9270 matches found
PT-2023-18527 · Unknown · Canarytokens
Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to sha-fb61290 Description: A Cross-Site Scripting issue was identified in the history page of triggered Canarytokens. An attacker who discovers an HTTP-based Canarytoken can execute Javascript in the Canarytoken's...
Exploit for Out-of-bounds Read in Openssl
Heartbleed CVE-2014-0160 ========== Setup You will requir...
SureBackup Ping Test Wrong Docker IP
Challenge A SureBackup Job's ping and application tests attempt to interact with an unexpected IP address of a Virtual Machine running Docker. Cause The SureBackup Job's recovery verification tests use the IP addresses reported to the VMware Environment by VMware Tools. Solution To control which ...
Exploit for Cross-Site Request Forgery (CSRF) in Filebrowser
CVE-2021-46398 - Lalie ARNOUD, Gaspard ANDRIEU In this reposi...
Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework
Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. Its especially nice that all the code to support the new API was written and contributed ...
Fedora: Security Advisory for moby-engine (FEDORA-2022-db674bafd9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: moby-engine-20.10.21-1.fc36
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
This Week in Spring - Happy New Year 2023 edition - December 27th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its 27 December as I write this and - being honest - I couldnt be happier. Its raining outside. Im in a warm cozy office. Good music is playing. People are asleep in my home. I can hear the raindrops and wind outside the...
[SECURITY] Fedora 37 Update: moby-engine-20.10.21-1.fc37
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
Fedora: Security Advisory for moby-engine (FEDORA-2022-7e327a20be)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Git-Scm Git
docker host file read using cve-2022-39253 poc PoC r...
Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability
A critical security flaw has been disclosed in Amazon Elastic Container Registry ECR Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images ...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : containerd vulnerabilities (USN-5776-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5776-1 advisory. It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell-PoC Application This application has been contai...
CVE-2022-46157 Remote php code execution in Akeneo PIM
Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...
Kibana 7.17.8 and 8.5.0 Security Update
Update Log 2022-12-23 : Updated impact section with additional details. 2023-01-09 : Updated impact section to include RHEL 2023-01-23 : Updated impact section with additional details. Updated Solutions and Mitigations section with new mitigation option. Updated Affected Versions section. Kibana...
Amazon Linux 2022 : docker (ALAS2022-2022-237)
The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-237 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby...
Improper Control of Generation of Code ('Code Injection')
Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...
Exploit for Code Injection in Apache Commons_Text
Text4shell-exploit This is a Proof of Concept exploiting the v...