CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10056 matches found

Metasploit•added 2018/03/05 7:25 p.m.•35 views

GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...

9.8CVSS0.8AI score0.86574EPSS

Exploits9

Veracode•added 2018/03/05 3:20 a.m.•8 views

Git Variable Exposure

librarianp is vulnerable to the exposure of git variables. The regular expression used to identify the git metadata within a system only checks that a variable starts with GIT. This means that any variables such as GITHUBPW that an user might have can be exposed...

6.6AI score

Exploits0

RedhatCVE•added 2018/03/01 1:18 a.m.•28 views

CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.3CVSS6.1AI score0.11087EPSS

Exploits2References2

CNVD•added 2018/02/26 12:0 a.m.•2 views

GIT Input Validation Vulnerability

GIT is the American software developer Linus Torvalds Linus Torvalds developed a set of free, open source distributed version control system. client is one of the clients. An input validation vulnerability exists in Client in GIT 2.15.1 and earlier versions. A remote attacker could exploit this...

6.8CVSS9.2AI score0.00372EPSS

Exploits0References1

Kitploit•added 2018/02/25 1:12 p.m.•20 views

contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities

An OSINT tool to find contacts in order to report security vulnerabilities. Installation Linux Make sure you have installed the whois and jq packages. $ git clone https://github.com/EdOverflow/contact.sh.git $ cd contact.sh/ $ chmod u+x contact.sh $ ./contact.sh -d google.com -c google OSX $ brew...

7AI score

Exploits0References1

Kitploit•added 2018/02/19 9:39 p.m.•16 views

Dr. Mine - Tool To Aid Automatic Detection Of In-Browser Cryptojacking

Dr. Mine is a node script written to aid automatic detection of in-browser cryptojacking. The most accurate way to detect things that happen in a browser is via browser itself. Thus, Dr. Mine uses puppeteer to automate browser thingy and catches any requests to online cryptominers. When a request...

7.6AI score

Exploits0References4

Hacker One•added 2018/02/17 1:57 p.m.•15 views

Dropbox: Exposed Git Repo at http://fileserver.dropboxbusiness.com

The report revealed an exposed git repository on a vendor that Dropbox uses. This endpoint could allow an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information like application secrets. Thankfully, after performing an...

0.1AI score

Exploits0

Prion•added 2018/02/15 1:29 p.m.•32 views

Code injection

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

6CVSS8.2AI score0.70245EPSS

Exploits9References2Affected Software1

OSV•added 2018/02/15 1:29 p.m.•1 views

CVE-2017-18087

7.5CVSS7.4AI score0.01583EPSS

Exploits9References2

NVD•added 2018/02/15 1:29 p.m.•24 views

CVE-2017-18087

7.5CVSS8.4AI score0.01583EPSS

Exploits9References2

Cvelist•added 2018/02/15 1:0 p.m.•22 views

CVE-2017-18087

8.6AI score0.01583EPSS

Exploits9References2

BDU FSTEC•added 2018/02/15 12:0 a.m.•2 views

The vulnerability of the Mercurial version control software lies in its inability to properly handle special elements used in the operating system’s command line. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Mercurial version control software is related to the lack of measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Git subrepository...

10CVSS7.6AI score0.17249EPSS

Exploits0References5Affected Software3

OSV•added 2018/02/14 3:29 p.m.•11 views

CVE-2018-7032

webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack...

7.5CVSS7.8AI score

Exploits0References1

NVD•added 2018/02/14 3:29 p.m.•8 views

CVE-2018-7032

7.5CVSS7.7AI score0.00282EPSS

Exploits1References1

OSV•added 2018/02/14 3:29 p.m.•1 views

DEBIAN-CVE-2018-7032

7.5CVSS7.7AI score0.00282EPSS

Exploits1References1

OSV•added 2018/02/14 3:29 p.m.•2 views

ALPINE-CVE-2018-7032

7.5CVSS7.7AI score0.00282EPSS

Exploits1References1

Cvelist•added 2018/02/14 3:0 p.m.•20 views

CVE-2018-7032

7.7AI score0.00282EPSS

Exploits1References1

AlpineLinux•added 2018/02/14 3:0 p.m.•31 views

CVE-2018-7032

7.5CVSS7.8AI score0.00282EPSS

Exploits1

Debian CVE•added 2018/02/14 3:0 p.m.•15 views

CVE-2018-7032

7.5CVSS7.7AI score0.00282EPSS

Exploits1

Prion•added 2018/02/09 11:29 p.m.•17 views

Input validation

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

6.8CVSS8.6AI score0.00372EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by