Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for Docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including CVE-2016-9086 and CVE-2017-1000353. The target product/service or framework is Docker, and the...

vulhub

It is an offensive tool for vulnerable environments. This repository, vulhub, is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The...

OPENSUSE-SU-2019:2418-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308 This update was imported from the SUSE:SLE-15:Update update project...

Security update for docker-runc (moderate)

openSUSE Security Update: Security update for docker-runc Announcement ID: openSUSE-SU-2019:2418-1 Rating: moderate References: 1152308 Cross-References: CVE-2019-16884 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Exploit for Out-of-bounds Write in Php

Docker image and commands to check CVE-2019-11043 !Build St...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a single exploit or tool, but rather a collection of vulnerable environments that can be used for testing and training purposes. The target product/service or framework is not explicitly stated, but the...

SUSE SLES15 Security Update : runc (SUSE-SU-2019:2810-1)

This update for runc fixes the following issues : Security issue fixed : CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308 Non-security issues fixed: Includes upstreamed patches for regressions bsc1131314 bsc1131553. Note that Tenable...

SUSE-SU-2019:2810-1 Security update for runc

This update for runc fixes the following issues: Security issue fixed: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308 Non-security issues fixed: - Includes upstreamed patches for regressions bsc1131314 bsc1131553...

Exploit for Out-of-bounds Write in Php

PHP Remote Code Execution Vulnerability CVE-2019-11043...

Exploit for Out-of-bounds Write in Php

PoC CVE-2019-11043 A Python version of the CVE-2019-11043 expl...

PHP-FPM + Nginx - Remote Code Execution

PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see below. What's vulnerable If a webserver...

SUSE SLED15 / SLES15 Security Update : docker-runc (SUSE-SU-2019:2786-1)

This update for docker-runc fixes the following issues : CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

AutoSploit v4.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

SUSE-SU-2019:2787-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308...

SUSE-SU-2019:2786-1 Security update for docker-runc

This update for docker-runc fixes the following issues: - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. bsc1152308...

Centos 7 : runc

An update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could...

Nextcloud: Docker image with FPM is vulnerable to CVE-2019-11043

The CVE-2019-11043 vulnerability can be exploited in the latest nextcloud:fpm image. This is due to the specific nginx configuration recommended for nextcloud: https://github.com/nextcloud/dockerbase-version---fpm...

Snare - Super Next Generation Advanced Reactive honEypot

snare - Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot About SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. Documentation The documentation can be found here. Basic Concepts Surface first. Focus...

Graboid: Revenge of the Worms

This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations &...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The target product/service or framework is docker and docker-compose. The vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry...