Authorization Bypass

openshift is vulnerable to authorization bypass. The vulnerability exists as remotely authenticated users can access the Docker socket and gain additional privileges via build-pod...

Change your password: Docker suffers breach; 190k users affected

By Uzair Amir Microsoft says its official Microsoft images hosted in Docker Hub have not been compromised. The company behind Docker, a computer program developed to manage operating-system-level virtualization has announced that it has suffered a data breach and as a result, one of Docker Hub...

Docker Hub Hack Affects 190K Accounts, with Concerning Consequences

UPDATE Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director o...

ParamPamPam - Brute Force Discover GET And POST Parameters

This tool for brute discover GET and POST parameters. Installation With Docker Install Docker git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam docker build -t parampp . echo -e '!'"/bin/bash\ndocker run -ti --rm parampp $@" /usr/local/bin/parampp parampp -u "https://vk.com/login"...

Docker Hub Suffers a Data Breach, Asks Users to Reset Password

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker...

Docker Hub Suffers a Data Breach, Asks Users to Reset Password

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company's single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker...

Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework

Cutter is a free and open-source GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Downloading a release Cutter ...

Exploit for CVE-2019-1003000

CVE-2019-1003000RCE-DETECTION General Summary Chaining vuln...

Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform

A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform Architecture Demo Data Flow 1 - API request tool, target, options initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes K8s cluster and can be scaled. 2 - API...

Fedora Update for atomic-reactor FEDORA-2019-782e6e61ce

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: atomic-reactor-1.6.36.1-3.fc29

Simple Python tool with command line interface for building Docker images. It contains a lot of helpful functions which you would probably implement if you started hooking Docker into your infrastructure...

[SECURITY] Fedora 28 Update: atomic-reactor-1.6.36.1-3.fc28

Simple Python tool with command line interface for building Docker images. It contains a lot of helpful functions which you would probably implement if you started hooking Docker into your infrastructure...

Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds

Get a clean, ready-to-go Linux box in seconds. Introduction What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? 1. provides a clean Linux environment for a presentation 2. let students experience the...

W12Scan - A Simple Asset Discovery Engine For Cybersecurity

Chinese W12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use. Here is a web source program, but the scanning end is at w12scan-client Thinking Based on python3 + django + elasticsearch + redis and use the web restful api to add scan...

Docker Remote API Detection

Binary data dockerremoteapidetection.nbin...

GitLab: Importing GitLab project archives can replace uploads of other users

Summary Importing a modified exported GitLab project archive can overwrite uploads for other users. If the secret and file name of an upload are known these can be easily identified for any uploads to public repositories, any user can import a new project which overwrites the served content of th...

DefectDojo v1.5.4 - Application Vulnerability Correlation And Security Orchestration Application

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one...

Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs

Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. The resulting Graphs can be sent to graph databases such as Neo4J or...

Design/Logic Flaw

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003065

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...