concerns the Jenkins Git Plugin (v3.7.0 and earlier). Root cause: GitStatus.java contains improper authorization, allowing an attacker with network access to enumerate a list of nodes and users via search endpoints (e.g., /search/suggest?query=x and /search/?q=x). Impac...
CVE-2018-1000110
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000110
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...
Spring data rest 远程代码执行(cve-2017-8046)
漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器,使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制,编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本: Spring...