10096 matches found
Critical Photon OS Security Update - PHSA-2019-3.0-0036
Updates of 'etcd', 'gdb', 'libgcrypt', 'oniguruma', 'python3', 'dbus', 'sqlite', 'systemd', 'linux', 'lua', 'linux-aws', 'git', 'u-boot', 'rsyslog', 'linux-secure', 'linux-esx', 'sysstat', 'polkit' packages of Photon OS have been released...
Test SSH Github Access
This module will attempt to test remote Git access using .ssh/id private keys. This works against GitHub and GitLab by default, but can easily be extended to support more server types. This module requires Metasploit: https://metasploit.com/download Current source:...
Critical Photon OS Security Update - PHSA-2019-0036
Updates of 'sysstat', 'gdb', 'rsyslog', 'polkit', 'sqlite', 'dbus', 'python3', 'etcd', 'lua', 'u-boot', 'libgcrypt', 'git', 'linux-esx', 'systemd', 'linux', 'linux-secure', 'linux-aws', 'oniguruma' packages of Photon OS have been released...
atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository
It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output...
docker: command injection due to a missing validation of the git ref command
A command injection flaw was discovered in Docker during the docker build command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch/git checkout commands that are executed by Docker and to execute code with the...
RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift kube-apiserver (RHSA-2019:2989)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2989 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Unauthorized File Access
Overview Versions of node-git-server prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories. Recommendation Upgrade to version 0.6.1 or later. References - GitHub PR -...
atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository
It was found that OpenShift Container Platform does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output...
Ispy - Eternalblue (MS17-010) / Bluekeep (CVE-2019-0708) Scanner And Exploit
ispy : Eternalbluems17-010/BluekeepCVE-2019-0708 Scanner and exploiter Metasploit automation How to install : git clone https://github.com/Cyb0r9/ispy.git cd ispy chmod +x setup.sh ./setup.sh Screenshots : Tested On : Parrot OS Kali linux Tutorial How to use ispy...
Unspecified Vulnerability in CloudBees Jenkins Git Changelog Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Git Changelog Plugin is used in one of the Git...
GitLab Omnibus 12.2.1 Logrotate Privilege Escalation
Privilege Escalation via Logrotate in Gitlab Omnibus Overview Identifier: AIT-SA-20190930-01 Target: GitLab Omnibus Vendor: GitLab Version: 7.4 through 12.2.1 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: CVE-2019-15741 Accessibility: Local Severity: Low Author: Wolfgang Hotwagner AIT Austrian...
CVE-2008-5517
The web interface in git gitweb 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to 1 gitsnapshot and 2 gitobject...
CVE-2008-3546
Stack-based buffer overflow in the 1 diffaddremove and 2 diffchange functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATHMAX when running GIT utilities such as git-diff or git-grep...
SUSE SLES12 Security Update : git (SUSE-SU-2018:4088-3)
This update for git fixes the following issue : CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. Note that Tenable Network Security has extracted the...
SUSE-SU-2018:4088-3 Security update for git
This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949...
Information Disclosure
gradle-info-plugin is vulnerable to information disclosure. User credentials are not stripped from the Git repository URL...
FreeBSD : Gitlab -- Multiple Vulnerabilities (b17c86b9-e52e-11e9-86e9-001b217b3468)
SO-AND-SO reports : XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones Disclosu...
GiveMeSecrets - Use Regular Expressions To Get Sensitive Information From A Given Repository (GitHub, Pip Or Npm)
Use regular expressions to get sensitive information from a given repository GitHub, pip or npm. Dependencies You only need to have python 3.6 or higher installed to launch this script. In addition you must have installed in the system git, pip and npm. How to use It's very easy to use, just run...
Gitlab -- Multiple Vulnerabilities
The GitLab Team reports: XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones...
Exploit for OS Command Injection in Jenkins Git_Client
CVE-2019-10392EXP Jenkins Git Client Authenticated RCE CVE-20...