229 matches found
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
Improper access control
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22861
GitHub Enterprise Server vulnerability CVE-2021-22861: An improper access control issue allowed authenticated users to write to unauthorized repositories via crafted pull requests and REST API calls. Affected versions include ranges listed in PT-2021-15234: 2.4.21–2.20.23, 2.21.0–2.21.14, 2.22.0–...
GitHub Enterprise Server 安全漏洞
GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...
Halogen - Automatically Create YARA Rules From Malicious Documents
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -h usage: halogen.py -h -f FILE -d DIR -n NAME --png-idat --jpg-sos Halogen: Automatically create yara rules based on images embedded in office...
GitHub Security Lab: 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
X64Dbg - An Open-Source X64/X32 Debugger For Windows
An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog! Screenshots Installatio...
Git All The Payloads! A Collection Of Web Attack Payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...
React Prereleases-Preparing for the Future
By Owais Sultan Recently, React has come up with prerelease channels to update users with the latest changes taking place in the React ecosystem. They spoke about this through a blog published on their React website. React relies on an open-source community to report bugs, open pull requests and...
[SECURITY] Fedora 29 Update: pagure-5.3-1.fc29
Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...
BeEF - The Browser Exploitation Framework Project
What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...
XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit
XSRFProbe is an advanced Cross Site Request Forgery CSRF/XSRF Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate maliciously exploitable...
Wordlistctl - Fetch, Install And Search Wordlist Archives From Websites And Torrent Peers
Script to fetch, install, update and search wordlist archives from websites offering wordlists with more than 1800 wordlists available. In the latest version of the Blackarch Linux it has been added to /usr/share/wordlists/ directory. Installation pacman -S wordlistctl Usage sepehrdad@blackarch-d...
ExchangeRelayX - An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)
Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...
Kallithea < 0.3.2 Multiple Vulnerabilities
Kallithea is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kallithea:kallithea"; ifdescripti...
Atlassian Bitbucket Server Directory Traversal Vulnerability
Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A directory traversal vulnerability exists in the pull requests resource in Atlassian...
CVE-2016-3114
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...
Design/Logic Flaw
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access...