Apple Xcode < 6.2 beta 3 .git/config Command Execution (Mac OS X) (deprecated)

The remote Mac OS X host has a version of Apple Xcode prior to 6.2 beta 3. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a...

USN-2470-1 git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that...

USN-2470-1: Git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that...

Ubuntu 14.04 LTS : Git vulnerability (USN-2470-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2470-1 advisory. Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute...

Redmine plugin redmine_git_hosting arbitrary command execution vulnerability

Redmine is the open source project management web application . An arbitrary command execution vulnerability exists in the Redmine plugin redminegithosting, which allows remote attackers to exploit the vulnerability to execute arbitrary commands...

Malicious Git And Mercurial HTTP Server For CVE-2014-9390

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390', 'Description' = %q This module exploits CVE-2014-9390, which affects Git...

Microsoft Visual Studio .git\config Command Execution

The version of Visual Studio installed on the remote host is affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a user's '.git/config'...

Malicious Git and Mercurial HTTP Server For CVE-2014-9390

This module exploits CVE-2014-9390, which affects Git versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and Mercurial versions less than 3.2.3 and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be...

Git for Windows Detection

Binary data gitforwindowsinstalled.nbin...

Git for Windows .git/config Command Execution

The version of Git for Windows also known as msysGit installed on the remote host is prior to 1.9.5. It is, therefore, affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a...

[SECURITY] Fedora 21 Update: eclipse-jgit-3.5.3-1.fc21

A pure Java implementation of the Git version control system...

[SECURITY] Fedora 21 Update: eclipse-egit-3.5.3-1.fc21

The eclipse-egit package contains Eclipse plugins for interacting with Git repositories...

CVE-2013-4663

githttpcontroller.rb in the redminegithosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the service parameter to info/refs, related to the getinforefs function or 2 the reqfile argument to the fileexists function...

CVE-2013-4663

githttpcontroller.rb in the redminegithosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the service parameter to info/refs, related to the getinforefs function or 2 the reqfile argument to the fileexists function...

CVE-2013-4663

The CVE-2013-4663 entry concerns the redmine_git_hosting plugin for Redmine. The vulnerability is in git_http_controller.rb, where remote attackers can execute arbitrary commands by supplying shell metacharacters in (1) the service parameter to info/refs (get_info_refs function) or (2) the reqfil...

About. git/config file leaked use-vulnerability warning-the black bar safety net

The beginning is also from the dark clouds that have such a vulnerability, many do not understand the might see on will feel a little confused, in fact, this vulnerability and svn leakage there is so little similar, can also according to the configuration file to restore the entire project proces...

Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

MGASA-2014-0546 Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

GitHub < 1.9.4 .git/config Command Execution (Mac OS X)

The remote Mac OS X host has a version of GitHub prior to 194 installed. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a...

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the .gi...