CVE-2020-13401

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...

CVE-2020-13401

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...

EUVD-2022-1160

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...

CVE-2020-13401

Docker Engine vulnerability CVE-2020-13401: before 19.03.11, a container process with CAP_NET_RAW can craft IPv6 router advertisements via the bridge/network setup, enabling spoofing of external IPv6 hosts, potential information disclosure, or denial of service. Several connected advisories confi...

vulhub2

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and Jenkins. The probable entry points are the...

CVE-2020-13401

A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the host network or...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and...

Exploit for Race Condition in Docker Docker_Desktop

CVE-2020-11492 Proof-of-Concept PoC for Docker Desktop for...

Anchore Engine Command Execution Vulnerability

Anchore Engine is an open source service from US-based Anchore that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and authentication. A security vulnerability exists in Anchore Engine version 0.7.0. An attacker can exploit the...

vulhub

It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose. The tool is designed to test web applications for vulnerabilities, specifically for web application security testing. The tool includes a variety of...

FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but the repository contains various vulnerable environments based on Docker-Compose, including ones for Flask, Apache, and...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a collection of docker-compose files for various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. CVE-2016-9086 is present in the provided context. The target product/service or framework is GitLab, the vulnerability class/vector is a remote code execution RCE vulnerability, the probable entry points are the data...

Docker Desktop for Windows PrivEsc (CVE-2020-11492)

TL;DR Docker Desktop for Windows suffers from a privilege escalation vulnerability to SYSTEM. The core of the issue lies with the fact that the Docker Desktop Service, the primary Windows service for Docker, communicates as a client to child processes using named pipes. The high privilege Docker...

Exploit for Reachable Assertion in Isc Bind

CVE-2020-8617 PoC for CVE-2020-8617 For educational purposes...

Exploit for Cross-Site Request Forgery (CSRF) in Wordpress

WordpressCVE-2019-9787 Try to reproduce this issue with Docke...

Security Bulletin: A security vulnerability has been identified in Bleach shipped with IBM Watson Machine Learning Community Edition (WMLCE)

Summary Multiple vulnerabilities have been found in the Bleach package, which is either built in to or distributed with IBM WMLCE. Vulnerability Details CVEID: CVE-2020-6816 DESCRIPTION: Mozilla Bleach is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...

HP LinuxKI 6.01 - Remote Command Injection Exploit

Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE: CVE-2020-7209 !/usr/bin/e...

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable Docker environments, including a Flask SSTI Server-Side Template Injection environment. The tool is designed to be used for testing and training purposes, allowing users to practice...