Git 漏洞列表

fofa app="GitLab"

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below. FOFA: title="Gitlab" SHODAN: http.title:"GitLab"

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

Gitlab default login credentials were discovered.

fofa app="GitLab"

如果泄露核心代码或敏感配置文件，该漏洞定为高危，否则是中危。

2023/11/29 change info to high of severity level.

Prior to version 14, GitLab installations required a root password to be set via the web UI. If the administrator skipped this step, any visitor could set a password and control the instance.

QiHang Media Web Digital Signage 3.0.9 suffers from a clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

The QiHang Media Web application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response.

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution.

Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.

cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.

Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides."

GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.

GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are: - CVE-2021-39935 - CVE-2021-22214 - CVE-2021-22175

IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.

An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.

Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.

GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.

Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.

Western Digital My Cloud NAS是美国西部数据（WesternDigital）公司的一款应用广泛的网络连接云存储设备，可用于托管文件，并自动备份和同步该文件与各种云和基于Web的服务。Western Digital MyCloud NAS multi_uploadify.php 接口存在任意文件上传漏洞，允许未经身份验证的攻击者上传恶意代码，植入后门，获取服务器权限，并控制整个Web 服务器。

Western Digital My Cloud NAS chk_vv_sharename.php接口文件未对用户传入参数进行校验，导致命令执行漏洞，攻击者可通过构造恶意请求写入webshell，获取服务器权限。

Git Credential Manager（GCM）是Git Ecosystem开源的一个安全的 Git 凭据助手。 Git Credential Manager存在信息泄露漏洞。攻击者利用该漏洞可以捕获另一个 Git 远程的凭证。以下产品和版本受到影响：Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8),Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10),Microsoft Visual Studio 2022 version 17.6,Microsoft Visual Studio 2022 version 17.8,Microsoft Visual Studio 2022 version 17.10,Microsoft Visual Studio 2022 version 17.12。

go-git是go-git开源的一个用纯 Go 编写的高度可扩展的 git 实现库。 go-git v5.13之前版本存在参数注入漏洞，该漏洞源于存在参数注入漏洞，可能允许攻击者将任意值设置为git-upload-pack标志。

GitLab 是一个用于仓库管理系统的开源项目，使用Git作为代码管理工具，并在此基础上搭建起来的Web服务。 GitLab CE/EE存在一个漏洞，该漏洞允许攻击者访问受害者的个人访问令牌 (PAT) 来升级权限，严重可导致敏感信息泄露和服务器失陷。 目前受影响的GitLab版本： 8.12 ≤ GitLab CE/EE< 17.4.5 17.5 ≤ GitLab CE/EE< 17.5.3 17.6 ≤ GitLab CE/EE< 17.6.1

GitLab 是一个用于仓库管理系统的开源项目，使用Git作为代码管理工具，并在此基础上搭建起来的Web服务。安装方法是参考GitLab在GitHub上的Wiki页面。Gitlab是被广泛使用的基于git的开源代码管理平台, 基于Ruby on Rails构建, 主要针对软件开发过程中产生的代码和文档进行管理, Gitlab主要针对group和project两个维度进行代码和文档管理, 其中group是群组, project是工程项目, 一个group可以管理多个project, 可以理解为一个群组中有多项软件开发任务, 而一个project中可能包含多个branch, 意为每个项目中有多个分支, 分支间相互独立, 不同分支可以进行归并

GitHub GitHub Enterprise Server 签名验证不当漏洞

GitLab EE 需授权 访问控制不当漏洞

GitLab CE/EE 需授权 身份验证缺陷漏洞

GitLab EE 需授权 服务端请求伪造漏洞

GitLab CE/EE 需授权 输入验证不当漏洞

GitLab CE/EE 需授权 跨站脚本漏洞

Western Digital MyCloud NAS是一款网络附加存储设备，旨在提供集中存储和共享解决方案。它允许用户在家中或办公室通过网络访问文件，支持多种设备的备份和共享。Western Digital MyCloud NAS 中Cookie存在命令执行漏洞，攻击者可通过该漏洞在服务器端任意执行代码，写入后门，获取服务器权限，进而控制整个web服务器。

