9154 matches found
Seeker v1.0.7 - Get Accurate Location using a Fake Website
Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your loction just like many popular location based websites. Seeker Hosts a fake website on Apache Server and uses Ngrok , website asks for Location Permission and if the us...
Security Bulletin: Vulnerabilities in docker affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in docker. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-14992 DESCRIPTION: Docker-CE Also known as Moby is vulnerable to a denial of service, caused by the lack of content verification. By using a...
docker: container breakout without selinux in enforcing mode
The default OCI Linux spec in oci/defaultslinux.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness...
Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform security update
An update is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-1277)
Summary IBM Cloud Private Cloud Foundry is vulnerable to a security vulnerability Vulnerability Details CVEID: CVE-2018-1277 DESCRIPTION: Cloud Foundry garden-runc-release and cf-deployment are vulnerable to a denial of service, caused by the failure to correctly enforce disc quotas for Docker...
GitLab: Bypass of GitLab CI runner slash fix in YAML validation
Hi Gitlab Security, I notice the bug 301432 that Jobert reported earlier is could be bypassed by setting variable in environment. The reason is that the fix in place preventing url normalization is performed by doing the YAML validation, however this could be bypassed by setting the environment...
MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework
Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...
CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
Design/Logic Flaw
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
UBUNTU-CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
DEBIAN-CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
CVE-2018-12608
Docker Moby before 17.06.0 is affected by a TLS authentication flaw: the engine validates client certificates against both the configured CA and system roots (on non‑Windows). This lets a client presenting a certificate signed by any system‑trusted root CA authenticate, instead of only certificat...
CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
CVE-2018-12608
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
PT-2018-11289 · Docker · Docker Moby +1
Name of the Vulnerable Software and Affected Versions: Docker Moby versions prior to 17.06.0 Description: An issue was discovered where the Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allow...
htrace.sh - Simple Shell Script To Debugging HTTP/HTTPS Traffic Tracing, Response Headers And Mixed-Content
htrace.sh is a shell script that allows you to validate your domain configuration and catch any errors e.g. redirect loops. It also displays basic information about the ssl configuration if available, response headers, checks for mixed content and performs security scans using Nmap scripts and...
Docker for Windows Installed
Binary data dockerforwindowsinstalled.nbin...
Docker for Windows stable < 18.06.0-ce-win70 / edge < 18.06.0-ce-rc3-win68 Remote Privilege Escalation Vulnerability
The version of Docker for Windows installed on the remote Windows host is stable channel 18.06.0-ce-win70 or edge channel 18.06.0-ce-rc3-win68. It is, therefore, affected by a remote privilege escalation vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description...