Lucene search
K

9259 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2021/11/09 12:0 a.m.12 views

Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT

In October 2021, we observed threat actors targeting poorly configured servers with exposed Docker REST APIs by spinning up containers from images that execute malicious scripts...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/09 12:0 a.m.49 views

Ubuntu 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-5134-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5134-1 advisory. An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied...

7.5CVSS6.4AI score0.01536EPSS
Exploits0References2
Gitee
Gitee
added 2021/11/08 9:45 p.m.5 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...

7.8AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2021/11/08 3:57 p.m.10 views

Discovering Shadow APIs with Wallarm API firewall

Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/11/08 1:42 p.m.16 views

Rocket.Chat: Unintended information disclosure in the Hubot Log files

Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would b...

5CVSS1.1AI score0.00547EPSS
Exploits1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.2 views

Jetbrains JetBrains TeamCity 安全漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. An information disclosure vulnerability exists in JetBrains TeamCity versions prior to 2021.1. An attacker can exploit this vulnerability to obtain information via the Docker Registry connection dialog...

7.5CVSS5.6AI score0.00971EPSS
Exploits0References3
Kitploit
Kitploit
added 2021/11/05 8:30 p.m.56 views

Tor-Rootkit - A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor

A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get's established over the tor network. Disclaimer Use for educational purposes only. How to use 1. Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.git cd ./tor-rootkit 2. Build...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/05 11:30 a.m.515 views

PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python Remote Desktop Protocol RDP Monster-in-the-Middle MITM tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in th...

7.4AI score
Exploits0References17
Kitploit
Kitploit
added 2021/11/03 8:30 p.m.52 views

TIWAP - Totally Insecure Web Application Project

TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities. Inspired by DVWA, the contributors have tried their best to regenerate various web vulnerabilities The application is solely made for educational purpose and to learn...

8.3AI score
Exploits0References3
GithubExploit
GithubExploit
added 2021/11/03 5:41 a.m.417 views

Exploit for Cross-site Scripting in Wp_Html_Author_Bio_Project Wp_Html_Author_Bio

CVE-2021-24545 현재는 plugin으로 배포가 중단되어 있는 플러그인에서 발견된 XSS 취약점입니다...

5.4CVSS5.3AI score0.01771EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-15752

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...

9.3CVSS7.1AI score0.29628EPSS
Exploits5References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.19 views

Docker Desktop Community Edition Privilege Escalation Vulnerability

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...

9.3CVSS7.2AI score0.29628EPSS
In wildExploits5
CNVD
CNVD
added 2021/11/02 12:0 a.m.6 views

Portainer Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-87044)

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...

6.6AI score
Exploits0References1
CNVD
CNVD
added 2021/11/02 12:0 a.m.18 views

Portainer Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-87043)

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...

6.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.33 views

openSUSE: Security Advisory for containerd, (openSUSE-SU-2021:1404-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.5CVSS7.4AI score0.06604EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2021/11/01 12:0 a.m.49 views

openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1404-1 advisory. - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...

8.5CVSS6.9AI score0.06604EPSS
Exploits5References23
Kitploit
Kitploit
added 2021/10/31 8:30 p.m.51 views

Web-Hacking-Toolkit - A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support

A multi-platform web hacking toolkit Docker image with Graphical User Interface GUI support. Installation Docker Pull the image from Docker Hub: docker pull signedsecurity/web-hacking-toolkit Run a container and attach a shell: docker run --rm -it --name web-hacking-toolkit...

7AI score
Exploits0References22
OSV
OSV
added 2021/10/31 2:52 p.m.6 views

OPENSUSE-SU-2021:1404-1 Security update for containerd, docker, runc

This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. bsc1191355 See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fi...

8.5CVSS7AI score0.06604EPSS
Exploits5References17
Kitploit
Kitploit
added 2021/10/31 11:30 a.m.33 views

PeTeReport - An Open-Source Application Vulnerability Reporting Tool

PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...

7.2AI score
Exploits0References8
OSV
OSV
added 2021/10/31 11:12 a.m.10 views

MGASA-2021-0500 Updated docker packages fix security vulnerabilities

Updated docker packages fix security vulnerabilities: A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug...

7.5CVSS7AI score0.02693EPSS
Exploits3References2
Rows per page
Query Builder