Debian: Security Advisory (DSA-3435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KODExplorer Web File Manager Cross Site Scripting

================================================================================ KODExplorer web file manager - Cross Site Scripting ================================================================================ Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ - http://kalcaddle.com/...

Git远程命令执行漏洞

No description provided by source...

SUSE SLES12 Security Update : Recommended update for git (SUSE-SU-2015:2325-1)

The git package was updated to fix the following security issue : - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...

Scientific Linux Security Update : git on SL7.x x86_64 (20151208)

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system...

点到为止之阔知网络git泄露（第二弹）

简要描述： 据说杭州的厂商都不错,每次提交的漏洞都能收到小礼物。 上一次提交了你们没有礼物,这次该有了吧? 详细说明： 官网：http://www.topxia.com git文件泄露： http://www.topxia.com/.git/config 如图： 漏洞证明： core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true remote "origin" url =...

SUSE-SU-2015:2025-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

SUSE-SU-2015:2325-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=660 The following crash due to a static out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...

Wireshark - my_dgt_tbcd_unpack Static Buffer Overflow

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=649 The following crash due to a static buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tsha...

Wireshark - getRate Stack Out-of-Bounds Read

Source: https://code.google.com/p/google-security-research/issues/detail?id=641 The following crash due to a stack-based out-of-bounds memory read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

Ubuntu 14.04 LTS : Git vulnerability (USN-2835-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2835-1 advisory. Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this...

Ubuntu: Security Advisory (USN-2835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wireshark - dissect_nbap_MACdPDU_Size SIGSEGV

Source: https://code.google.com/p/google-security-research/issues/detail?id=652 The following SIGSEGV crash due to an invalid memory read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

USN-2835-1 git vulnerability

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs...

USN-2835-1: Git vulnerability

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs...

Square Open Source: Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone

While testing git-fastclone for the ext protocol issues in my other report, I looked at the source code and immediately noticed you're using the Cocaine0 library unsafely. Cocaine will protect from command injection but it "only does that for arguments interpolated via run, NOT arguments passed...

Amazon Linux AMI : git (ALAS-2015-613)

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. C...

Amazon Linux: Security Advisory (ALAS-2015-613)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

git-fastclone Shell Metacharacter Injection Arbitrary Command Execution

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...