GitLab EE 需授权 输入验证不当漏洞 可导致敏感信息泄露

鉴权绕过漏洞是指攻击者通过某些手段绕过系统的正常权限验证机制，获取未授权的访问或执行权限。这种漏洞通常存在于身份验证、授权检查、权限控制等环节的不足或缺陷中，使得未经授权的用户能够访问或操作敏感数据、执行关键操作，甚至获取系统控制权。

GitLab社区与企业版存在存储型跨站脚本漏洞。此漏洞是由于对label colors输入验证不足导致的。

Anmei Digital Hotel Broadband OS存在命令注入漏洞，此漏洞是由于对ip参数校验不足导致的。

klaussilveira GitList中存在参数注入漏洞。该漏洞是由于escapeshellarg函数对表单参数验证不当导致的。

Gitlab 访问控制不当漏洞

GitLab社区版（CE）和企业版（EE）15.8至16.11.5、17.0至17.0.3以及17.1至17.1.1版本中存在一个访问控制不当漏洞，成功利用该漏洞可能导致威胁者在某些情况下以其他用户的身份触发pipeline。漏洞编号：CVE-2024-5655，漏洞危害等级：严重。

GitStack是一款可以在Windows上设置自己的专用Git服务器的软件。在GitStack<=2.3.10版本中，程序没有严格控制用户权限，导致攻击者可进行任意添加用户等操作，并且由于没有严格控制并过滤用户的输入，导致攻击者可构造恶意payload，造成命令执行漏洞。

弱口令漏洞指的是系统中使用了简单、容易猜测或常见的密码，导致攻击者可以通过猜测或暴力破解的方式轻易获取账户权限，进而访问或控制受影响的系统资源。这种漏洞通常由于缺乏有效的密码策略或用户对安全意识的忽视造成。

GitLab Community and Enterprise Edition中存在存储型XSS漏洞。此漏洞是由于vscode-mediator-commands package的设计缺陷所导致的。

GitHub Enterprise Server 未授权 身份验证缺陷漏洞

Git是一套免费、开源的分布式版本控制系统。 Git 存在安全漏洞，该漏洞源于通过特殊方式可以创建带有子模块的存储库，在克隆这个存储库时能够导致任意代码执行。

Git 远程命令执行漏洞

GitLab是一个利用 Ruby on Rails 开发的开源应用程序，实现一个自托管的Git项目仓库，可通过Web界面进行访问公开的或者私人项目。&nbsp;GitLab 存在未授权漏洞，攻击者可以利用此漏洞访问项目，通过查看和了解项目源代码对相应系统发起进一步的攻击。

GitHub Enterprise Server 远程代码执行漏洞

GitLab Community and Enterprise Editions存在拒绝服务漏洞。该漏洞是由于对label的description参数验证不当造成的。

GitLab CE/EE存在任意用户密码重置漏洞，此漏洞是未正确验证用户输入请求负载的数据导致的。

GitLab CE/EE存在拒绝服务漏洞。此漏洞是由于preview_markdown接口对于接收的消息校验不正确导致的。

Gitlab 存在认证绕过漏洞，此漏洞是硬编码密码导致的。

GitLab CE/EE 存在跨站脚本漏洞。此漏洞是由于对return_to参数验证不正确导致的。

GitLab社区和企业版中存在存储型跨站点脚本漏洞。该漏洞是由于对用户提交的注释输入清理不正确导致的。

GitLab GitHub imports中存在远程代码执行漏洞。该漏洞是由于导入时对返回的数据处理不当导致的。

GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备，从而提供可扩展，易于管理的平台。 GitHub Enterprise Server 3.17.19之前、3.8.12之前、3.9.7之前、3.10.4之前和 3.11.1之前版本存在日志信息泄露漏洞，该漏洞源于后端服务的日志文件存在敏感信息，当与其他网络钓鱼技术结合使用时，可能导致中间人攻击。

Western Digital My Cloud的/cgi-bin/nas_sharing.cgi存在硬编码，攻击者可利用该漏洞执行任意命令。影响产品： MyCloud <= 2.30.165，MyCloudMirror <= 2.30.165，My Cloud Gen 2， My Cloud PR2100，My Cloud PR4100，My Cloud EX2 Ultra，My Cloud EX2，My Cloud EX4， My Cloud EX2100，My Cloud EX4100，My Cloud DL2100，My Cloud DL4100

