10067 matches found
creak - Poison, Reset, Spoof, Redirect MITM Script
Performs some of the most famous MITM attack on target addresses located in a local network. Among these, deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a...
Git for Windows Untrusted Search Path Vulnerability
Git for Windows is a free, open source distributed version control system based on Windows developed by American software developer Linus Torvalds Linus Torvalds. An untrustworthy search path vulnerability exists in version 1.x of Git for Windows. This vulnerability can be exploited by a local...
[SECURITY] Fedora 24 Update: libgit2-0.24.3-1.fc24
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...
CVE-2016-9274
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected...
Design/Logic Flaw
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected...
CVE-2016-9274
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected...
CVE-2016-9274
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected...
CVE-2016-9274
CVE-2016-9274 : In Git for Windows 1.x, an untrusted search path vulnerability allows local privilege escalation via a Trojan horse git.exe in the current working directory. The issue affects Git for Windows 1.x; Git 2.x is not affected. The root cause is the ability to execute a malicious git.ex...
Paragon Initiative Enterprises: Using plain git protocol (vulnerable to MITM)
Using plain git protocol git://domain is insecure as the server is not verified MITM attacker can return different content if last commit not checked against known one more information about this issue Protocols to choose from when cloning: https://gist.github.com/grawity/4392747...
Paragon Initiative Enterprises: Missing GIT tag/commit verification in Docker
in: https://github.com/paragonie/airship/blob/master/docker/Dockerfile.airshipL14-L16 RUN git clone https://github.com/jedisct1/libsodium.git /tmp/sodium WORKDIR /tmp/sodium RUN git checkout tags/1.0.10 The code is fetched from Github without one of: 1. signature verification on relevant tag. GPG...
git-fastclone command execution vulnerability
git-fastclone is a set of tools for cloning git. A command execution vulnerability exists in git-fastclone versions prior to 1.0.5, which stems from a program passing a user-modified string directly to a shell command. The vulnerability can be exploited to execute malicious commands by modifying...
What the Fuzz: Radamsa
What the Fuzz: Radamsa Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs...
GitLab unauthorized access vulnerability can lead to remote command execution-vulnerability warning-the black bar safety net
GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects. 2 0 1 6 years 1 1 months to 3 December, the United States the congregation measured platform HackerOne announce...
CVE-2015-8969
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...
CVE-2015-8968
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
Command injection
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...
Command injection
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
CVE-2015-8968
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
CVE-2015-8969
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...
CVE-2015-8968
CVE-2015-8968 affects git-fastclone prior to 1.0.1, enabling arbitrary shell command execution via .gitmodules when cloning recursively or updating submodules. The exploit occurs through ext helper URLs (git-remote-ext) embedded in submodules, allowing command execution either over cloned repos o...