10041 matches found
Directory traversal
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...
DEBIAN-CVE-2015-1395
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...
CVE-2015-1395
CVE-2015-1395 is a directory traversal vulnerability in GNU patch that affects versions before 2.7.3. An attacker can write to arbitrary files with the permissions of the target user via a .. in a diff file name. The vulnerability is referenced in multiple advisories across Linux distros (e.g., E...
CVE-2015-1395
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...
CentOS 7 : git (CESA-2017:2004)
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
CentOS 7 : git (CESA-2017:2484)
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
emacs, git, gitk, gitweb, perl security update
CentOS Errata and Security Advisory CESA-2017:2484 An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
emacs, git, gitk, gitweb, perl security update
CentOS Errata and Security Advisory CESA-2017:2004 An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CloudBees Jenkins Git Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed tasks . Git Plugin is one of the plug-ins used to manage the...
UPDATE: OSRFramework 0.17.2
PenTestIT RSS Feed My last post about this open sources research framework was approximately three weeks ago. Recently, two new versions were released in quick succession - 0.17.1 & OSRFramework 0.17.2. This post covers the changes and advancements made to both these versions. What is OSRFramewor...
Scientific Linux Security Update : git on SL7.x x86_64 (20170817)
Security Fixes : - A shell command injection flaw related to the handling of 'ssh' URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a 'clone' action on a malicious...
Scientific Linux Security Update : git on SL7.x x86_64 (20170801)
Security Fixes : - It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell t...
SUSE-SU-2017:2225-1 Security update for git
This update for git fixes the following issues: - CVE-2017-1000117: an argument injection in SSH URLs could lead to client-side code execution bsc1052481...
git-annex Arbitrary Command Execution Vulnerability
git-annex is a distributed file synchronization system. A security vulnerability exists in git-annex versions prior to 6.20170818. A remote attacker can use an ssh URL with an initial dash in the hostname to execute arbitrary commands...
CVE-2017-12976
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...
Sql injection
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...
UBUNTU-CVE-2017-12976
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...
DEBIAN-CVE-2017-12976
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-12976
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-12976
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...