Western Digital MyCloud是一款个人云存储设备，将存储设备连接到现有网络，提供数据和文件服务。 Western My Cloud的snmp_mgr.cgi文件的多个参数存在命令执行中断，攻击者可以获得设备的管理员权限，进而危及设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。Western Digital My Cloud的/web/php/chk_vv_sharename.php文件vv_sharename参数存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。Western Digital My Cloud的/web/backups/usb_backup.php文件taskname参数存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的/web/php/noHDD.php文件enable存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务 Western Digital My Cloud的/web/backups/internal_backup.php文件backup_type参数存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的login_mgr.cgi文件username参数存在命令执行漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的/web/php/modUserName.php文件username参数存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的/web/setting/recycle_bin.php文件clear_days参数存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的/web/php/remoteBackups.php文件jobName参数存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

Western Digital MyCloud是个人云存储设备，将存储设备连接到现有的网络上来提供数据和文件服务。 Western Digital My Cloud的users.php文件cookie信息存在命令注入漏洞，可使攻击者获取设备的管理员权限，攻陷设备。

GitStack /rest/repository/ 路径存在鉴权绕过

GitStack是一款Windows平台上优秀的Git可视化服务端应用，GitStack2.3.10存在未授权任意仓库信息泄漏漏洞 攻击者可以未授权获取GitStack服务器的私有仓库名，可获取大量敏感信息，可以结合任意用户添加漏洞，进而精确获取指定仓库内容。

2022年8月30日，Gitlab 官方发布安全通告，披露 CVE-2022-2992 GitLab CE/EE import api 远程代码执行漏洞。攻击者在登录后具有import权限的情况下可构造恶意请求执行任意代码，控制服务器。

GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 GitLab CE/EE 存在安全漏洞，经过身份认证的远程攻击者可通过GitLab导入功能实现远程代码执行。

GitBit是-个纯Java编写的代码管理平台,默认权限允许任意用户执行查看及下载操作,存在路径遍历漏洞，可读取网站文件。

GitLab是一个用于仓库管理系统的开源项目。漏洞利用需要经过登录认证，经过认证的攻击者可以利用project导入功能执行任意代码，控制服务器。

/web/addons/upload.php

/jquery/uploader/multi_uploadify.php

GitBit是-个纯Java编写的代码管理平台,默认权限允许任意用户执行查看及下载操作,存在默认口令漏洞，极易被黑客利用窃取存储在该平台上的系统源代码。

GitBit是-个纯Java编写的代码管理平台,默认权限允许任意用户执行查看及下载操作,存在未授权访问漏洞，极易被黑客利用窃取存储在该平台上的系统源代码。

Gitlab Wiki API是一组用于对Gitlab项目Wiki页面进行创建、编辑、列表、删除等功能的接口。该API在处理外部输入时未做有效过滤，导致攻击者构造特定的恶意请求，可以在目标服务器上执行任意代码命令。需要private_token,以及需要一个project的id拼接成的路径，project=8拼接：（/api/v4/projects/8/wikis/attachments）

GitLab是一款Ruby开发的Git项目管理平台。在11.9以后的GitLab中，因为使用了图片处理工具ExifTool而受到漏洞CVE-2021-22204的影响，攻击者可以通过一个未授权的接口上传一张恶意构造的图片，进而在GitLab服务器上执行任意命令。

B-swiss 3数字标牌系统应用程序容易受到未经身份验证的数据库下载和信息泄露漏洞的攻击。这可以使攻击者能够泄露敏感信息，从而导致身份验证绕过、会话劫持和完全系统控制。

该漏洞可泄露gitlab中提交commit用户的邮箱信息，攻击者可用于钓鱼。

GitLab是由GitLabInc.开发，使用MIT许可证的基于网络的Git仓库管理工具，具有issue跟踪功能。它使用Git作为代码管理工具，并在此基础上搭建起来的web服务。当启用对内部网络的webhooks 请求时，GitLab CE/EE 中的服务器端请求伪造漏洞影响从 10.5 开始的所有版本，即使在注册受限的 GitLab实例上也可能被未经身份验证的攻击者利用。

