Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place

Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place. Features OpenSource Multiplatform Multilanguage Team Collaboration BuiltIn dashbaords and analytics Manage your clients...

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

CVE-2021-34079

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file...

Docker-Tester 操作系统命令注入漏洞

Docker-Tester uses docker-compose files to set up test environments and verify them before running tests. A security vulnerability exists in version 1.2.1 of Docker-Tester, which can be exploited by an attacker to maliciously execute operating system commands...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Essay 🕸️ Description 🖼️ This repository co...

Exploit for Expression Language Injection in Apache Struts

Struts2S2-062CVE-2021-31805 Apache Struts2 S2-062 remote c...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 PoC - Payara Arbitrary File Download Minimal e...

Information Disclosure

github.com/ipfs/go-ipfs is vulnerable to information disclosure. The vulnerability exists in docker-compose.yaml because the resulting list of listeners when running IPFS are either public or bound to public IPs which allows an attacker to gain admin API access to the IPFS node and control user...

GHSA-FX5P-F64H-93XC Opened exploitable ports in default docker-compose.yaml in go-ipfs

Impact Allows admin API access to the IPFS node. Who ? This affects people running the docker-compose.yaml service in an environment where the docker host is directly attached to a public or untrusted IP. In the vulnerable version, the private API endpoint is publicly forwarded by exposing it as...

Opened exploitable ports in default docker-compose.yaml in go-ipfs

Impact Allows admin API access to the IPFS node. Who ? This affects people running the docker-compose.yaml service in an environment where the docker host is directly attached to a public or untrusted IP. In the vulnerable version, the private API endpoint is publicly forwarded by exposing it as...

Exploit for SQL Injection in Zabbix

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The vulnerabilities are identified by CVE IDs, such as CVE-2016-10134,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 !Dockerfilehttps://github.com/ahmad4fifz/C...

GHSA-86F3-HF24-76Q4 Use of Hard-coded Cryptographic Key in Netmaker

Impact There is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server, if you know the address and username of the admin. This effects the server netmaker component, and not clients. Patches This has been patched in Netmaker v0.8.5, v0.9.4...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by the Vulhub project. The repository contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and more, which can be used for testing and training purposes. The environment is...

Exploit for Integer Overflow or Wraparound in Haproxy

CVE-2021-40346 Integer overflow on header request internal re...

vulhub

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Self-contained lab environment PoC that runs a reverse-shell w...

vulhub

This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...

vulhub

This repository is an offensive tool for creating pre-built vulnerable environments based on Docker-Compose. It is a collection of vulnerable applications and services that can be used for testing and training purposes. The repository includes a variety of vulnerable applications, such as CouchDB...

Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search...