281 matches found
CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1355
CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...
CVE-2023-43016
IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154...
CVE-2024-24760 Mailcow Docker Container Exposure to Local Network
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
CVE-2024-24760
CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...
mailcow Security Vulnerabilities
mailcow is a mail server suite. A security vulnerability exists in previous versions of mailcow 2024-01c that stems from allowing an attacker on the same subnet to connect to a public port of a Docker container...
CVE-2024-24756
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
Directory traversal
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
CVE-2024-24756 Crafatar path traversal vulnerability
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...
Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed a vulnerability (CVE-2022-43867)
Summary A Security Vulnerability has been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43876 DESCRIPTION: IBM Security Verify Access OIDC Provider allows web pages to be stored locally which can be read by another user on...
Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets
Proof Of Concept of SSRF on Request-Baskets CVE-2023-27163...
Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)
Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...
CVE-2023-47633
CVE-2023-47633 affects the Traefik Docker image when it serves as its own backend, triggered by an automatically generated route from Docker integration in default configuration. The issue causes 100% CPU usage, leading to a denial of service-like impact on the affected instance. The vulnerabilit...
C2-Search-Netlas - Search For C2 Servers Based On Netlas
C2 Search Netlas is a Java utility designed to detect Command and Control C2 servers using the Netlas API. It provides a straightforward and user-friendly CLI interface for searching C2 servers, leveraging the Netlas API to gather data and process it locally. Usage To utilize this terminal utilit...
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service DDoS botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, buil...
Exploit for CVE-2023-38646
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...
Exploit for CVE-2023-38646
CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...
Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740)
Summary Multiple security vulnerabilities have been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43868 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in...
Security Bulletin: Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)
Summary A Security Vulnerability in libxml2 as shipped with IBM Security Verify Access has been fixed. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLPARSEHUGE...
DorXNG - Next Generation DorX. Built By Dorks, For Dorks
DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...