[SECURITY] Fedora 28 Update: libgit2-0.26.3-1.fc28

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Jenkins Git Plugin Information Disclosure Vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the GitStatus.java file in Jenkins Git Plugin 3.7.0 and earlier versions. An attacker can exploit the vulnerability to obtain a list of nodes and users...

The Firmware Analysis and Comparison Tool: FACT

The Firmware Analysis and Comparison Tool formerly known as Fraunhofer’s Firmware Analysis Framework FAF is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files...

Information Disclosure

maven-scm-api is vulnerable to information disclosure attacks. If a git push command failed, the password is printed in plaintext to the logs...

[SECURITY] Fedora 27 Update: libgit2-0.26.3-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Information Disclosure Through Authorization Bypass

Jenkins Git Plugin is vulnerable to information disclosure through authorization bypass. The vulnerability allows users without Overall/Read permission to submit search queries to retrieve a list of user names and node names...

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

Authorization

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

CVE-2018-1000110

The CVE-2018-1000110 entry concerns the Jenkins Git Plugin (v3.7.0 and earlier). Root cause: GitStatus.java contains improper authorization, allowing an attacker with network access to enumerate a list of nodes and users via search endpoints (e.g., /search/suggest?query=x and /search/?q=x). Impac...

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...

Gitleaks - Searches Full Repo History For Secrets And Keys

Searches Full Repo History For Secrets And Keys. Installing go get -u github.com/zricethezav/gitleaks Usage and Explanation ./gitleaks options Gitleaks audits local and remote repos by running regex checks against all commits. Options usage: gitleaks options / Options: -u --user Git user mode -r...

GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...

Git Variable Exposure

librarianp is vulnerable to the exposure of git variables. The regular expression used to identify the git metadata within a system only checks that a variable starts with GIT. This means that any variables such as GITHUBPW that an user might have can be exposed...

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

GIT Input Validation Vulnerability

GIT is the American software developer Linus Torvalds Linus Torvalds developed a set of free, open source distributed version control system. client is one of the clients. An input validation vulnerability exists in Client in GIT 2.15.1 and earlier versions. A remote attacker could exploit this...

contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities

An OSINT tool to find contacts in order to report security vulnerabilities. Installation Linux Make sure you have installed the whois and jq packages. $ git clone https://github.com/EdOverflow/contact.sh.git $ cd contact.sh/ $ chmod u+x contact.sh $ ./contact.sh -d google.com -c google OSX $ brew...

Dr. Mine - Tool To Aid Automatic Detection Of In-Browser Cryptojacking

Dr. Mine is a node script written to aid automatic detection of in-browser cryptojacking. The most accurate way to detect things that happen in a browser is via browser itself. Thus, Dr. Mine uses puppeteer to automate browser thingy and catches any requests to online cryptominers. When a request...