Exploit for OS Command Injection in Aerospike Aerospike_Server

CVE-2020-13151 POC Aerospike Database 5.1.0.3 Host Com...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2020-1798)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

uDork - Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On

uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...

Doki Backdoor Infiltrates Docker Servers in the Cloud

A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control C2 domain names. Doki however is meant to provide a persistent capability for code-execution on an infected...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned CVE. The...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2020-1798)

According to the version of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router...

Kubebox - Terminal And Web Console For Kubernetes

Terminal and Web console for Kubernetes Features Configuration from kubeconfig files KUBECONFIG environment variable or $HOME/.kube Switch contexts interactively Authentication support bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digit...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are the docker-compose files, which are used to build and...

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular...

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains several vulnerable environments, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target product/service or framework ...

openSUSE Security Update : salt (openSUSE-2020-1074)

This update for salt contains the following fixes : - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/300 0.html - Add docker.logout to docker...

openSUSE Security Update : singularity (openSUSE-2020-1037)

This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

OPENSUSE-SU-2020:1074-1 Security update for salt

This update for salt contains the following fixes: - Fix for TypeError in Tornado importer bsc1174165 - Require python3-distro only for TW bsc1173072 - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker...

Exploit for Incorrect Authorization in Moodle

CVE-2020-14321 Course enrolments allowed privilege escalation...

Security update for salt (moderate)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2020:1074-1 Rating: moderate References: 1159284 1165572 1167437 1168340 1169604 1170104 1170288 1171906 1172075 1173072 1174165 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 Affected...

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The tool is designed to be used for testing and training purposes, allowing users to practice...

OPENSUSE-SU-2020:1037-1 Security update for singularity

This update for singularity fixes the following issues: - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems: - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but it includes various vulnerable environments based on Docker-Compose. The target product/service or framework is not...