Page 20 of 99 results (0.006 seconds)

CVSS: 7.5EPSS: 1%CPEs: 117EXPL: 0

CVE-2008-5516 – gitWeb 1.x Remote Command Execution

https://notcve.org/view.php?id=CVE-2008-5516

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.5, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados con git_search. gitWeb version 1.x suffers from a remote command execution vulnerability. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=c582abae http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://securityreason.com/securityalert/4919 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwall • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 29%CPEs: 51EXPL: 1

CVE-2008-5517 – gitWeb 1.5.2 - Remote Command Execution

https://notcve.org/view.php?id=CVE-2008-5517

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. gitWeb version 1.x suffers from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/11497 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512330 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html http://repo.or.cz/w/git.git?a=commitdiff%3Bh=516381d5 http://secunia.com/advisories/33964 http://secunia.com/advisories/34194 http://wiki.rpath.com/Advisories:rPSA-2009-0005 http://www.debian.org/security/2009/dsa-1708 http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml http://www.openwa • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2008-3546

https://notcve.org/view.php?id=CVE-2008-3546

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Desbordamiento de búfer basado en pila de las funciones (1) diff_addremove y (2) diff_change en GIT versiones anteriores a la 1.5.6.4, podría permitir a usuarios locales ejecutar código arbitrariamente a través de un PATH de longitud mayor a PATH_MAX del sistema cuando se ejecutan las utilidades GIT como git-diff o git-grep. • http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 http://secunia.com/advisories/31347 http://secunia.com/advisories/31780 http://secunia.com/advisories/32029 http://secunia.com/advisories/32384 http://secunia.com/advisories/33964 http://security.gentoo.org/glsa/glsa-200809-16.xml http://wiki.rpath.com/Advisories:rPSA-2008-0253 http://www.debian.org/security/2008/dsa-1637 http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 8%CPEs: 13EXPL: 0

CVE-2006-0477

https://notcve.org/view.php?id=CVE-2006-0477

Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. • http://lwn.net/Articles/169623 http://secunia.com/advisories/18643 http://www.securityfocus.com/bid/16417 http://www.vupen.com/english/advisories/2006/0367 https://exchange.xforce.ibmcloud.com/vulnerabilities/24360 •