Command Injection

OpenClaw is vulnerable to Command Injection. The vulnerability is due to unsafe handling of the PATH environment variable when constructing shell commands in the Docker sandbox, which allows an authenticated attacker to influence command execution within the container context...

Exploit for Path Traversal in Jenkins

Jenkins CVE-2024-23897 Lab Уязвимость чтения произвольных фай...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CVE-2024-21006 PoC A CVE-2024-21006 é uma vulnerabilidade de...

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations

Firewall Manager API Project Installation Follow these steps to set up and run the API project: 1. Clone the Repository git clone https://github.com/adriyansyah-mf/CentralizedFirewall cd CentralizedFirewall 2. Edit the .env File Update the environment variables in .env according to your...

PT-2023-23590

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in...

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

PT-2022-24898 · Github · Github Actions Runner

Name of the Vulnerable Software and Affected Versions: GitHub Actions Runner versions prior to 2.296.2 GitHub Actions Runner versions prior to 2.293.1 GitHub Actions Runner versions prior to 2.289.4 GitHub Actions Runner versions prior to 2.285.2 GitHub Actions Runner versions prior to 2.283.4...

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover...

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover...

Privilege escalation

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover...

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover...

PT-2022-21337 · Dell · Dell Powerprotect Cyber Recovery

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Cyber Recovery versions prior to 19.11 Description: The issue allows a lower-privileged authenticated user to escalate privileges to root, leading to complete system takeover by chaining docker commands on virtual appliance...

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover...

This Week in Spring - May 31st, 2022

Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...

GHSA-H24P-QWF4-84Q8 Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...

Policy Bypass

github.com/twistlock/authz is vulnerable to policy bypass attacks. The vulnerability exists due to the usage of weak regular expressions to control the access of docker commands through URL, allowing policy bypass attacks...

Input validation

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root...