anvil-connect (>=0.1.0 <=0.1.39), anvil-connect-jwt (>=0.1.0 <=0.1.2) +49 more potentially affected by CVE-2017-16021 via uri-js (>=1.4.2 <=2.1.1)

uri-js NPM version =1.4.2, =0.1.0, =0.1.0, =0.1.0, =0.2.12, =1.15.0, =0.1.0, =0.1.2, =0.4.2, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-16021 Source advisory: OSV:GHSA-333W-RXJ3-F55R...

Code injection

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

Code injection

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

CVE-2018-11757 affects Docker Skeleton Runtime for Apache OpenWhisk. A Docker action using openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. The issue is described in multiple so...

CVE-2018-11756

CVE-2018-11756 affects the PHP Runtime for Apache OpenWhisk when used as a Docker action based on tags such as openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (and older). The vulnerability allows a remote attacker to overwrite the source code of a function executing inside the...

PoshC2

!PoshC2 Logohttps://raw.githubusercontent.com/nettitude/PoshC...

Swarmpit Web UI Public WAN (Internet) / Public LAN Accessible

The script checks if the Swarmpit Web UI is accessible from a public WAN Internet / public LAN. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Security Bulletin: Yarn UI/API Security issue

Summary The Yarn UI/API running on port 8088 is not secured by default. If the host machine or container is configured in a network where port 8088 is open to the internet then, in this mode of operation, anonymous users can submit yarn applications. A yarn application can perform arbitrary tasks...

Noisy - Simple Random DNS, HTTP/S Internet Traffic Noise Generator

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity. Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable wit...

LogonTracer - Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log

Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name or an IP address and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occur...

Fedora Update for docker FEDORA-2018-9695e9b0ed

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ibombshell - Dynamic Remote Shell

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities and in some cases exploitation. It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can b...

[SECURITY] Fedora 28 Update: docker-1.13.1-60.git9cb56fd.fc28

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Docker Server Version Scanner

This module attempts to identify the version of a Docker Server running on a host. If you wish to see all the information available, set VERBOSE to true. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...