UBUNTU-CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

PYSEC-2019-70

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

PYSEC-2019-140

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

CVE-2019-14806 affects Pallets Werkzeug prior to 0.15.3 when used with Docker, due to insufficient debugger PIN randomness caused by containers sharing the same machine-id. This enables remote exploitation with network access; CVSSv3 base score 7.5. Remediation is to upgrade Werkzeug to 0.15.3 or...

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

GitLab: Uncontrolled Resource Consumption in any Markdown field using Mermaid

Summary I found a bypass for the mitigation of DoS via Mermaid CVE-2019-9220. As the mitigation for CVE-2019-9220, the input limit of 5000 characters is currently applied to a Mermaid code block, but it can be bypassed by simply splitting the longer payload to many code blocks. Steps to reproduce...

Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming. For detailed install instructions or more information please see our blog Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 G...

Commando VM 2.0: Customization, Containers, and Kali, Oh My!

The Complete Mandiant Offensive Virtual Machine “Commando VM” swept the penetration testing community by storm when it debuted in early 2019 at Black Hat Asia Arsenal. Our 1.0 release made headway featuring more than 140 tools. Well now we are back again for another spectacular release, this time...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-14235 via django (>=2.1.0 <=2.1.10)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-14235 Source advisory: OSV:GHSA-V9QG-3J8P-R63V...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-14232 via django (>=2.1.0 <=2.1.10)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-14232 Source advisory: OSV:GHSA-C4QH-4VGV-QC6G...

Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture PCAP files and Zeek formerly Bro logs. These artifacts can be uploaded via a simple browser-based interface or...

List of Open Source C2 Post-Exploitation Frameworks

PenTestIT RSS Feed This post has been lying in my drafts for more than a year with edits all over. But two days ago, it was announced that Powershell Empire would no longer be supported by it's authors. Hence just like I curated a list of adversary emulation tools, I finalized this list of open...

HELK - The Hunting ELK

The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack. This project was developed...

Docker 19.03.0 Code Injection Vulnerability

Docker is prone to a code injection vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-20871

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions "other" write access occur in certain cases GE-6890...

CVE-2018-20871

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions "other" write access occur in certain cases GE-6890...

Code injection

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions "other" write access occur in certain cases GE-6890...

CVE-2018-20871

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions "other" write access occur in certain cases GE-6890...

UBUNTU-CVE-2018-20871

In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions "other" write access occur in certain cases GE-6890...