Gogs - 'users'/'repos' '?q' SQL Injection

Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github hosting plattform...

Gogs - usersrepos ?q SQL Injection

Gogs - usersrepos ?q SQL Injection Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very simili...

TestLink 1.9.12 Multiple Vulnerabilities

TestLink versions 1.9.12 and below suffer from a path disclosure weakness and below suffer from a PHP object injection vulnerability in execSetResults.php ---------------------------------------------------------------- TestLink "; debugprintbacktrace; echo ""; 211. 212. else 213. 214. echo "";...

Bash Shellshock vulnerability simply explained-vulnerability warning-the black bar safety net

Preface The national day before the analysis of this vulnerability,see the security reference for readers to discuss,made a simple Bash Shellshock vulnerability description. Vulnerability overview Vulnerability the principle of popular point that is to bash the language in the definition of a...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

Bitbucket repository configuration doesn't offer SSH

When you add a new Bitbucket repository, you can only enter a username/password for authentication. If you want to use SSH, you should fallback to the generic 'Git' repository host. SSH should be offered as an option in the Bitbucket configuration. As an intermediate solution you can add a...

Use git-credential-store to avoid exposing plaintext username/password

Using https://username:[email protected] will expose the credentials e.g. in 'ps' when users have SSH access to the server which also runs Bamboo. This can be avoided if Bamboo uses git-credential-store...

Bash through special environment variables code injection attack-vulnerability warning-the black bar safety net

Bash or Bourne again shell, is a UNIX-like shell script, might be any Linux system is the most common mounting Assembly. From 1 9 8 0 year of birth to now, bash has evolved from a simple terminal based command interpreter evolved to many other fancy uses. In Linux, the environment variables...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

CVE-2014-5023

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command...

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

Can't push subtree

As requested in answer to my stackoverflow http://stackoverflow.com/questions/24637748/cant-push-subtree-using-sourcetree post I'm posting this potential bug here. Using a basic schema for git subtree I created 2 repository on Github: "project" and "framework" and made the followings: - Clone...

ViewGit 0.0.6 - Multiple XSS Vulnerabilities

No description provided by source. Vulnerability Report Author: Matthew R. Bucci [email protected] Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit is a git web repository viewer that aims to be easy to set up and upgrade, light on...

Git <= 1.6.3 Parameter Processing Remote Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35338/info Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploit...

gitWeb 1.5.2 - Remote Command Execution

No description provided by source. Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command...

openSUSE Security Update : git (openSUSE-SU-2011:0115-1)

This update fixes two vulnerabilities : XSS vulnerability in gitweb; a remote attacker could craft an URL such that arbitrary content would be inserted to the generated web page. Stack overflow vulnerability that can lead to arbitrary code execution if user runs any git command on a specially...

openSUSE Security Update : git (openSUSE-SU-2013:0380-1)

git imap-send was fixed to do SSL host verification. This can be disabled if necessary in the config file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-170. The text descripti...

openSUSE Security Update : git-web (openSUSE-SU-2011:0705-1)

Users with commit access to repos served by git-web could cause cross site scripting XSS issues with XML files CVE-2011-2186. Due to a differently formatted /etc/mime.types openSUSE is not affected by default. This update nevertheless turns on git-web's XSS protection mechanism to avoid similar...

openSUSE Security Update : git-web (openSUSE-SU-2011:0705-1)

Users with commit access to repos served by git-web could cause cross site scripting XSS issues with XML files CVE-2011-2186. Due to a differently formatted /etc/mime.types openSUSE is not affected by default. This update nevertheless turns on git-web's XSS protection mechanism to avoid similar...