Exploit for Buffer Underflow in Microsoft

github 军火库 web，安全，渗透，军火库 漏洞及渗透练习平台： WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy Damn Vulnerable Web Application漏洞练习平台 https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台，like OWASP Node Goat...

SourceTree Remote Code Execution Exploit

SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected. SourceTree Remote Code Execution Exploit CVE ID:...

libreoffice: Heap-use-after-free in SwPaM::Start

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=6096852086685696 Project: libreoffice Fuzzer: libFuzzerlibreofficeww8fuzzer Fuzz target binary: ww8fuzzer Job Type: libfuzzerasanlibreofficeuntrusted Platform Id: linux Crash Type:...

openSUSE Security Update : git (openSUSE-2017-988)

This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C...

XSStrike: A XSS Detection & Exploitation Kit

PenTestIT RSS Feed If you remember a couple of weeks back, I blogged about XSS Radar, a Google Chrome extension to help you discover cross-site scripting vulnerabilities. This post is about - XSStrike, a similar tool to help you find cross-site scripting vulnerabilities, but it is coded in Python...

openSUSE: Security Advisory for git (openSUSE-SU-2017:2331-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for git (important)

This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 This update was imported from the SUSE:SLE-12:Update update project...

Gloom-Framework: Security Framework For Kali Linux

PenTestIT RSS Feed This short post is about a new penetration testing toolkit/framework in the market, which was specifically built for Kali Linux. The name is Gloom-Framework. It is coded in Python and is also open source with a few dependencies. What is Gloom-Framework? Gloom-Framework is an op...

Amazon Linux AMI : git (ALAS-2017-882)

Command injection via malicious ssh URLs : A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' acti...

SUSE SLES12 Security Update : git (SUSE-SU-2017:2320-1)

This update for git fixes the following issues : - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481 Note that Tenable Network Security has extracted the preceding description block directly fro...

SUSE-SU-2017:2320-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481...

Malicious GIT HTTP Server Exploit

This Metasploit module exploits CVE-2017-1000117, which affects Git versions 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This Metasploit module...

Git < 2.7.5 - Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...

openSUSE Security Update : git-annex (openSUSE-2017-986)

This update for git-annex fixes the following issues : - CVE-2017-12976: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted repository url to cause the victim to execute arbitrary code via...

Git <= 2.7.5 - Command Injection (Metasploit) Exploit

Exploit for python platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits...

Important: git

Issue Overview: Command injection via malicious ssh URLs: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing...

Malicious GIT HTTP Server

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...

MGASA-2017-0319 Updated libgit2 packages fix security vulnerabilities

Read out-of-bounds in gitoidnfmt CVE-2016-8568. DoS using a null pointer dereference in gitcommitmessage CVE-2016-8569. Insufficient sanitization allows some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer CVE-2016-10128, CVE-2016-10129...

Updated libgit2 packages fix security vulnerabilities

Read out-of-bounds in gitoidnfmt CVE-2016-8568. DoS using a null pointer dereference in gitcommitmessage CVE-2016-8569. Insufficient sanitization allows some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer CVE-2016-10128, CVE-2016-10129...

Pharos: A Static Binary Analysis Framework

PenTestIT RSS Feed All of us know what static binary analysis means. It means that the analysis of the binary is performed without actually executing it. Almost two years ago, an open source framework - Pharos, was created by the Carnegie Mellon SEI, CERT Division in collaboration with the Lawren...