[ASA-201710-15] go: arbitrary command execution

Arch Linux Security Advisory ASA-201710-15 ========================================== Severity: High Date : 2017-10-12 CVE-ID : CVE-2017-15041 Package : go Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-442 Summary ======= The package go before version...

Medium: git

Issue Overview: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The...

[SECURITY] Fedora 25 Update: git-2.9.5-2.fc25

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

salt information leakage vulnerability

Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management , remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete the data...

PYSEC-2017-70

salt before 2015.5.5 leaks git usernames and passwords to the log...

Default credentials

salt before 2015.5.5 leaks git usernames and passwords to the log...

CVE-2015-6918

salt before 2015.5.5 leaks git usernames and passwords to the log...

UBUNTU-CVE-2015-6918

salt before 2015.5.5 leaks git usernames and passwords to the log...

CVE-2015-6918

salt before 2015.5.5 leaks git usernames and passwords to the log...

CVE-2015-6918

CVE-2015-6918 affects Salt (before 2015.5.5), where git usernames and passwords are leaked to log files due to an information-disclosure vulnerability. Public records across multiple sources (NVD entry for CVE-2015-6918, OSV/Ubuntu USN-4769-1, and related advisories) confirm this issue alongside ...

CVE-2015-6918

Removed by vendor...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Remote Code Execution (RCE)

github.com/golang/go is vulnerable to remote code execution RCE. If custom domains are used, a malicious user can set a domain example.com/proj1 to point to a subversion repository and another domain example.com/proj1/proj2 to point to a git repository. When the go get command is run, arbitrary...

Ubuntu: Security Advisory (USN-3438-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3438-1: Git vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3438-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3438-1 advisory. It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell...

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git...

CVE-2017-15041

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git...

Design/Logic Flaw

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git...