Git: Arbitrary command execution

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to...

Git -- Execute arbitrary code

Git release notes: Some protocols like git-remote-ext can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources e.g., .gitmodules files in a remote repository, and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to...

Updated cgit package fixes security vulnerability

cgit in Mageia 4/5 bundles an old git that is being subject to a minor security issue CVE-2014-9390. The cgit package was updated to its latest upstream release, and updates the bundled git to the non-vulnerable version 2.5.0, which contains various bug fixes...

Web Server Exposed Git Repository Information Disclosure

An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information...

Network Monitoring System: LibreNMS

LibreNMS is an autodiscovering PHP/MySQL/SNMP based network monitoring tool which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more. LibreNMS is a community-based fork of Observium. Install On t...

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

Windows shell: Babun

Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Installation Just download the dist file from http://babun.github.io , unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to t...

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories. Not yet officially announced, but Google started providing free beta access to its new...

openSUSE Security Update : cgit (openSUSE-2015-436)

The git web frontend cgit was updated to 0.11.2 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file systems in git. Malicious commits could affect client users on all platforms using...

Ubuntu 14.04 LTS : GNU patch vulnerabilities (USN-2651-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2651-1 advisory. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could...

Fedora 22 : fusionforge-5.3.2-4.fc22 (2015-9324)

Security fix for CVE-2015-0850 CVE-2015-0850: Prevent arbitrary command execution via clone URL parameter of the method to create secondary Git repositories. Found by Ansgar Burchardt . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

MITMf - Framework for Man-In-The-Middle attacks

Framework for Man-In-The-Middle attacks Available plugins SMBtrap - Exploits the 'SMB Trap' vulnerability on connected clients Screenshotter - Uses HTML5 Canvas to render an accurate screenshot of a clients browser Responder - LLMNR, NBT-NS, WPAD and MDNS poisoner SSLstrip+ - Partially bypass...

[SECURITY] [DSA 3275-1] fusionforge security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...

FusionForge Git plugin is vulnerable

FusionForge is a collaborative team development environment , its main features include communication tools such as forums , news , etc. , development tools such as bug tracking , project management , etc. and community tools such as file distribution , software classification , etc..Git is one o...

CVE-2015-0850

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

Code injection

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

CVE-2015-0850

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

CVE-2015-0850

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository...

CVE-2015-0850

The CVE-2015-0850 entry pertains to FusionForge’s Git plugin prior to 6.0rc4, where a vulnerability in the Git repository-creation parameter path allows remote arbitrary code execution. Affected component: FusionForge Git plugin (before 6.0rc4). Root cause: inadequate input handling when creating...

[SECURITY] [DSA 3275-1] fusionforge security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...