Copycat Kali, with mykali for Kali Linux

If you’re anything like me, you like to customise your environment quite a bit. I do most of my work from a Kali Linux VM which has had a plethora of changes made to it. I like to use i3 instead of gnome, I’ve a ton of git repositories cloned, packages installed, custom configuration files and...

Block.one: [FG-VD-18-126] Buffer Overflow Vulnerability in Latest EOS's EOSIO.WASMSDK Repository II

Hello Block.One / EOS Product Security Team, Good Afternoon. There exists a Memory Corruption vulnerability in the latest EOS WASMSDK Library. The PoC.wasm file is attached along with this report. Reproduction Steps: - 1 Fetch latest EOS WASMSDK repsository from...

Debian DSA-4263-1 : cgit - security update

Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when 'enable-http-clone=1' default is not turned off. C Tenable...

UBUNTU-CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

Design/Logic Flaw

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

Sourcetree Remote Code Execution Exploit

Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected. Sourcetree Remote Code Execution Exploit CVE ID: CVE-2018-11235. CVE-2018-13385...

Git-Secrets - Prevents You From Committing Secrets And Credentials Into Git Repositories

Prevents you from committing passwords and other sensitive information to a git repository. Synopsis git secrets --scan -r|--recursive --cached --no-index --untracked ... git secrets --scan-history git secrets --install -f|--force git secrets --list --global git secrets --add -a|--allowed...

Photon OS update (deprecated)

An update of 'git' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0145. The text itself is copyright C VMware, Inc...

Photon OS 2.0 : git (PhotonOS-PHSA-2018-2.0-0053) (deprecated)

An update of 'git' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0053. The text itself is copyright C VMware, Inc...

CMSeeK v1.0.5 - CMS Detection And Exploitation Suite

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.5 19-07-2018 - Version 1.0.4...

[SECURITY] Fedora 28 Update: libgit2-0.26.5-1.fc28

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

[SECURITY] Fedora 27 Update: libgit2-0.26.5-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Noisy - Simple Random DNS, HTTP/S Internet Traffic Noise Generator

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity. Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable wit...

git-annex information disclosure vulnerability

git-annex is a distributed file synchronization system. An information disclosure vulnerability exists in git-annex. An attacker can exploit this vulnerability to disclose encrypted data via a malicious server...

tqdm: Arbitrary code execution

Background tqdm is a smart progress meter. Description A vulnerablility was discovered in tqdm.version that could allow a malicious git log within the current working directory. Impact A remote attacker could execute arbitrary commands by enticing a user to clone a crafted repo. Workaround There ...

git-annex information disclosure vulnerability

git-annex is a distributed file synchronization system written in Haskell. A private data information disclosure vulnerability exists in git-annex. An attacker can exploit this vulnerability to obtain the contents of files outside of the git-annex repository and the contents of a private web serv...

CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN...

CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN...

DEBIAN-CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN...