2153 matches found
Fedora 24 : git (2017-01a7989fc0)
An issue in git-shell could allow remote users to run an interactive pager. From the update announcement : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' CVE-2017-8386. Th...
SUSE-SU-2017:1432-1 Security update for git
This update for git fixes the following issue: - CVE-2017-8386: git shell, may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' bsc1038395:...
[SECURITY] Fedora 25 Update: mupdf-1.10a-7.fc25
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
NSEarch - Nmap Scripting Engine Search
Nsearch, is a tool that helps you to find scripts that are used by nmap nse , you can search the scripts using differents keyword as the name, category and author, even using all the keyword in a single query,it is also possible to see the documentation of the scripts founded. Requeriments $ pip...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...
USN-3287-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information...
Exploit for Code Injection in Samba
Basic Setup Install Samba version 4.5.9 https://download...
Visual Malware Analysis: ProcDOT
Visual Malware Analysis There are plenty of tools for behavioral malware analysis. The defacto standard ones, though, are Sysinternals’s Process Monitor also known as Procmon and PCAP generating network sniffers like Windump, Tcpdump, Wireshark, and the like. These “two” tools cover almost...
USN-3287-1 git vulnerability
Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information...
USN-3287-1: Git vulnerability
Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information...
[SECURITY] [DLA 938-1] git security update
Package : git Version : 1:1.7.10.4-1+wheezy4 CVE ID : CVE-2017-8386 Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help". For Debian 7 "Wheezy", these...
Debian Security Advisory DSA 3848-1 (git - security update)
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn OpenVAS Vulnerability Test $Id: deb3848.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3848-1...
Mura CMS 7.0.6967 Cross Site Scripting
Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Blue River Interactive Group Product: ======================== Mura CMS Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious website...
CVE-2017-3881: Cisco Catalyst switches remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Your Catalyst switches whether to enable the telnet in? If Yes, it would have to be careful. This article will be to introduce the reader for the equipped with the latest firmware the Catalyst 2960 switch the remote code execution vulnerability proof-of-concept attack technique. Specific exploit...
Schneider Electric Interactive Graphical SCADA DLL Load Remote Code Execution Vulnerability
Schneider Electric Interactive Graphical SCADA System Software is a suite of automation software for process control and supervision of SCADA systems from the French company Schneider Electric SchneiderElectric. A DLL loading remote code execution vulnerability exists in Schneider Electric...
Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability (FG-IR-16-001) (SSH) - Active Check
An undocumented account used for communication with authorized FortiManager devices exists on some versions of FortiOS. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...
Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638
Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...
Interactive Multi User Javascript Shell: JSShell
Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...
Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object using the session moniker the DCOM activator doesn’t check if the current...