CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

Input validation

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

CVE-2014-5278

CVE-2014-5278 describes a vulnerability in Docker prior to 1.2 where container names may collide with and override container IDs. The initial description explicitly states the issue; connected sources reiterate the same vulnerability. No exploit vectors, affected products, or remediation steps ar...

CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...

SUSE-SU-2020:0376-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts bsc1160452...

SUSE-SU-2020:0375-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-19921: Fixed a volume mount race condition with shared mounts bsc1160452...

Re2Pcap - Create PCAP file from raw HTTP request or response in seconds

Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules. Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below POST /admin/tools/iplogging.cgi HTTP/1.1 Host: 192.168.13.31:80...

Exploit for OS Command Injection in Docker

This is a PoC exploit for CVE-2019-5736, a Docker escape vulnerability. The target product/service is Docker, and the vulnerability class/vector is a Docker escape. The probable entry point is the Dockerfile, which contains a series of RUN commands that ultimately lead to the execution of the...

Exploit for OS Command Injection in Docker

CVE-2019-5736-Custom-Sandbox General CVE-2019-5736 implem...

vulhub

It is an offensive tool for Vulnerability Research. The target product/service or framework is a collection of pre-built vulnerable docker environments, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is various, including SSTI Server-Side Template Injection, RCE Remot...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2013-4547, and CVE-2017-1000353. The target...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

Project-Black - Pentest/BugBounty Progress Control With Scanning Modules

Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. What is this tool for? The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information. It can launch masscan nmap dirsearch amass patator...

Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager

Summary Security vulnerabilities were fixed in the IBM Security Access Manager appliance in the jackson-databind utilities. Vulnerability Details CVEID: CVE-2019-14439 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default...

Obfuscapk - A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...

Security Bulletin: Security vulnerabilities in the jackson-databind routines fixed in IBM Security Access Manager

Summary Security vulnerabilities were fixed in the IBM Security Access Manager appliance in the jackson-databind utilities. Vulnerability Details CVEID: CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector...

MGASA-2020-0050 Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...

Updated opencontainers-runc packages fix security vulnerability

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory CVE-2019-16884...