9277 matches found
org.apache.pulsar:distribution (>=2.0.0-rc1-incubating <=2.0.1-incubating), org.apache.pulsar:pulsar-docker-image (>=2.0.0-rc1-incubating <=2.7.4) +1 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-proxy (>=2.0.0-rc1-incubating <=2.7.4)
org.apache.pulsar:pulsar-proxy MAVEN version =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.1.0-incubating, =2.11.4 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...
OESA-2022-1936 docker security update
Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an...
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using admin account at...
Exploit for CVE-2022-37708
Docker Lightman Exploit Docker CVE-2022-37708. This exploit r...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...
Virtuozzo Hybrid Infrastructure 5.2 Update 1 (5.2.1-57)
This update provides full support for Authorization Code Flow, as well as bug fixes and improvements. Vulnerability id: VSTOR-57337 It is impossible to set the disk role to "Unassigned" while joining a node to the cluster. Vulnerability id: VSTOR-57187 Unable to add an iSCSI target with multiple...
Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images
Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link for Russia: Scanvus Simple Credentialed...
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...
GHSA-RC4R-WH2Q-Q6C4 Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python...
[SECURITY] Fedora 37 Update: moby-engine-20.10.18-1.fc37
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
Fedora: Security Advisory for moby-engine (FEDORA-2022-8298607490)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for moby-engine (FEDORA-2022-b027a13a39)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Exploit for Path Traversal in Apache Http_Server
It is an exploit module targeting Apache Log4j. The target produ...
Exploit for Path Traversal in Apache Http_Server
Apache 2.4.50 - Path Traversal or Remote Code Execution cve-20...
Exploit for Path Traversal in Apache Http_Server
Apache 2.4.50 - Path Traversal or Remote Code Execution cve-20...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773-PoC PoC for CVE-2021-41773 with docker to demon...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 CVE-2021-41773 POC with Docker Configurati...
Exploit for Path Traversal in Apache Http_Server
This is a PoC exploit for CVE-2021-41773 and CVE-2021-42013, whi...