Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read

Source: https://code.google.com/p/google-security-research/issues/detail?id=659 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

DEBIAN-CVE-2016-1900

CRLF injection vulnerability in the cgitprinthttpheaders function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via newline...

UBUNTU-CVE-2016-1900

CRLF injection vulnerability in the cgitprinthttpheaders function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via newline...

AVM FRITZ!Box 6.30 - Remote Buffer Overflow

AVM FRITZ!Box 6.30 - Remote Buffer Overflow Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device...

USN-2835-1 git vulnerability | Cloud Foundry

USN-2835-1 git vulnerability Medium Vendor git Versions Affected Ubuntu 14.04 Description Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting...

Debian DSA-3435-1 : git - security update

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3435-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3435-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS January 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3435-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3435-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS January 05, 2016 https://www.debian.org/security/faq -...

DSA-3435-1 git - security update

Bulletin has no description...

Apple Xcode < 7.2 Multiple Vulnerabilities (Mac OS X)

The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.2. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to a flaw in the otools component that is triggered when handling Mach-O files. A remote attacker c...

Debian Security Advisory DSA 3435-1 (git - security update)

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs. OpenVAS Vulnerability Test $Id: deb3435.nasl 6608 2017-07-07...

Debian: Security Advisory (DSA-3435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KODExplorer Web File Manager Cross Site Scripting

================================================================================ KODExplorer web file manager - Cross Site Scripting ================================================================================ Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ - http://kalcaddle.com/...

Git远程命令执行漏洞

No description provided by source...

SUSE SLES12 Security Update : Recommended update for git (SUSE-SU-2015:2325-1)

The git package was updated to fix the following security issue : - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...

Scientific Linux Security Update : git on SL7.x x86_64 (20151208)

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system...

点到为止之阔知网络git泄露（第二弹）

简要描述： 据说杭州的厂商都不错,每次提交的漏洞都能收到小礼物。 上一次提交了你们没有礼物,这次该有了吧? 详细说明： 官网：http://www.topxia.com git文件泄露： http://www.topxia.com/.git/config 如图： 漏洞证明： core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true remote "origin" url =...

SUSE-SU-2015:2025-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

SUSE-SU-2015:2325-1 Recommended update for git

The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules bsc948969...

Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=660 The following crash due to a static out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...