10062 matches found
Torvalds Downplays SHA-1 Threat to Git
When researchers demonstrated the first practical collision attack for the cryptographic hash function SHA-1 last week, they also identified related vulnerabilities impacted by the now-compromised algorithm. According to the SHAttered research post, co-authored by Google and a host of cryptograph...
BeeLogger - Generate Emailing Keyloggers to Windows on Linux
Generate gmail emailing keyloggers to windows on linux, powered by python and compiled by pyinstaller. Features Send logs each 120 seconds. Send logs when chars 50. Send logs with gmail. Some Phishing methods are included. Multiple Session disabled. Bypass UAC. Prerequisites apt wine wget Linux...
Directory Traversal And Remote Code Execution (RCE)
git-spindle is vulnerable to directory traversal or remote code execution attacks. The vulnerability exists because it does not perform any sanitization on repourl and reponame from GitHub API, allowing malicious operators of the GitHub server to trigger directory traversal or remote code executi...
WAF Security Benchmark: WAFPASS
WAF Security Benchmark WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However, these security applications suffer...
DEBIAN-CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...
CVE-2016-10026
The CVE-2016-10026 case concerns ikiwiki version 3.20161219, where the CGI interface enabled with git and recentchanges plugins allows a revision to bypass authorization and revert changes by exploiting page permissions. Technical details indicate the root cause lies in how revision changes are c...
openSUSE Security Update : libgit2 (openSUSE-2017-213)
This update for libgit2 fixes the following issues : - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate callback or when using...
OPENSUSE-SU-2017:0405-1 Security update for libgit2
This update for libgit2 to version 0.24.6 fixes the following issues: - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate...
DEBIAN-CVE-2016-8568
The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...
ALPINE-CVE-2016-8568
The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...
CVE-2016-8569
The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...
ALPINE-CVE-2016-8569
The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...
CVE-2016-8568
The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...
CVE-2016-8569
Vulnerability details (CVE-2016-8569): The libgit2 library (versions before 0.24.3) is affected by a denial-of-service via a NULL pointer dereference in git_commit_message when processing certain crafted objects (cat-file usage). Public advisories in Debian/Ubuntu openSUSE notes confirm the issue...
libreoffice: Heap-buffer-overflow in MakePreview
Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5385827211280384 Project: libreoffice Fuzzer: libFuzzerlibreofficeepsfuzzer Fuzz target binary: epsfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type...
[SECURITY] Fedora 24 Update: ikiwiki-3.20170111-1.fc24
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...
Systemd 228 (SUSE 12 SP2 Ubuntu Touch 15.04) - Local Privilege Escalation
Systemd 228 SUSE 12 SP2 Ubuntu Touch 15.04 - Local Privilege Escalation / source: http://www.openwall.com/lists/oss-security/2017/01/24/4 This is a heads up for a trivial systemd local root exploit, that was silently fixed in the upstream git as: commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e...