9928 matches found
Hide passwords in ps aux for https git tasks
When git checkout tasks configured to use HTTPS run, the user and password are exposed in ps aux: noformat bamboo 15138 0.0 0.0 86752 2224 ? S May20 0:00 git-remote-https https://gituser:[email protected]/scm/consumer/XXXX.git...
WPScan - WordPress Security Scanner
WPScan is a black box WordPress vulnerability scanner. Features Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration from generator meta tag and from client side files Vulnerability enumeration based on version Plugin enumeratio...
[oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont
ANNOUNCE XOrg Security Advisory: Multiple issues in libXfont.eml Тема: ANNOUNCE X.Org Security Advisory: Multiple issues in libXfont От: Alan Coopersmith [email protected] Дата: 13.05.2014 19:08 Кому: [email protected] Копия: [email protected], [email protected] X.Org Securi...
pty race
The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...
OpenSSL ECDSA Nonces恢复漏洞
CVE ID:CVE-2014-0076 OpenSSL是一款开放源码的SSL实现,用来实现网络通信的高强度加密。 OpenSSL椭圆曲线签名与校验ECDSA实现存在错误,允许攻击者通过FLUSH+RELOAD缓存边道攻击来获取nonce值并之后得出私钥。 0 OpenSSL 1.x 用户可参考厂商的GIT库以获得补丁修复此漏洞: http://www.openssl.org/...
Linux Kernel信息泄漏漏洞(CVE-2014-2568)
Bugtraq ID:66348 CVE ID:CVE-2014-2568 Linux Kernel是一款开源的操作系统。 Linux Kernel skbzerocopy拷贝skb到用户空间缓冲区时存在安全漏洞,允许攻击者利用漏洞获取敏感内存信息,导致敏感信息泄漏。 0 Linux Kernel 用户可参考厂商的GIT库以获得补丁修复此漏洞: https://lkml.org/lkml/2014/3/20/421...
Linux netback crash trying to disable due to malformed packet
ISSUE DESCRIPTION When Linux's netback sees a malformed packet, it tries to disable the interface which serves the misbehaving frontend. This involves taking a mutex, which might sleep. But in recent versions of Linux the guest transmit path is handled by NAPI in softirq context, where sleeping i...
Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)
New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...
FreeType 'src/cff/cf2hints.c'远程栈缓冲区溢出漏洞
Bugtraq ID:66074 CVE ID:CVE-2014-2240 FreeType是一个流行的字体函数库。 FreeType 'src/cff/cf2hints.c' cf2hintmapbuild函数处理'stem hints'存在一个越界基于栈的读/写漏洞,允许攻击者利用漏洞构建恶意字体,诱使应用解析,可使应用程序崩溃。 0 FreeType 2.5.3 厂商补丁: FreeType ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞:...
FreeType 'src/cff/cf2ft.c'远程拒绝服务漏洞
BUGTRAQ ID: 66292 CVE ID:CVE-2014-2241 FreeType是一个流行的字体函数库。 FreeType 'src/cff/cf2ft.c'中的cf2initLocalRegionBuffer, cf2initGlobalRegionBuffer函数存在一个断言失败错误,允许攻击者利用漏洞构建恶意字体,诱使应用解析,可使应用程序崩溃。 0 FreeType 2.5.3 厂商补丁: FreeType ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞:...
[SECURITY] Fedora 19 Update: ikiwiki-3.20140125-1.fc19
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...
GLSA-201401-06 : Git: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201401-06 Git: Privilege escalation Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact : A local attacker could gain escalated privileges via a specially crafted git repository. Workaround...
Git: Privilege escalation
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git contains a stack-based buffer overflow in the isgitdirectory function in setup.c. Impact A local attacker could ga...
[SECURITY] Fedora 19 Update: gitolite3-3.5.3.1-1.fc19
Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...
Gitlab 6.0 - Persistent Cross-Site Scripting
Gitlab 6.0 - Persistent Cross-Site Scripting Exploit-DB note: Tested commit 10b0b8f1797e6c09b4c063c04a4864ecd31d34f4 Exploit Title: gitlab persistent xss exploit Date: 12/16/2013 Exploit Author: hellok Vendor Homepage: gitlab.org !/bin/sh author hellok for file format ext pwn for gitlab 12/16/201...
libguestfs security, bug fix, and enhancement update
1:1.20.11-2 - Fix CVE-2013-4419: insecure temporary directory handling for guestfish's network socket resolves: rhbz1019737 1:1.20.11-1 - Rebase to libguestfs 1.20.11. resolves: rhbz958183 - Remove buildnet: builds now detect network automatically. - The rhel-6.x branches containing the patches...
Archlinux Ultimate Install Script
Install and configure archlinux has never been easier! You can try it first with a virtualbox Prerequisites A working internet connection Logged in as ‘root’ How to get it With git Increase cowspace partition: mount -o remount,size=2G /run/archiso/cowspace Get list of packages and install git:...
Bamboo exposes username and password if Git checkout fails.
If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...
Bamboo exposes username and password if Git checkout fails.
If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...
git / Apple Xcode certificate spoofing
Git certificate spoofing...