BEEMKA: Basic Electron Post-Exploitation Framework

PenTestIT RSS Feed There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework - BEEMKA can now help you in maintaining...

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for macOS via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for macOS is able to able to exploit this issue to gain code execution on the system. h4. Affected version...

Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for macOS via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for macOS is able to able to exploit this issue to gain code execution on the system. h4. Affected version...

Remot3d - An Simple Exploit for PHP Language

It's easy to create a backdoor in an instant, the backdoor can be used in a remote process via a Linux terminal on the server that runs the PHP Language program. Made to bypass the system that is disabled on the server, especially for reading sensitive files that are /etc/passwd Screenshots List ...

[SECURITY] Fedora 28 Update: gitolite3-3.6.11-1.fc28

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...

Git Repository Detected

The web server on the remote host allows read access to a Git repository. This potential flaw can be used to access content from the web server that might otherwise be private. No source data...

Remote Code Execution (RCE)

git us vulnerable to remote code execution. A remote attacker is able to execute arbitrary code during the processing of a recursive git clone of a superproject, when the .gitmodules file contains a URL field beginning with - character...

Information Disclosure

git is vulnerable to information disclosure. The path sanity check in isntfsdotgit on NTFS allows an attacker to read arbitrary memory...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Remote Code Execution (RCE)

github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...

Remote Code Execution (RCE)

rh-git29-git is vulnerable to remote code execution RCE attacks. The vulnerability exists as a malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a U...

Arbitrary Code Execution

git is vulnerable to arbitrary code execution. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a...

Arbitrary Shell Command Execution

Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules...

Man-in-the-middle Attack

Git is vulnerable to man-in-the-middle attack. The SSL X.509 v3 certificate validation on the IMAP server's certificate does not check that the server's hostname matched the one provided in the CN field of the server's certificate...

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

CloudBees Jenkins Git Changelog Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor ongoing software releases/testing projects and some timed tasks.The Git Changelog Plugin is one of the tools used to create a changelog or release note...

CVE-2018-20683

commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P...