CVE-2017-11353

yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which potentially allows access to SSH and PGP keys...

Fedora 26 : php-pear-PHP-CodeSniffer (2017-b85d51cc47)

Version 3.0.1 - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrade to...

Fedora 26 : git (2017-7ea0e02914)

An issue in git-shell could allow remote users to run an interactive pager. From the update announcement : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' CVE-2017-8386. Th...

Fedora 26 : tcpreplay (2017-8306577cc7)

Here is what is fixed in this release : - Fix reporting of rates 1Mbps 348 - Option --unique-ip not working properly 346 ---- Features and fixes include : - MAC rewriting capabilities by Pedro Arthur 313 - Fix several issues identified by Coverity 305 - Packet distortion --fuzz-seed option by...

CVE-2017-1000092

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...

smap - Shellcode Mapper

Handy tool for shellcode analysis. Demo video Requirements objdump Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/smap.git cd smap/ python smap.py -h get shellcodes @ http://shell-storm.org/shellcode/,...

TorStat - Tor Statistics

Tor Statistics Requirements ProxyChains Optional - only if you need more features to work Colorama psutil Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/TorStat.git cd TorStat/ proxychains python TorStat.py Demo video F...

Grab: Git repository found

Git metadata directory .git was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source...

Git downloads over HTTP

SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS...

Git downloads over HTTP

SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS...

PDNS Manager Remote Command Execution Vulnerability

Exploit for php platform in category web applications Details ======= Product: PDNS Manager Affected Versions: Git master 3bf4e28 2016-12-12 - 2bb00ea 2017-05-22 Fixed Versions: = Git Commit ccc4232 Vulnerability Type: Remote Command Execution Vendor URL: https://pdnsmanager.lmitsystems.de/ Vendo...

Advanced Hash Manipulation: Dagon

Advanced Hash Manipulation Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, an...

Mail.ru: [sputnik.mail.ru] Publicly accessible GIT directory

Publicliy accessible git-related file in sputnik.mail.ru sputnik.mail.ru is not currently covered with bug bounty program...

Mail.ru: [gamesventures.mail.ru] Publicly accessible GIT directory

Publicliy accessible git-related file in gamesventures.mail.ru gamesventures.mail.ru is not currently covered with bug bounty program...

Amazon Linux AMI : git (ALAS-2017-842)

Escape out of git-shell A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command...

GLSA-201706-04 : Git: Security bypass

The remote host is affected by the vulnerability described in GLSA-201706-04 Git: Security bypass Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact : A remote attacker could possibly bypass security restrictions and access sensitive information...

Git: Security bypass

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact A remote attacker...

Medium: git

Issue Overview: Escape out of git-shell A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of t...

MGASA-2017-0153 Updated git packages fix security vulnerability

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help" CVE-2017-8386...

Updated git packages fix security vulnerability

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help" CVE-2017-8386...