15 matches found
CVE-2026-53571
CVE-2026-53571 affects the Vite dev server. On Windows, the denial mechanism implemented by the option server.fs.deny fails to normalize NTFS ADS path forms before access checks, allowing bypasses such as /.env::$DATA?raw and access via 8.3 short-name tricks. This can enable exposure of sensitive...
JLSEC-2025-182 An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
EUVD-2020-4591
Malware in sbrugna...
RHEL 8 : libgit2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux CVE-2020-12279 - A...
CentOS 8 : git (CESA-2019:4356)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4356 advisory. - git: Arbitrary path overwriting via export-marks in-stream command feature CVE-2019-1348 - git: Recursive submodule cloning allows using git director...
The Tetrade: Brazilian banking malware goes global
Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the worlds busiest and most creative perpetrators of cybercrime. Like their counterparts in China and Russia, their cyberattacks have a stron...
CVE-2020-12278
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
Remote code execution
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10 v.1803 17134.407 Tested on: Windows 7, 8.0, 8.1, 10, Serve...
Microsoft Windows 10 - Theme API ThemePack File Parsing
Microsoft Windows 10 - Theme API ThemePack File Parsing Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10...
Oracle Linux 8 : git (ELSA-2019-4356)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4356 advisory. - Remote code execution in recursive clones with nested submodules Resolves: CVE-2019-1387 Tenable has extracted the preceding description block direct...
Amazon Linux AMI : git (ALAS-2019-1325)
The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.CVE-2019-1348 When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. ...
IT-Grundschutz M4.332: Sichere Konfiguration der Zugriffssteuerung bei einem Samba-Server
IT-Grundschutz M4.332: Sichere Konfiguration der Zugriffssteuerung bei einem Samba-Server Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4332.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.332 Authors: Thomas Rotter Copyright: Copyright c 20...
Check if NTFS Access Control Lists and NTFS Alternate Data Streams supported
Check if NTFS Access Control Lists and NTFS Alternate Data Streams supported. OpenVAS Vulnerability Test $Id: GSHBSSHSAMBAntfsACLADS.nasl 7152 2017-09-15 14:36:54Z cfischer $ Check if NTFS Access Control Lists and NTFS Alternate Data Streams supported Authors: Thomas Rotter Copyright: Copyright c...
CVE-2006-1475
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams ADS filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windo...