Information disclosure

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

CVE-2017-1000242

CVE-2017-1000242 affects Jenkins Git Client Plugin 2.4.2 and earlier, where temporary files are created with insecure permissions, enabling information disclosure. The known impact is information leakage due to insecure file permissions; exploitation details are not provided in the available docu...

CVE-2017-1000242

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1266)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support...

EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1265)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support...

Debian DSA-4010-1 : git-annex - security update

It was discovered that git-annex, a tool to manage files with git without checking their contents in, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...

Debian DLA-1144-1 : git-annex security update

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. For Debian 7...

DSA-4010-1 git-annex - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1148-1] golang security update

Package : golang Version : 2:1.0.2-1.1+deb7u2 CVE ID : CVE-2017-15041 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points...

[SECURITY] [DLA 1144-1] git-annex security update

Package : git-annex Version : 3.20120629+deb7u1 CVE ID : CVE-2017-12976 Debian Bug : 873088 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related...

FruityWifi: An Open Source Wireless Network Auditor

PenTestIT RSS Feed Continuing with my current interest with Raspberry Pi based security tools again. My last post was about P4wnP1. This post is about FruityWiFi an open source tool that helps you with wireless network auditing. What is FruityWifi? FruityWifi is an open source tool based on WiFi...

sqlmate - Tool which will do what you always expected from SQLmap

There are some features that we think SQLMap should have. Like finding admin panel of the target, better hash cracking etc. If you think the same, SQLMate is for you. What it does? Feed it a SQL injection dork via --dork option and it will find vulnerable sites for you. After that, it will try to...

DLA-1144-1 git-annex - security update

Bulletin has no description...

Tower: modification of git hooks in SCM repo via upstream playbook execution

A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...

Exploit Pack - Penetration Testing Framework

Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so penetration testers can focus on what's really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining...

openSUSE Security Update : git (openSUSE-2017-1167)

This update for git fixes the following issues : This security issue was fixed : - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name bsc1061041. This update was...