Ubuntu 14.04 LTS : Git vulnerability (USN-3243-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3243-1 advisory. It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user...

Ubuntu: Security Advisory (USN-3243-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3243-1 git vulnerability

It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code...

USN-3243-1: Git vulnerability

It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code...

GIT 1.8.5.6 / 1.9.5 / 2.0.5 / 2.1.4/ 2.2.1 & Mercurial < 3.2.3 - Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390',...

Git Arbitrary Code Execution Vulnerability (CNVD-2017-03446)

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A security vulnerability exists in the contrib/completion/git-prompt.sh file in versions of Git prior to 1.9.3, which stems from the program failing to filter the...

BGP Swiss Army Knife: ExaBGP

ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS. It is routinely used to improve service resilience and provide protection against network or...

Design/Logic Flaw

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

DEBIAN-CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

CVE-2014-9938 is disclosed in multiple feeds as a vulnerability in Git where the git-prompt.sh script failed to sanitize branch names, enabling potential code execution via PS1 in affected Git versions. Connected documents corroborate this vulnerability as part of EulerOS advisories and Nessus/NV...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

UBUNTU-CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

CVE-2014-9938

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...

Internet Bug Bounty: heap-buffer-overflow (buffer read overrun) in curl: ourWriteOut() src/tool_writeout.c:115

Curl is a ubiquitous tool in use by millions of people around the world. I reported this flaw to the curl security mailing list on 10 March 2017: ./curl -q -K test000 ==21754==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000dbb2 at pc 0x0000004fcd39 bp 0x7ffcd27dc250 sp...

Umbrella - A Phishing Dropper designed to Pentest

Umbrella is a file dropper dedicated to pentest, its download files on target system are execute them without a double execution of exe, only of embed. To compromise the same target again, you need delete this folder on target system : - C:\Users\Public\Libraries\Intel - because dropper checks th...

The [vulnerability analysis] S2-045 principles of the preliminary analysis of CVE-2017-5638-a vulnerability warning-the black bar safety net

Author: angelwhu 0x00 vulnerability announcement See This vulnerability should follow-up will have official detailed analysis. Here to talk about personal understanding, but also to share the following to reproduce the vulnerabilities of ideas. First of all,carefully read the vulnerability...

2017 Visual Studio Code Workspace settings code execution

The following issue constitutes an arbitrary code execution vulnerability in Visual Studio Code herein referred to as "Code". Users should upgrade to Code 1.9.0 or later. says: Visual Studio Code is a source code editor developed by Microsoft for Windows, Linux and macOS. It includes support for...