9264 matches found
Pwndora - Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home
Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate dat...
Dockerfile Detected
Docker is one of the most popular platform using virtualization at the operating system level to deliver software in packages called containers. To take advantage of cloud based infrastructures, developers often build their applications on top of the microservices architecture pattern with one or...
Important: runc
Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
Design/Logic Flaw
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
CVE-2021-31821
CVE-2021-31821 affects the Windows Tentacle docker image; on startup it logs commands and arguments, exposing the Octopus Server API key in plaintext. Linux Docker image is not affected. CVSS data indicate Confidentiality Impact HIGH (3.1; base 5.5) and Local, Low complexity access. No remediatio...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
Octopus Server 信息泄露漏洞
Octopus Server is an automated deployment platform. An information disclosure vulnerability exists in Octopus Server that stems from the fact that when a Windows Tentacle docker image is started, it logs all the commands that it runs as well as the parameters that are written in plaintext to the...
Driftwood - Private Key Usage Verification
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password...
Exploit for Classic Buffer Overflow in Ipuptime Pinkie
Introduction This repository is setup to quickly test the log...
Improper Input Validation in chatwoot/chatwoot
Description This vulnerability impacts all fields sent to Chatwoot. Any field that has an excessive amount of characters in it will cause the agent's page to take an abnormal amount of time to load, often requiring the content to be removed before the page will load. In my example, I put 20000000...
com.groupon.jenkins-ci.plugins:DotCi (>=1.1.1 <=2.36.2), com.groupon.jenkins-ci.plugins:DotCi-DockerPublish (>=1.0.0 <=1.0.3) +10 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (=1.2)
org.jenkins-ci.plugins:matrix-project MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:matrix-project and may be impacted: - com.groupon.jenkins-ci.plugins:DotCi =1.1.1, =1.0.0, =1.0.1, =1.1.3, =1.1.0, =1.0.0,...
com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)
org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...
com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.cloudbees.jenkins.plugins:docker-custom-build-environment (>=1.2 <=1.7.3) +14 more potentially affected by CVE-2022-20617 via org.jenkins-ci.plugins:docker-commons (>=1.0 <=1.15)
org.jenkins-ci.plugins:docker-commons MAVEN version =1.0, =1.9.2-beta, =1.2, =1.0.43, =3.0.0, =1.0, =1.26, =1.0, =1.0, =1.0, =0.2, =0.1.5, =0.2.3 and more Source cves: CVE-2022-20617 Source advisory: OSV:GHSA-JPXJ-VGQ5-PRJC...
OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
GHSA-JPXJ-VGQ5-PRJC OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
GHSA-2W8G-M5J8-7M87 Zalgo-like output that crashes the server
Impact What kind of vulnerability is it? Who is impacted? colors package caused zalgo-like output see https://github.com/soketi/soketi/issues/276, https://github.com/Marak/colors.js/issues/289, breaking the servers. Only NPM users that recently upgraded or installed the NPM package are affected...
Zalgo-like output that crashes the server
Impact What kind of vulnerability is it? Who is impacted? colors package caused zalgo-like output see https://github.com/soketi/soketi/issues/276, https://github.com/Marak/colors.js/issues/289, breaking the servers. Only NPM users that recently upgraded or installed the NPM package are affected...
CVE-2021-45449
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information access token or password on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would...