Use git-credential-store to avoid exposing plaintext username/password

Using https://username:[email protected] will expose the credentials e.g. in 'ps' when users have SSH access to the server which also runs Bamboo. This can be avoided if Bamboo uses git-credential-store...

Bash through special environment variables code injection attack-vulnerability warning-the black bar safety net

Bash or Bourne again shell, is a UNIX-like shell script, might be any Linux system is the most common mounting Assembly. From 1 9 8 0 year of birth to now, bash has evolved from a simple terminal based command interpreter evolved to many other fancy uses. In Linux, the environment variables...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

CVE-2014-5023

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command...

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

No description provided by source. Vulnerability Report Author: Matthew R. Bucci [email protected] Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit is a git web repository viewer that aims to be easy to set up and upgrade, light on...

Git <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35338/info Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploit...

gitWeb 1.5.2 - Remote Command Execution

No description provided by source. Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command...

openSUSE Security Update : git (openSUSE-SU-2011:0115-1)

This update fixes two vulnerabilities : XSS vulnerability in gitweb; a remote attacker could craft an URL such that arbitrary content would be inserted to the generated web page. Stack overflow vulnerability that can lead to arbitrary code execution if user runs any git command on a specially...

openSUSE Security Update : git (openSUSE-SU-2013:0380-1)

git imap-send was fixed to do SSL host verification. This can be disabled if necessary in the config file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-170. The text descripti...

openSUSE Security Update : git-web (openSUSE-SU-2011:0705-1)

Users with commit access to repos served by git-web could cause cross site scripting XSS issues with XML files CVE-2011-2186. Due to a differently formatted /etc/mime.types openSUSE is not affected by default. This update nevertheless turns on git-web's XSS protection mechanism to avoid similar...

openSUSE Security Update : git-web (openSUSE-SU-2011:0705-1)

Users with commit access to repos served by git-web could cause cross site scripting XSS issues with XML files CVE-2011-2186. Due to a differently formatted /etc/mime.types openSUSE is not affected by default. This update nevertheless turns on git-web's XSS protection mechanism to avoid similar...

Hide passwords in ps aux for https git tasks

When git checkout tasks configured to use HTTPS run, the user and password are exposed in ps aux: noformat bamboo 15138 0.0 0.0 86752 2224 ? S May20 0:00 git-remote-https https://gituser:[email protected]/scm/consumer/XXXX.git...

WPScan - WordPress Security Scanner

WPScan is a black box WordPress vulnerability scanner. Features Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration from generator meta tag and from client side files Vulnerability enumeration based on version Plugin enumeratio...

[oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont

ANNOUNCE XOrg Security Advisory: Multiple issues in libXfont.eml Тема: ANNOUNCE X.Org Security Advisory: Multiple issues in libXfont От: Alan Coopersmith [email protected] Дата: 13.05.2014 19:08 Кому: [email protected] Копия: [email protected], [email protected] X.Org Securi...

pty race

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

Linux Kernel信息泄漏漏洞(CVE-2014-2568)

Bugtraq ID:66348 CVE ID:CVE-2014-2568 Linux Kernel是一款开源的操作系统。 Linux Kernel skbzerocopy拷贝skb到用户空间缓冲区时存在安全漏洞，允许攻击者利用漏洞获取敏感内存信息，导致敏感信息泄漏。 0 Linux Kernel 用户可参考厂商的GIT库以获得补丁修复此漏洞： https://lkml.org/lkml/2014/3/20/421...

OpenSSL ECDSA Nonces恢复漏洞

CVE ID:CVE-2014-0076 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 OpenSSL椭圆曲线签名与校验ECDSA实现存在错误，允许攻击者通过FLUSH+RELOAD缓存边道攻击来获取nonce值并之后得出私钥。 0 OpenSSL 1.x 用户可参考厂商的GIT库以获得补丁修复此漏洞： http://www.openssl.org/...

Linux netback crash trying to disable due to malformed packet

ISSUE DESCRIPTION When Linux's netback sees a malformed packet, it tries to disable the interface which serves the misbehaving frontend. This involves taking a mutex, which might sleep. But in recent versions of Linux the guest transmit path is handled by NAPI in softirq context, where sleeping i...