TomTom: Exposed Git Repo at http://betaforum.tomtom.com/.git/{subfolders}

Dear Security team, I found a git repository on http://betaforum.tomtom.com/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information, it all depends what is stored there. Example: 1...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

The vulnerability of the run_command function in the Git distributed version control system allows a hacker to execute arbitrary commands.

The vulnerability of the runcommand programming interface in a distributed version control system like Git is related to insufficient cleaning of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

Git: Multiple vulnerabilities

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Multiple vulnerabilities have been discovered in Git. Please review the referenced CVE identifiers for details Impact...

GLSA-201904-13 : Git: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201904-13 Git: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Git. Please review the referenced CVE identifiers for details Impact : Please review the referenced CVE identifier and bugs for details...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

EulerOS Virtualization 2.5.3 : git (EulerOS-SA-2019-1183)

According to the version of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may...

libreoffice/wksfuzzer: Heap-buffer-overflow in std::__1::unique_ptr<ScColumn, std::__1::default_delete<ScColumn> >::operator*

Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://oss-fuzz.com/testcase?key=5644717359890432 Project: libreoffice Fuzzer: libFuzzerlibreofficewksfuzzer Fuzz target binary: wksfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type: Heap-buffer-overfl...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

openSUSE Security Update : git (openSUSE-2019-1032)

This update for git fixes the following issues : Security issue fixed : - CVE-2018-19486: Fixed git that executed commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was bsc1117257. This upda...

openSUSE Security Update : git (openSUSE-2019-410)

This update for fixes the following security issues : - path sanity-checks on NTFS can read arbitrary memory CVE-2018-11233, boo1095218 - arbitrary code execution when recursively cloning a malicious repository CVE-2018-11235, boo1095219 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : git (openSUSE-2019-802)

This update for git fixes the following issues : - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. boo1110949. This update was imported from the SUSE:SLE-15:Updat...

openSUSE Security Update : git-annex (openSUSE-2019-497)

This update for git-annex to version 6.20180626 fixes the following issues : - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

Gitea 1.7.3 HTML Injection

Gitea 1.7.3 stored HTML injection XSS Information =========== Name: Gitea 1.7.0 - 1.7.3 stored HTML injection Software: Gitea - a self-hosted Git service Homepage: https://gitea.io/ Vulnerability: stored HTML injection Affected: 1.7.0 - 1.7.3 Tested: 1.7.2, 1.7.3 Fixed: 1.7.4 Prerequisites: edit...

Hashboy-Tool - A Hash Query Tool

Hashboy was redeveloped onhash-buster Author:Leiothrix How to install $git clone https://github.com/sf197/hashboy-tool $cd hashboy-tool $python3 hashboy.py How to use $ python3 hashboy.py / / / / / / / / / / / / / / / / / / / / // / / / // / // / // / // //,/// //.//, / // Author:Leiothrix...

Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher

Summary Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher Vulnerability Details CVEID: CVE-2018-1000802 DESCRIPTION: Python could allow a local attacker to execute arbitrary commands on the system, caused by a flaw in the shutil module...

CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.1.1 01-02-2019 - Version 1.1.0...

[SECURITY] Fedora 29 Update: pagure-5.3-1.fc29

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

jenkins-plugin-git: CSRF vulnerability in Git Plugin (SECURITY-1095)

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record...