9259 matches found
Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
In October 2021, we observed threat actors targeting poorly configured servers with exposed Docker REST APIs by spinning up containers from images that execute malicious scripts...
Ubuntu 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-5134-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5134-1 advisory. An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...
Discovering Shadow APIs with Wallarm API firewall
Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not...
Rocket.Chat: Unintended information disclosure in the Hubot Log files
Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would b...
Jetbrains JetBrains TeamCity 安全漏洞
TeamCity is a Java-based build management and continuous integration server from JetBrains. An information disclosure vulnerability exists in JetBrains TeamCity versions prior to 2021.1. An attacker can exploit this vulnerability to obtain information via the Docker Registry connection dialog...
Tor-Rootkit - A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor
A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get's established over the tor network. Disclaimer Use for educational purposes only. How to use 1. Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.git cd ./tor-rootkit 2. Build...
PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact
PyRDP is a Python Remote Desktop Protocol RDP Monster-in-the-Middle MITM tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in th...
TIWAP - Totally Insecure Web Application Project
TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities. Inspired by DVWA, the contributors have tried their best to regenerate various web vulnerabilities The application is solely made for educational purpose and to learn...
Exploit for Cross-site Scripting in Wp_Html_Author_Bio_Project Wp_Html_Author_Bio
CVE-2021-24545 현재는 plugin으로 배포가 중단되어 있는 플러그인에서 발견된 XSS 취약점입니다...
VulnCheck KEV: CVE-2019-15752
Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...
Docker Desktop Community Edition Privilege Escalation Vulnerability
Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...
Portainer Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-87044)
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...
Portainer Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-87043)
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...
openSUSE: Security Advisory for containerd, (openSUSE-SU-2021:1404-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1404-1 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...
Web-Hacking-Toolkit - A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support
A multi-platform web hacking toolkit Docker image with Graphical User Interface GUI support. Installation Docker Pull the image from Docker Hub: docker pull signedsecurity/web-hacking-toolkit Run a container and attach a shell: docker run --rm -it --name web-hacking-toolkit...
OPENSUSE-SU-2021:1404-1 Security update for containerd, docker, runc
This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. bsc1191355 See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fi...
PeTeReport - An Open-Source Application Vulnerability Reporting Tool
PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...
MGASA-2021-0500 Updated docker packages fix security vulnerabilities
Updated docker packages fix security vulnerabilities: A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug...