9928 matches found
Apple Xcode git client unauthorized files access
Invali processing of characters case in special files names...
GitHub for Windows < 2.6.5 .git/config Command Execution
The version of GitHub for Windows installed on the remote host is prior to 2.6.5. It is, therefore, affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tre...
FreeBSD : git -- Arbitrary command execution on case-insensitive filesystems (1d567278-87a5-11e4-879c-000c292ee6b8)
The Git Project reports : When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...
Git client vulnerability is discovered affecting Windows and OS X versions-bug warning-the black bar safety net
Git project release Git v2. 2. 1, The fixed a effects Windows and Mac OS X client security vulnerabilities. Linux, although not affected, but if the Linux hosting services with Windows and OS X user, so as to protect the user Best or to upgrade to the latest version. Issues related to...
GitHub Fixes Critical Vulnerability, Urges Users to Update Immediately
GitHub is strongly encouraging all Mac OS X and Windows users of GitHub and GitHub Enterprise to update their Git clients as soon as possible. The GMANE mailing list published the details of a critical arbitrary code execution vulnerability affecting all versions of the official Git client and al...
Critical Git Client vulnerability Allows Malicious Remote Code Execution
Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. T...
UBUNTU-CVE-2014-9390
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...
git -- Arbitrary command execution on case-insensitive filesystems
The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...
CVE-2014-9390
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...
Update Embedded git version
Today was announced that Git contains "A critical Git security vulnerability". It would be nice that in the options panel of sourcetree on the tab git, the button "Update embedded git" downloads the latest version of git 1.9.5. https://github.com/blog/1938-git-client-vulnerability-announced...
GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390', 'Description' = %q This module exploits CVE-2014-9390, which affect...
gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution
The gollum-gritadapter gem contains a flaw that can allow arbitrary command execution. Grit implements its search functionality by shelling out to git grep. In turn, git grep takes a -O or --open-files-in-pages option that will pipe the results of grep to an arbitrary process. By failing to...
CVE-2014-8683 XSS in Gogs Markdown Renderer
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github...
CVE-2014-8682
Gogs (Go Git Service) is affected by SQL injection via the q parameter in the API endpoints /api/v1/repos/search and /api/v1/users/search. The vulnerability stems from improper handling in the repository and user search code paths (models/repo.go and models/user.go) across Gogs versions 0.3.1-9 t...
CVE-2014-8681
CVE-2014-8681 affects Gogs (Go Git Service). The GetIssues function in models/issue.go has a SQL injection flaw exploitable via the label parameter in user/repos/issues, impacting Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta. Documents indicate remote attackers can execute arbitra...
CVE-2014-8683
CVE-2014-8683 describes a Cross-Site Scripting (XSS) flaw in Gogs (Go Git Service). The vulnerability affects Gogs versions 0.3.1-9 through 0.5.x before 0.5.8 and is triggered via the text parameter to the API endpoint api/v1/markdown, allowing injection of arbitrary web script/HTML. The root cau...
Fedora 20 : icecream-1.0.1-8.20140822git.fc20 (2014-10468)
This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...
Fedora 19 : icecream-1.0.1-8.20140822git.fc19 (2014-10366)
This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. CVE-2014-4607 Note that Tenable Network Security has extracted the preceding description block directly from the Fedo...
Gogs Markdown Renderer Cross Site Scripting Vulnerability
Gogs markdown renderer suffers from a cross site scripting vulnerability. Versions 0.3.1-9-g49dc57e are affected. XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. tak...
Gogs - label SQL Injection
Gogs - label SQL Injection Blind SQL Injection in Gogs label search ======================================== Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...