Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security training and testing. The primary vulnerability class targeted by Vulhub is web application vulnerabilities, including Remote Cod...

vulhub

It is an offensive tool for vulnerable environments. The repository contains pre-built vulnerable environments based on Docker-Compose. The tool is designed to provide a simple way to create and manage vulnerable environments for testing and training purposes. The target product/service or...

Microsoft Windows Containers Privilege Escalation Vulnerability

The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user. Windows Containers: ContainerUser has Elevated Privileges Windows Containers: ContainerUser has...

SYS.1.3.A10

Dienste und Anwendungen SOLLTEN mit einer individuellen Sicherheitsarchitektur geschuetzt werden z. B. mit AppArmor oder SELinux. Auch chroot-Umgebungen sowie LXC- oder Docker-Container SOLLTEN dabei beruecksichtigt werden. Es SOLLTE sichergestellt sein, dass mitgelieferte Standardprofile bzw...

NewStart CGSL CORE 5.04 / MAIN 5.04 : containerd.io Multiple Vulnerabilities (NS-SA-2021-0006)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has containerd.io packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Docker (CVE-2021-21285, CVE-2021-21284)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could...

Writehat - A Pentest Reporting Tool Written In Python

WriteHat is a reporting tool which removes Microsoft Word and many hours of suffering from the reporting process. Markdown -- HTML -- PDF. Created by penetration testers, for penetration testers - but can be used to generate any kind of report. Written in Django Python 3. Features: Effortlessly...

Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomainse.g more than 10k. It is not possible to test each manually or with traditional requests or...

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

By Waqas According to researchers, both developer resources were also targeted last year for Monero mining but now the campaign has resurfaced. This is a post from HackRead.com Read the original post: Threat actors hijacking Bitbucket and Docker Hub for Monero mining...

Exploit for Improper Input Validation in Vmware View_Planner

CVE-2021-21978 CVE-2021-21978: Remote Code Execution vulnera...

CVE-2021-21979

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

Design/Logic Flaw

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

CVE-2021-21979

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

Security Bulletin: IBM Security Verify Information Queue uses a Node.js proxy library that has a known vulnerability (183561)

Summary The web server in IBM Security Verify Information Queue ISIQ uses an older version of the http-proxy package that has a known vulnerability to a denial of service. As of v10.0.0, ISIQ has upgraded to a newer, secure version of http-proxy. Vulnerability Details Third Party Entry: 183561...

CVE-2021-27886

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product...

CVE-2021-27886

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product...

Command injection

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product...

CVE-2021-27886

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product...

CVE-2021-27886

CVE-2021-27886 affects the rakibtg Docker Dashboard prior to 2021-02-28. The issue is a command-injection in backend/utilities/terminal.js caused by unsafely passing shell metacharacters in the command parameter of an API request. The vulnerability, not tied to any Docker, Inc. product, is report...

Kazi Mehedi docker-web-gui 操作系统命令注入漏洞

Kazi Mehedi docker-web-gui is Kazi Mehedi an open source application . It provides a simple GUI interface for Docker containers. rakibtg Docker Dashboard suffers from an operating system command injection vulnerability that allows commands to be injected into the backend tool terminal.js via shel...