30 matches found
The vulnerability of the distributed Git version control system, related to insufficient validation of input data, allows a hacker to execute arbitrary operating system commands.
The vulnerability of the distributed Git version control system is related to the use of insecure Perl scripts for supporting subcommands such as cvsserver. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands on behalf of the git user remotely...
CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
Design/Logic Flaw
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...
DNS visualization: DNSViz
DNSViz is a tool for assessing the health of DNS deployments by issuing diagnostic queries, assessing the responses, and outputting the results in one of several formats. The assessment may be directed towards recursive or authoritative DNS servers, and the output may be textual, graphical, or...
GLSA-200802-06 : scponly: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200802-06 scponly: Multiple vulnerabilities Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner CVE-2007-6350. It has also been discovered that scponly does not filter the -o and -...
CVE-2007-6350
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...
Design/Logic Flaw
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...
CVE-2007-6350
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...
CVE-2007-6350
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including 1 unison, 2 rsync, 3 svn, and 4 svnserve, as originally demonstrated by creating a Subversion SVN repository with malicious hooks, then using svn ...
CVE-2007-6350
CVE-2007-6350 affects scponly 4.6 and earlier, where remote authenticated users could bypass restrictions and execute code by abusing certain subcommands (unison, rsync, svn, svnserve) via a malicious SVN repository and hooks to trigger execution. Public references show Fedora advisories (2008-17...