CVE-2018-1000199

The CVE-2018-1000199 entry concerns the Linux kernel (v3.18) where modify_user_hw_breakpoint() contains a ptrace-related handling flaw. This flaw can allow a local attacker to crash the kernel and, per other sources, may enable memory corruption or local code execution via ptrace. The issue is ro...

CVE-2018-1000199

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...

GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials

GitBackdorizer is a proof of concept, fully inspired in Ulisses Castro's 50 ton of backdoors talk, that abuses the lack of user attention to steal git access credentials. How it Works GitBackdorizer consists of three pieces: handler, dropper and the payload. Handler The handler sets up a HTTP...

Git Remote Command Injection Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A command vulnerability exists in Git versions prior to 2.7.5. A remote attacker can run an arbitrary device with the help of a specially crafted 'ssh://...' URL t...

Xen Intel Architecture Debug Exception Handling Local Privilege Escalation (XSA-260)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a local privilege escalation vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if...

Kurukshetra - A Framework For Teaching Secure Coding By Means Of Interactive Problem Solving

Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user...

Fi6S - IPv6 Network Scanner Designed To Be Fast

fi6s is a IPv6 port scanner designed to be fast. This is achieved by sending and processing raw packets asynchronously. The design and goal is pretty similar to Masscan, though it is not as full-featured yet. Building Building should be fairly easy on up-to-date distros. On Ubuntu 16.04 xenial it...

Making a Gmail bot with Apps Script and TypeScript

Google Apps Script is one of the best hidden features of Gmail. Did you ever want just a bit more flexibility from a filter? Maybe the ability to remove a label, or match on a header, or just decide the order they are applied in. Apps Script can do all that and then some. They are simple JavaScri...

Git ssh URL Processing Command Execution (CVE-2017-1000117)

A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of ssh:// URLs. Successful exploitation will enable the attacker to execute arbitrary commands on the target system...

Gitmails - An Information Gathering Tool To Colect Git Commit Emails In Version Control Host Services

An information gathering tool to colect git commit emails in version control host services. Overview Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. What Gitmails does is:...

CVE-2018-1000199

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...

Nemesis - A Command-Line Network Packet Crafting And Injection Utility

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. Key Features ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP,...

Snallygaster - Tool To Scan For Secret Files On HTTP Servers

Snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for oth...

Node.js third-party modules: [git-dummy-commit] Command injection on the msg parameter

Hi there, I've found a Command Injection on the "git-dummy-commit" module. Module module name: git-dummy-commit version: 1.3.0 npm page: https://www.npmjs.com/package/git-dummy-commit Module Description Create a dummy commit for testing Module Stats 62 downloads in the last day 94 downloads in th...

Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools

git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...

openSUSE Security Update : git (openSUSE-2018-352)

This update for git fixes the following issue : - CVE-2017-15298: Specially crafted repositories could have caused a denial of service boo1063412 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...

DEBIAN-CVE-2016-9645

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...

CVE-2016-9645

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...

UBUNTU-CVE-2016-9645

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...

CVE-2016-9645

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229...