9165 matches found
Photon OS 2.0: Docker PHSA-2020-2.0-0235
An update of the docker package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0235. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13633...
Authelia - The Single Sign-On Multi-Factor Portal For Web Apps
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through...
Klar - Integration Of Clair And Docker Registry
Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...
Important Photon OS Security Update - PHSA-2020-3.0-0085
Updates of 'docker', 'libmspack' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2020-0085
Updates of 'libmspack', 'docker' packages of Photon OS have been released...
EulerOS Virtualization for ARM 64 3.0.2.0 : telnet (EulerOS-SA-2020-1541)
According to the version of the telnet package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container...
Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker-Credential-Wincred.exe Privilege Escalation', 'Description' = %q This exploit leverages a vulnerability in docker desktop community editio...
Docker Desktop Community Edition <= 2.1.0.1 Privilege Escalation Exploit
This Metasploit module exploit leverages a vulnerability in Docker Desktop Community Edition versions prior to 2.1.0.1 where an attacker can write a payload to a lower-privileged area to be executed automatically by the docker user at login. This module requires Metasploit:...
Docker-Credential-Wincred.exe Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker-Credential-Wincred.exe Privilege Escalation', 'Description' = %q This exploit leverages a vulnerability in docker desktop community editio...
Critical Photon OS Security Update - PHSA-2020-0235
Updates of 'docker', 'unixODBC', 'openjdk11', 'util-linux', 'systemd', 'openjdk8', 'lz4' packages of Photon OS have been released...
Medium: runc
Issue Overview: runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. This...
GitLab: Stored XSS on the job page
Hello Gitlab! Steps to reproduce: 1. Run Gitlab docker run --detach --hostname gitlab.example.com --publish 443:443 --publish 80:80 --publish 22:22 --name gitlab gitlab/gitlab-ce:latest 2. Create a new project with README.md 3. Go to Operations-Kubernetes 1. Click on the "Add Kubernetes cluster"...
vulhub
It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, including Flask SSTI Server-Side Template Injection and other vulnerabilities. The tool is designed to help users test and demonstrate vulnerabilities in a controlled...
Exploit for Improper Input Validation in Joomla Joomla\!
Made by HK CVE-2020-11890: Improper input validations in th...
Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)
Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...
8x8 Docker Jitsi Meet Trust Management Issues Vulnerability
8x8 Docker Jitsi Meet is a tool for building Jitsi Meet video conferencing solutions in Docker from 8x8 USA. A security vulnerability exists in previous versions of 8x8 Docker Jitsi Meet docker-jitsi-meet stable-4384-1, which stems from the use of default passwords e.g. passw0rd for system...
CVE-2020-11878
The Jitsi Meet aka docker-jitsi-meet stack on Docker before stable-4384-1 uses default passwords such as passw0rd for system accounts...
CVE-2020-11878
The Jitsi Meet aka docker-jitsi-meet stack on Docker before stable-4384-1 uses default passwords such as passw0rd for system accounts...
Default credentials
The Jitsi Meet aka docker-jitsi-meet stack on Docker before stable-4384-1 uses default passwords such as passw0rd for system accounts...
CVE-2020-11878
CVE-2020-11878 affects the Jitsi Meet docker-jitsi-meet stack prior to stable-4384-1, where system accounts used default passwords (e.g., passw0rd). The vulnerability is documented across multiple sources (NVD/Red Hat/CNVD/OSV), with high to critical severity in CVSS metrics. Impact is authentica...