Malicious Git and Mercurial HTTP Server For CVE-2014-9390

This module exploits CVE-2014-9390, which affects Git versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and Mercurial versions less than 3.2.3 and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be...

Git for Windows Detection

Binary data gitforwindowsinstalled.nbin...

CVE-2013-4663

The CVE-2013-4663 entry concerns the redmine_git_hosting plugin for Redmine. The vulnerability is in git_http_controller.rb, where remote attackers can execute arbitrary commands by supplying shell metacharacters in (1) the service parameter to info/refs (get_info_refs function) or (2) the reqfil...

Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

GitHub < 1.9.4 .git/config Command Execution (Mac OS X)

The remote Mac OS X host has a version of GitHub prior to 194 installed. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a...

GitHub for Windows < 2.6.5 .git/config Command Execution

The version of GitHub for Windows installed on the remote host is prior to 2.6.5. It is, therefore, affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tre...

FreeBSD : git -- Arbitrary command execution on case-insensitive filesystems (1d567278-87a5-11e4-879c-000c292ee6b8)

The Git Project reports : When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

Critical Git Client vulnerability Allows Malicious Remote Code Execution

Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. T...

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...

UBUNTU-CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...

git -- Arbitrary command execution on case-insensitive filesystems

The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

Update Embedded git version

Today was announced that Git contains "A critical Git security vulnerability". It would be nice that in the options panel of sourcetree on the tab git, the button "Update embedded git" downloads the latest version of git 1.9.5. https://github.com/blog/1938-git-client-vulnerability-announced...

GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 &amp; Mercurial &lt; 3.2.3 - Multiple Vulnerabilities (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390', 'Description' = %q This module exploits CVE-2014-9390, which affect...

Bash Shellshock vulnerability simply explained-vulnerability warning-the black bar safety net

Preface The national day before the analysis of this vulnerability,see the security reference for readers to discuss,made a simple Bash Shellshock vulnerability description. Vulnerability overview Vulnerability the principle of popular point that is to bash the language in the definition of a...

Bitbucket repository configuration doesn't offer SSH

When you add a new Bitbucket repository, you can only enter a username/password for authentication. If you want to use SSH, you should fallback to the generic 'Git' repository host. SSH should be offered as an option in the Bitbucket configuration. As an intermediate solution you can add a...

Bash through special environment variables code injection attack-vulnerability warning-the black bar safety net

Bash or Bourne again shell, is a UNIX-like shell script, might be any Linux system is the most common mounting Assembly. From 1 9 8 0 year of birth to now, bash has evolved from a simple terminal based command interpreter evolved to many other fancy uses. In Linux, the environment variables...

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

No description provided by source. Vulnerability Report Author: Matthew R. Bucci [email protected] Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit is a git web repository viewer that aims to be easy to set up and upgrade, light on...

Git <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35338/info Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploit...