Git gitweb Multiple Parameter XSS

The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'f' and 'fp' parameters before using it to generate dynamic HTML. An attacker may be able to leverage this issue t...

(gitweb): XSS due to missing escaping of HTML element attributes

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

DEBIAN-CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

CVE-2010-3906

CVE-2010-3906 is an XSS in gitweb (Git web interface) for Git versions up to 1.7.3.3 and earlier, exploitable via the f and fp parameters to craft arbitrary script/HTML. Multiple advisories report remote injection through gitweb, with openSUSE openSUSE-SU-2011:0115-1 and Debian backports patches ...

CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

Gitweb <=1.7.3.3 Cross Site Scripting

Exploit for cgi platform in category web applications -8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure 0day.today...

Security fix for the ALT Linux 10 package git version 1.7.3.4-alt1

Dec. 16, 2010 Dmitry V. Levin 1.7.3.4-alt1 - Updated to maint v1.7.3.4 fixes an XSS in gitweb, see CVE-2010-3906...

Security fix for the ALT Linux 8 package git version 1.7.3.4-alt1

Dec. 16, 2010 Dmitry V. Levin 1.7.3.4-alt1 - Updated to maint v1.7.3.4 fixes an XSS in gitweb, see CVE-2010-3906...

Gitweb 1.7.3.3 Cross Site Scripting

-8 Description 8--8 Proof Of Concept 8- " -8 Credits 8--8 Notes 8--8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...

gitWeb 1.7.3.3 - Cross-Site Scripting

gitWeb 1.7.3.3 - Cross-Site Scripting -8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...

gitWeb 1.7.3.3 - Cross-Site Scripting

-8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...

TeX Live predospecial()函数.dvi文件解析整数溢出漏洞

BUGTRAQ ID: 39500 CVECAN ID: CVE-2010-0739 TeX Live是用于创建TeX排版系统的工具。 TeX Live的dospecial.c文件中的predospecial函数在处理.dvi文件时存在最终可导致堆溢出的整数溢出漏洞。用户受骗打开了畸形的.dvi文件就可以触发这个溢出，导致以运行应用程序用户的权限执行任意代码。 TeX Live 3.0 TeX Live 2008 TeX Live 2007 TeX Live 2.0 TeX Live 1.0 厂商补丁： RedHat ------...

gitWeb v1.5.2 Remote Command Execution

No description provided by source. Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command...

gitWeb 1.x Remote Command Execution

Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.X Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code:...

gitWeb 1.5.2 - Remote Command Execution

Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind command execution ; Vulnerable functions in...