CVE-2008-5916

CVE-2008-5916 affects gitweb/gitweb.perl in Git 1.6.x (before 1.6.0.6), 1.5.x, 1.4.x and newer, allowing a local repository owner to execute arbitrary commands by modifying the diff.external configuration and issuing a crafted gitweb query. The vulnerability stems from how gitweb processes the di...

Design/Logic Flaw

The web interface in git gitweb 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to gitsearch...

CVE-2008-5516

The web interface in git gitweb 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to gitsearch...

CVE-2008-5516

CVE-2008-5516 affects Git-related web interface gitweb (1.5.x up to 1.5.5). The issue arises in the gitweb.cgi script’s handling of git_search input, where shell metacharacters are not properly sanitized, enabling an unauthenticated remote attacker to execute arbitrary commands on the server with...

FreeBSD Ports: git

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2009-1073 · Git · Git

Name of the Vulnerable Software and Affected Versions: git versions 1.5.x through 1.5.4 git versions prior to 1.6.0.6 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters related to git search, potentially leading to disruption of confidentiality,...

FreeBSD : git -- gitweb privilege escalation (ecad44b9-e663-11dd-afcd-00e0815b8da8)

Git maintainers report : gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query. %NASLMINLEVEL 70300 C Tenable Network...

FreeBSD Ports: git

The remote host is missing an update to the system as announced in the referenced advisory. VID ecad44b9-e663-11dd-afcd-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID ecad44b9-e663-11dd-afcd-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian Security Advisory DSA 1708-1 (git-core)

The remote host is missing an update to git-core announced via advisory DSA 1708-1. OpenVAS Vulnerability Test $Id: deb17081.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1708-1 git-core Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian DSA-1708-1 : git-core - shell command injection

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...

Debian: Security Advisory (DSA-1708-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1708-1] New Git packages fix remote code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1708-1 [email protected] http://www.debian.org/security/ Florian Weimer January 19, 2009 http://www.debian.org/security/faq -...

DSA-1708-1 git-core - remote code execution

Bulletin has no description...

CVE-2008-5517

The web interface in git gitweb 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to 1 gitsnapshot and 2 gitobject...

CVE-2008-5517

CVE-2008-5517 affects the Git web interface (gitweb) 1.5.x up to 1.5.5, where gitweb.cgi fails to sanitize input and can pass shell metacharacters to a shell via git_snapshot/git_object, enabling remote command execution. Connected advisories (Ubuntu USN-723-1, Slackware SSA-2009-051-02, OpenVAS ...

CVE-2008-5517

The web interface in git gitweb 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to 1 gitsnapshot and 2 gitobject...

openSUSE 10 Security Update : git (git-5892)

Insufficient quoting of shell characters allowed remote attackers to execute arbitrary commands via the git web interface CVE-2008-5517 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update git-5892...

Git gitweb 'diff.external'本地特权提升漏洞

BUGTRAQ ID: 32967 Git是一款是用于Linux内核开发的版本控制工具。 Git gitweb存在一个本地特权提升缺陷，允许恶意知识库属主通过在他的知识库中指定diff.external配置变量并运行特殊构建的gitweb查询，可导致执行任意命令。 GIT GIT 1.6 5 GIT GIT 1.5.6 5 GIT GIT 1.5.6 .4 GIT GIT 1.5.6 .3 GIT GIT 1.5.5 5 GIT GIT 1.5.4 6 GIT GIT 1.1.5 GIT GIT 1.1.4 升级程序： GIT GIT 1.5.4 6 GIT...

Fedora 9 : git-1.5.6.6-1.fc9 (2008-11650)

This update fixes a local privilege escalation bug in gitweb. For details: http://article.gmane.org/gmane.comp.version-control.git/103624 Additionally, gitk has been added as a requirement of git-gui bug 476308 and perlNet::SMTP::SSL has been added as a requirement of git-send-email bug 443615...

Fedora 8 : git-1.5.4.3-3.fc8 (2008-11653)

This update fixes a local privilege escalation bug in gitweb. For details: http://article.gmane.org/gmane.comp.version-control.git/103624 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...