GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution

The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell. An unauthenticated, remote attacker can...

gitWeb 1.5.2 - Remote Command Execution

gitWeb 1.5.2 - Remote Command Execution Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind...

Command injection

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2010-0394

The CVE concerns trac-git (Trac Git plugin) where PyGIT.py allows remote code execution by passing shell metacharacters in a crafted HTTP query to generate a git command. Affected: Debian/Ubuntu packaging of trac-git prior to 0.0.20080710-3+lenny1 (and prior to 0.0.20090320-1 in newer releases); ...

Debian Security Advisory DSA 1841-2 (git-core)

The remote host is missing an update to git-core announced via advisory DSA 1841-2. OpenVAS Vulnerability Test $Id: deb18412.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 1841-2 git-core Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Debian: Security Advisory (DSA-1841)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA-1990-1] New trac-git packages fix code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1990-1 [email protected] http://www.debian.org/security/ Florian Weimer February 03, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-1] New trac-git packages fix code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-1 [email protected] http://www.debian.org/security/ Florian Weimer February 03, 2010 http://www.debian.org/security/faq -...

DSA-1990-2 trac-git - regression fix

Bulletin has no description...

DSA-1990-1 trac-git - code execution

Bulletin has no description...

[SECURITY] [DSA 1841-2] New git-core packages fix build failure

------------------------------------------------------------------------ Debian Security Advisory DSA-1841-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 31, 2010 http://www.debian.org/security/faq -...

DSA-1841-2 git-core - correct build failure introduced in DSA-1841-1

Bulletin has no description...

Perl UTF-8规则表达式处理远程拒绝服务漏洞

Bugraq ID: 36812 CVE ID： CVE-2009-3626 Perl是一款流行的网络编程语言。 Perl在处理包含在规则表达式中使用UTF-8字符的字符串时存在错误，远程攻击者可以利用漏洞使解释器崩溃。 提交包含大量非法的UTF-8字符的邮件消息，给使用Perl的应用程序解析，可导致解析器崩溃。 Larry Wall Perl 5.10.1 + Turbolinux Home + Turbolinux Turbolinux Desktop 10.0 厂商解决方案 GIT库已经修正此漏洞，建议用户下载使用：...

[SECURITY] Fedora 10 Update: ikiwiki-2.72-2.fc10

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...