2021年3月18日，长亭应急响应中心监测到Gitlab官方发布安全更新，修复了一处远程代码执行漏洞。

GitLab 是一个用于仓库管理系统的开源项目，使用Git作为代码管理工具，并在此基础上搭建起来的Web服务。GitLab中存在Graphql接口输入构造的数据时会泄露用户邮箱和用户名

【漏洞对象】Western Digital WD My Book World 【涉及版本】Western Digital WD My Book World II1.02.12及之前版本 【漏洞描述】该设备存在失效身份验证安全漏洞。恶意攻击者无需进行身份验证即可访问/admin/目录，从/admin/system_advanced.php?lang=en中开启SSH，并用默认root密码welc0me登录。

【漏洞对象】Western Digital MyCloud云存储设备 【漏洞描述】该系统存在身份验证绕过漏洞，未经身份验证的攻击者可利用此漏洞以饶过管理员用户身份验证，而无需提供密码，从而直接执行命令。完全控制My Cloud设备。

【漏洞对象】Western Digital MyCloud 【涉及版本】Western Digital MyCloud 2.30.196 【漏洞描述】Western Digital MyCloud是个人云存储设备。Western Digital MyCloud的/cgi-bin/network_mgr.cgi文件存在身份验证绕过漏洞，未经身份验证的攻击者可利用此漏洞以管理员用户身份进行身份验证，而无需提供密码，从而可以完全控制MyCloud设备。

【漏洞对象】GitStack 【涉及版本】2.3.10 【漏洞描述】 GitStack是一款在Windows下搭建非常方便的Git服务器，GitStack内部采用Apache HTTPserver作为服务器，使用http协议对Git进行封装，整合的已经比较完备。GitStack安装配置简单，非常好用。GitStack的2.3.10版本的user页面在未授权的情况下直接访问会泄露用户的用户名。

【漏洞对象】Digital Watchdog 摄像头 【涉及版本】Digital Watchdog 摄像头 【漏洞描述】 Digital Watchdog摄像头默认密码。

klaussilveira GitList 是一个使用 PHP 语言编写的具有图形化界面的Git存储库查看器，它支持与多个Git存储库进行交互、支持使用浏览器查看存储库。

GitList是一款基于PHP的开源Git仓库查看器，它能够实现匿名在线浏览版本控制系统源码仓库中的内容，并支持查看不同版本中的文件，提交历史和差异。 Gitlist 0.4.0及之前的版本中存在安全漏洞。远程攻击者可通过向blame、file、stats页面发送请求URI的文件名参数中的shell元字符利用该漏洞执行任意命令。

GitLab是一套利用Ruby on Rails开发的一套开源的可实现自托管的Git（版本控制系统）项目仓库的应用程序。gitlab-shell是其中的一套用于SSH访问和存储库管理的应用程序。 GitLab中使用的gitlab-shell 1.7.4之前版本的repository import功能中存在安全漏洞。远程攻击者可通过导入URL利用该漏洞执行任意命令。

GitLab是一套利用Ruby on Rails开发的一套开源的可实现自托管的Git（版本控制系统）项目仓库的应用程序。gitlab-shell是其中的一套用于SSH访问和存储库管理的应用程序。 GitLab 5.4.1之前的5.0版本和6.2.3之前的6.x版本使用的gitlab-shell 1.7.3之前版本的SSH密钥上传功能(lib/gitlab_keys.rb)中存在安全漏洞。远程攻击者可借助公钥中的shell元字符利用该漏洞执行任意命令。

GitLab是一套利用Ruby on Rails开发的开源应用程序，可实现一个自托管的Git（版本控制系统）项目仓库，它拥有与Github类似的功能，可查阅项目的文件内容、提交历史、Bug列表等。 GitLab产品的多个版本存在漏洞。远程攻击者可借助Git SSH访问权限利用该漏洞执行任意代码。以下版本受到影响：GitLab 5.0至5.4.1版本，Community Edition 6.2.3及之前的版本，Enterprise Edition 6.2.0及之前的版本，gitlab-shell 1.7.7及之前的版本。

WalRack 1.1.8，2.0.6及其他版本中存在任意文件上传漏洞。由于文件扩展处理没有正确验证用户提供的输入导致产生此漏洞，攻击者可以借助与双重扩展有关的向量，上传任意文件到受影响的计算机，导致执行任意PHP代码。