Paragon Initiative Enterprises: Missing GIT tag/commit verification in Docker

in: https://github.com/paragonie/airship/blob/master/docker/Dockerfile.airshipL14-L16 RUN git clone https://github.com/jedisct1/libsodium.git /tmp/sodium WORKDIR /tmp/sodium RUN git checkout tags/1.0.10 The code is fetched from Github without one of: 1. signature verification on relevant tag. GPG...

git-fastclone command execution vulnerability

git-fastclone is a set of tools for cloning git. A command execution vulnerability exists in git-fastclone versions prior to 1.0.5, which stems from a program passing a user-modified string directly to a shell command. The vulnerability can be exploited to execute malicious commands by modifying...

What the Fuzz: Radamsa

What the Fuzz: Radamsa Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs...

GitLab unauthorized access vulnerability can lead to remote command execution-vulnerability warning-the black bar safety net

GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects. 2 0 1 6 years 1 1 months to 3 December, the United States the congregation measured platform HackerOne announce...

CVE-2015-8969

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...

CVE-2015-8968

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

Command injection

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...

Command injection

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

CVE-2015-8968

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

CVE-2015-8969

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...

CVE-2015-8968

CVE-2015-8968 affects git-fastclone prior to 1.0.1, enabling arbitrary shell command execution via .gitmodules when cloning recursively or updating submodules. The exploit occurs through ext helper URLs (git-remote-ext) embedded in submodules, allowing command execution either over cloned repos o...

CVE-2015-8969

Summary: Git-fastclone versions before 1.0.5 pass user-controlled strings directly to a shell command, enabling command injection by altering arguments to “cd” and “git clone”. This is described across CVE-2015-8969 references (NVD, CVE entries, and advisories) and is confirmed by related securit...

[SECURITY] Fedora 23 Update: libgit2-0.23.4-2.fc23

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

[SECURITY] Fedora 24 Update: libgit2-0.24.2-2.fc24

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

[SECURITY] Fedora 25 Update: libgit2-0.24.2-2.fc25

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Spade - Android APK Backdoor Embedder

Quick and handy APK backdoor embedder with metasploit android payloads. Requirements metasploit Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/spade.git cd spade/ ./spade.py Demo video Video YouTube: Download Spade...

Boozt Fashion AB: Git available containing passwords.

Hi, I've found .git repository available on http://████/.git/ Using https://github.com/kost/dvcs-ripper you can download source files, even if directory listing is forbidden. I've managed to download some object files from repository. One of them...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

The vulnerability of the distributed Git version control system allows a hacker to execute arbitrary code.

The vulnerability of the revision.c file in the distributed version control system Git is related to the use of an incorrect integer data type. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a long file name or by manipulating multiple nested trees, resulti...

DyMerge - Dynamic Dictionary Merger

A simple, yet powerful tool - written purely in python - which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based or bruteforce attack. Compatible with Python 2.6+. Author: Nikolaos Kamarinakis nikolaskama.me...