DSA-3934-1 git - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3934-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : git (ELSA-2017-2004)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2004 advisory. - dissalow repo names beginning with dash Resolves: CVE-2017-8386 - do not put unsanitized branch names in Resolves: CVE-2014-9938 Tenable has extracte...

git security and bug fix update

1.8.3.1-11 - dissalow repo names beginning with dash Resolves: CVE-2017-8386 -1.8.3.1-10 - do not put unsanitized branch names in Resolves: CVE-2014-9938 -1.8.3.1-9 - add control of GSSAPI credential delegation to enable HTTPS-SSO authentication Resolves: 1369173 1.8.3.1-8 - remove needles check ...

WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

RedHat Update for git RHSA-2017:2004-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mercure - A Tool For Security Managers Who Want To Train Their Colleague To Phishing

Mercure is a tool for security managers who want to teach their colleagues about phishing. What Mercure can do: Create email templates Create target lists Create landing pages Handle attachments Let you keep track in the Campaign dashboard Track email reads, landing page visits and attachment...

UPDATE: OSRFramework 0.17.0 BlackHat Arsenal Version!

PenTestIT RSS Feed Sometime early last month, I made a post about OSRFramework which was version 0.16.8. A new version of this open sources research framework was released at the recently concluded BlackHat 2017 conference. To be precise, it was released on Wednesday, July 26 in the OSINT Arsenal...

RHEL 7 : git (RHSA-2017:2004)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2004 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

git: Escape out of git-shell

A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted...

git: git-prompt.sh does not sanitize branch names in $PS1

It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repositor...

Moderate: Red Hat Security Advisory: git security and bug fix update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of tools and exploits for various vulnerabilities, including: A payload for the Apache Struts 2 vulnerability CVE-2017-5638 that allows remote code execution. A tool for exploiting the Heartbleed vulnerability CVE-2014-0160 in OpenSSL. A tool for exploiting t...

Phabricator: Credential gets exposed

Create a repo 2. Mirror it to an URL 3. Assign a credential to the mirror 4. I've now had an existing repo, and wanted to change it to mirror only, so that phabricator pulls from an URL instead of self-hosting. I now recived this error msg: Pull of 'Luke081515Bot' failed: Working copy at...

nWatch - Tool for Host Discovery, PortScanning and Operating System Fingerprinting

nWatch is a handy tool for host discovery, portscanning and operating system fingerprinting. Demo video Requirements nmap scapy colorama ctypes Installation and execution Install the requirements Then you can download nWatch by cloning the Git repository: git clone...

CVE-2017-11353

yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which potentially allows access to SSH and PGP keys...

CVE-2017-11353

yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which potentially allows access to SSH and PGP keys...

Race condition

yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which potentially allows access to SSH and PGP keys...

CVE-2017-11353

CVE-2017-11353 affects yadm (yet another dotfile manager) version 1.10.0. The issue is a race condition related to how git commands set permissions for new files and directories, which potentially allows access to SSH and PGP keys. The connected documents provide this description but do not inclu...