Page 11 of 55 results (0.011 seconds)

CVSS: 4.6EPSS: 0%CPEs: 85EXPL: 0

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. gitweb/gitweb.perl en gitweb en Git 1.6.x anteriores a v1.6.0.6, 1.5.6.x anteriores a v1.5.6.6, 1.5.5.x anteriores a v1.5.5.6, 1.5.4.x anteriores a v1.5.4.7, y otras versiones posteriores a v1.4.3 permite a los propietarios del repositorio ejecutar comandos de su elección por modificación de la configuración de la variable diff.external y ejecutando una consulta manipulada gitweb. • http://marc.info/?l=git&m=122975564100860&w=2 http://marc.info/?l=linux-kernel&m=122975564100863&w=2: http://osvdb.org/50918 http://secunia.com/advisories/33282 http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4922 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall.com/lists/oss-security/2009/01/15/2 http://www.openwall.com/lists/oss-security/2009/01/20/2 http: • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 117EXPL: 0

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. gitWeb version 1.x suffers from a remote command execution vulnerability. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=c582abae http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4919 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 29%CPEs: 51EXPL: 1

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. gitWeb version 1.x suffers from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/11497 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=516381d5 http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwa • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Desbordamiento de búfer basado en pila de las funciones (1) diff_addremove y (2) diff_change en GIT versiones anteriores a la 1.5.6.4, podría permitir a usuarios locales ejecutar código arbitrariamente a través de un PATH de longitud mayor a PATH_MAX del sistema cuando se ejecutan las utilidades GIT como git-diff o git-grep. • http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 http://secunia.com/advisories/31347 http://secunia.com/advisories/31780 http://secunia.com/advisories/32029 http://secunia.com/advisories/32384 http://secunia.com/advisories/33964 http://security.gentoo.org/glsa/glsa-200809-16.xml http://wiki.rpath.com/Advisories:rPSA-2008-0253 http://www.debian.org/security/2008/dsa-1637 http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 8%CPEs: 13EXPL: 0

Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. • http://lwn.net/Articles/169623 http://secunia.com/advisories/18643 http://www.securityfocus.com/bid/16417 http://www.vupen.com/english/advisories/2006/0367 https://exchange.xforce.ibmcloud.com/vulnerabilities/24360 •