Reposcanner - Python Script To Scan Git Repos For Interesting Strings

Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required python-git on Debian. Usage ./reposcanner -r Options: optional arguments: -h, --help sho...

fs-git command injection vulnerability

fs-git is an open source API file system. A command injection vulnerability exists in fs-git version 1.0.1. The vulnerability stems from the buildCommand method used to create the exec string fails to filter data properly, which can be exploited by an attacker to inject commands and call exec...

Updated mercurial packages fix security vulnerability

A specially malformed repository may have caused Git subrepositories to run arbitrary code CVE-2017-17458...

Updated w3m packages fix security vulnerability

The w3m package has been updated to a newer git snapshot to fix several security issues...

Command Injection

fs-git is vulnerable to command injection attacks. These attacks are possible because the buildCommand function doesn't sanitize data before constructing exec strings, allowing attackers to insert and execute commands...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Command injection

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

CVE-2017-1000451

CVE-2017-1000451 affects fs-git version 1.0.1, a file-system-like API for Git repositories. The root cause is the buildCommand function used to construct exec strings not sanitizing input, making any code path that calls child_process.exec vulnerable to command injection. This could allow an atta...

CVE-2017-1000455

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Reverse Engineering Android apk Files: Apktool

ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like fil...

Remote Command Execution (RCE)

github.com/git-lfs/git-lfs is vulnerable to remote code execution RCE attacks. The application does not sanitize ssh:// URLs passed to it, allowing a malicious user to execute arbitrary commands...

GitHub Git LFS Arbitrary Command Execution Vulnerability

GitHub Git LFS is a U.S. GitHub company developed an open source project . GitHub Git LFS for version control of large files in the open source Git extension . An arbitrary command execution vulnerability exists in GitHub Git LFS versions prior to 2.1.1. The vulnerability can be exploited by remo...

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

Arbitrary file deletion

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

UBUNTU-CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...