vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The repository contains a variety of applications and environments, including CouchDB, FFmpeg, Git...

Reconmap - VAPT (Vulnerability Assessment And Penetration Testing) Automation And Reporting Platform

Reconmap is a vulnerability assessment and penetration testing VAPT platform. It helps software engineers and infosec pros collaborate on security projects, from planning, to implementation and documentation. The tool's aim is to go from recon to report in the least possible time. Demo Details on...

Fedora: Security Advisory for podman (FEDORA-2021-0c53d8738d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the collection includes various vulnerable environments, such as flask/ssti, which is a vulnerable Flask web application with a Server-Side Template Injection SSTI...

Juumla - Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!

Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files. Installing / Getting started A quick guide of how to install and use Juumla. 1. Clone the repository - git clone https://github.com/oppsec/juumla.git 2. Install the libraries - pip3...

[SECURITY] Fedora 33 Update: podman-3.2.3-1.fc33

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 33 Update: skopeo-1.3.1-1.fc33

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

In0ri - Defacement Detection With Deep Learning

In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize t...

[SECURITY] Fedora 34 Update: podman-3.2.3-1.fc34

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

containerd security update

containerd 1.4.8-1 - Address CVE-2021-32760 docker-cli 19.03.11-13 - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine 19.03.11-13 - updated containerd minimum version to 1.4.8 to address CVE-2021-32760...

Photon OS 1.0: Docker PHSA-2021-1.0-0414

An update of the docker package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-1.0-0414. The text itself is copyright C VMware, Inc...

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes – to speed up processing time for compute-intensive jobs like machi...

Dell OpenManage Enterprise docker实例预认证RCE认证绕过漏洞（CVE-2021-21596）

Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the w...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. Please find a text-only version below sent to security mailing lists. The complete version on...

Important Photon OS Security Update - PHSA-2021-0414

Updates of 'docker', 'erlang', 'rpm', 'tcl' packages of Photon OS have been released...

Exploit for CVE-2021-36934

ShadowSteal | CVE-2021-36934 Pure Nim implementation for explo...

Security Bulletin: Vulnerabilities in Docker affect IBM Cloud Pak System

Summary Vulnerabilities were identified within Docker shipped as pType component with Cloud Pak System Software. IBM Cloud Pak System Software addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper...

IBM Security Access Manager Debug Information Disclosure Vulnerability (CNVD-2021-53331)

IBM Security Access Manager is an application for information security management from IBM Corporation in the United States. The product enables access management control through integrated Web, mobile, and cloud-oriented devices.IBM Security Access Manager Docker is vulnerable to a debugging...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

Bughound - Static Code Analysis Tool Based On Elasticsearch

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code. Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards ...