git -- Arbitrary command execution on case-insensitive filesystems

The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...

Update Embedded git version

Today was announced that Git contains "A critical Git security vulnerability". It would be nice that in the options panel of sourcetree on the tab git, the button "Update embedded git" downloads the latest version of git 1.9.5. https://github.com/blog/1938-git-client-vulnerability-announced...

GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390', 'Description' = %q This module exploits CVE-2014-9390, which affect...

gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution

The gollum-gritadapter gem contains a flaw that can allow arbitrary command execution. Grit implements its search functionality by shelling out to git grep. In turn, git grep takes a -O or --open-files-in-pages option that will pipe the results of grep to an arbitrary process. By failing to...

CVE-2014-8683 XSS in Gogs Markdown Renderer

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github...

CVE-2014-8682

Gogs (Go Git Service) is affected by SQL injection via the q parameter in the API endpoints /api/v1/repos/search and /api/v1/users/search. The vulnerability stems from improper handling in the repository and user search code paths (models/repo.go and models/user.go) across Gogs versions 0.3.1-9 t...

CVE-2014-8683

CVE-2014-8683 describes a Cross-Site Scripting (XSS) flaw in Gogs (Go Git Service). The vulnerability affects Gogs versions 0.3.1-9 through 0.5.x before 0.5.8 and is triggered via the text parameter to the API endpoint api/v1/markdown, allowing injection of arbitrary web script/HTML. The root cau...

CVE-2014-8681

CVE-2014-8681 affects Gogs (Go Git Service). The GetIssues function in models/issue.go has a SQL injection flaw exploitable via the label parameter in user/repos/issues, impacting Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta. Documents indicate remote attackers can execute arbitra...

Fedora 20 : icecream-1.0.1-8.20140822git.fc20 (2014-10468)

This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...

Fedora 19 : icecream-1.0.1-8.20140822git.fc19 (2014-10366)

This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...

Gogs Markdown Renderer Cross Site Scripting Vulnerability

Gogs markdown renderer suffers from a cross site scripting vulnerability. Versions 0.3.1-9-g49dc57e are affected. XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. tak...

Gogs - label SQL Injection

Gogs - label SQL Injection Blind SQL Injection in Gogs label search ======================================== Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...

Gogs - 'users'/'repos' '?q' SQL Injection

Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...

Gogs - usersrepos ?q SQL Injection

Gogs - usersrepos ?q SQL Injection Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very simili...

TestLink 1.9.12 Multiple Vulnerabilities

TestLink versions 1.9.12 and below suffer from a path disclosure weakness and below suffer from a PHP object injection vulnerability in execSetResults.php ---------------------------------------------------------------- TestLink "; debugprintbacktrace; echo ""; 211. 212. else 213. 214. echo "";...

Bash Shellshock vulnerability simply explained-vulnerability warning-the black bar safety net

Preface The national day before the analysis of this vulnerability,see the security reference for readers to discuss,made a simple Bash Shellshock vulnerability description. Vulnerability overview Vulnerability the principle of popular point that is to bash the language in the definition of a...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

Bitbucket repository configuration doesn't offer SSH

When you add a new Bitbucket repository, you can only enter a username/password for authentication. If you want to use SSH, you should fallback to the generic 'Git' repository host. SSH should be offered as an option in the Bitbucket configuration. As an intermediate solution you can add a...