[SECURITY] [DSA 3984-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3984-1 [email protected] https://www.debian.org/security/ Florian Weimer September 26, 2017 https://www.debian.org/security/faq -...

Code injection

The D-Bus security policy files in /etc/dbus-1/system.d/.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged git master on 2015-01-19,...

DSA-3984-1 git - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3984-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 8 package git version 2.10.5-alt1

Sept. 22, 2017 Dmitry V. Levin 2.10.5-alt1 - 2.10.4 - 2.10.5 fixes: CVE-2017-14867...

Security fix for the ALT Linux 10 package git version 2.10.5-alt1

Sept. 22, 2017 Dmitry V. Levin 2.10.5-alt1 - 2.10.4 - 2.10.5 fixes: CVE-2017-14867...

CVE-2017-12148

A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

About the security content of Xcode 9

About the security content of Xcode 9 This document describes the security content of Xcode 9. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...

git: Command injection via malicious ssh URLs

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...

Important: Red Hat Security Advisory: Red Hat Mobile Application Platform security update

An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: Red Hat Mobile Application Platform security update

An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

GLSA-201709-10 : Git: Command injection

The remote host is affected by the vulnerability described in GLSA-201709-10 Git: Command injection Specially crafted ssh://... URLs may allow the owner of the repository to execute arbitrary commands on clients machine if those commands are already installed on the clients system. This is...

Git: Command injection

Background Git is a small and fast distributed version control system designed to handle small and large projects. Description Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the...

UPDATE: Gloom-Framework v1.7.5

PenTestIT RSS Feed Update time guys! Please refer my initial blog post about this open source penetration testing framework for Kali Linux. I just saw that it has been updated and we now have Gloom-Framework v1.7.5 with new features and a lot of bug fixes. Actually, it was updated quiet a number ...

CrackLord - Queue and Resource System For Cracking Passwords

CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...

jenkins-plugin-git: CSRF vulnerability allows capturing credentials (SECURITY-528)

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...

EulerOS 2.0 SP2 : git (EulerOS-SA-2017-1188)

According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially craft...

EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1187)

According to the versions of the git package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially craft...

Exploit for Buffer Underflow in Microsoft

github 军火库 web，安全，渗透，军火库 漏洞及渗透练习平台： WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy Damn Vulnerable Web Application漏洞练习平台 https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台，like OWASP Node Goat...