Photon OS 4.0: Docker PHSA-2021-4.0-0007

An update of the docker package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0007. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid148352;...

The vulnerability of the dockerd daemon, a deployment and application management automation tool in Docker-enabled environments, relates to a resource consumption control mechanism error. This vulnerability allows attackers to trigger service failures.

The vulnerability of the dockerd daemon, a tool for automating the deployment and management of applications in Docker containerized environments, is related to improper handling of the image manifest file. Exploiting this vulnerability allows an attacker to cause service interruptions...

The vulnerability of the `--userns-remap` option, a Docker containerization-enabled deployment and application management automation tool, is related to an incorrect path name limitation for the directory. This vulnerability allows attackers to compromise data integrity.

The vulnerability of the --userns-remap option, a tool for automating application deployment and management in Docker containerized environments, is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability allows a malicious actor to compromise data...

UAC - Unix-like Artifacts Collector

UAC is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts. It respects the order of volatility and artifacts that are changed during the execution. It was created to facilitate and speed up data...

Maigret - OSINT Username Checker. Collect A Dossier On A Person By Username From A Huge Number Of Sites

The Commissioner Jules Maigret is a fictional French police detective, created by Georges Simenon. His investigation method is based on understanding the personality of different people and their interactions. About Purpose of Maigret - collect a dossier on a person by username only , checking fo...

Critical Photon OS Security Update - PHSA-2021-4.0-0007

Updates of 'python3', 'wpasupplicant', 'linux-rt', 'linux-secure', 'apache-tomcat', 'containerd', 'openssl', 'libtiff', 'glib', 'docker', 'mysql', 'linux', 'linux-aws', 'curl', 'nodejs', 'libvirt' packages of Photon OS have been released...

Security Bulletin: Cross-site scripting vulnerability affects IBM Edge (CVE-2020-4792)

Summary IBM Edge is affected by a cross-site scripting vulnerability. IBM Edge has resolved the vulnerability. Vulnerability Details CVEID: CVE-2020-4792 DESCRIPTION: IBM Edge is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

Security Bulletin: Vulnerabilities in Docker affects IBM InfoSphere Information Server

Summary Vulnerabilities in Docker that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2020-13401 DESCRIPTION: Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue router...

CVE-2021-29251

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...

CVE-2021-29251

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...

Code injection

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...

CVE-2021-29251

CVE-2021-29251 affects BTCPay Server prior to 1.0.7.1. The issue arises from how the software handles the policy setting for user registration (Server Settings > Policies), with explicit mention that it impacts Docker deployments configured with a mail server. The public sources describe the f...

CVE-2021-29251

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...

vulhub2

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, web server security, and more. The primary purpose of Vulhub is to provide a simple and easy-to-use...

Malicious Docker Cryptomining Images Rack Up 20M Downloads

At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis. The malicious images spread across 10 different Docker Hub accounts have raked in around $200,000 from cryptomining, according to Aviv Sasso...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an offensive tool for various areas. The repository contains a collection of vulnerable docker environments, including: CouchDB FFmpeg Git InfluxDB Jenkins Nginx Oracle Java Apache HTTP Server GitLab FastJSON Jenkins Electron The vulnerabilities include: CVE-2016-9086 GitLab CVE-2016-10134...

vulhub

This is a collection of vulnerable Docker environments, known as Vulhub. It's an open-source project that provides pre-built vulnerable environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a variety of vulnerable...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary purpose of Vulhub is to provide a simple and convenient way to test and demonstra...

Rocket.Chat: Pre-Auth Blind NoSQL Injection leading to Remote Code Execution

Summary: The getPasswordPolicy method is vulnerable to NoSQL injection attacks and does not require authentication/authorization. It can be used to take over accounts by leaking password reset tokens. Taking over an admin account leads to Remote Code Execution. Description: The getPasswordPolicy...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点： - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量，同时在routes/web.php添加路由这个我加在源码里了，没写dockerfile里 复现效果 脚本已放出，脚本要和phpggc项目文件夹在同一级目录下...