Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an open-source collection of pre-built vulnerable docker environments, vulhub. It is an offensive tool for web application security training and testing. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab, and the...

Lazydocker - The Lazier Way To Manage Everything Docker

A simple terminal UI for both docker and docker-compose, written in Go with the gocui library. Minor rant incoming: Something's not working? Maybe a service is down. docker-compose ps. Yep, it's that microservice that's still buggy. No issue, I'll just restart it: docker-compose restart. Okay now...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and more. The repository is maintained by phith0n and is...

OS Command Injection

docker-compose-remote-api is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the serviceName parameter due to lack of validation before passing to the exec function...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

CVE-2020-7606

CVE-2020-7606 affects the package docker-compose-remote-api (up to 0.1.4 and earlier). The root cause is in index.js: the function exec(serviceName, cmd, …) uses the variable serviceName, which can be controlled by users without sanitization, enabling OS command injection. Reported across multipl...

vulhub

It is an offensive tool for vulnerability research and education. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose, allowing users to easily create and experiment with vulnerable systems for research and educational purposes. The tool is designed to be...

Command Injection

Overview docker-compose-remote-api is a Connection interface between docker-compose and the Docker Remote API. Affected versions of this package are vulnerable to Command Injection. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable...

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains a collection of vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no prior knowledge of Docker. The repository...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not specified, but the environments are...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the collection includes various environments with different vulnerabilities, such as SQL injection, cross-site scripting XSS, and server-side template...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which are used t...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments, including web applications and services. The probable entry points...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector targeted by this repository is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments. The probable entry points for these...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The environments are designed to be easy to use and require no pre-existing knowledge of...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points are not explicitly stated, but the environments are likely to be...

vulhub

It is an offensive tool for Vulnerability Research. The target product/service or framework is a collection of pre-built vulnerable docker environments, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is various, including SSTI Server-Side Template Injection, RCE Remot...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2013-4547, and CVE-2017-1000353. The target...

PT-2020-6706 · Artifex +6 · Jbig2Dec +6

Name of the Vulnerable Software and Affected Versions: Artifex jbig2dec versions prior to 0.18 Description: The issue is related to a heap-based buffer overflow in the jbig2 image compose function of the jbig2 image.c component in the Jbig2dec decoder. This allows a remote attacker to access...