VMware View Planner Unauthenticated Log File Upload RCE

This module exploits an unauthenticated log file upload within the loguploadwsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in RCE as the apache user inside the appacheServer Docker container. Module Options msf use...

Privilege Escalation

github.com/portainer/portainer is vulnerable to privilege escalation. The vulnerability exists due to an insecure permissions in the isValidStackFile function allowing non-admin user to spawn new containers critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

Microsoft Windows Containers DP API Cryptography Flaw Vulnerability

PRODUCT : Windows Containers VENDOR : Microsoft SEVERITY : High AFFECTED VERSION : Windows 10, Windows Server IDENTIFIERS : CVE-2021-1645 PATCH VERSION : KB4598229, KB4598230, KB4598242, KB4598243 FOUND BY : Marc Nimmerrichter, Certitude Lab Introduction ------------ Windows containers is a featu...

SnitchDNS - Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

Design/Logic Flaw

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

Code injection

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by an access-control flaw where bind-mount restrictions are enforced only on the client side and not on the server side. This can allow spawning a container with a bind mount, which may be leveraged to break out of the container and lead to a full Docker h...

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

CVE-2020-24263

CVE-2020-24263 affects Portainer ≤ 1.24.1. The issue is an insecure permissions vulnerability that allows a non-admin user to spawn new containers with critical capabilities (e.g., SYS_MODULE), enabling potential remote code execution and host takeovers. The available connected documents confirm ...

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

Portainer 访问控制错误漏洞

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer 1.24.1 suffers from an access control error vulnerability that could lead to remote arbitrary code execution...

USN-4856-1: docker-credential-helpers vulnerability

Jasiel Spelman discovered that docker-credential-helpers has a double free. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code...

USN-4856-1 golang-github-docker-docker-credential-helpers vulnerability

Jasiel Spelman discovered that docker-credential-helpers has a double free. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code...

HTTP Bridge - Send TCP Stream Packets Over Simple HTTP Request

I've wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool is...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security training and testing. The primary vulnerability class targeted by Vulhub is web application vulnerabilities, including Remote Cod...

vulhub

It is an offensive tool for vulnerable environments. The repository contains pre-built vulnerable environments based on Docker-Compose. The tool is designed to provide a simple way to create and manage vulnerable environments for testing and training purposes. The target product/service or...