vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable docker environments, allowing users to practice web application security testing without requiring prior knowledge of docker. The tool is designed to be easy to use, with a...

Cross-site Scripting (XSS) - Stored in monicahq/monica

Description HTML codes can be entered and successfully run in the journal session of Monica, which allows an attacker to trigger XSS query's like causing a persistant stored XSS in the journal session. files at monica/2. Fix Suggestion Sanitize the input / escape the xss charecters or else escape...

Kamailio 5.4.0 Header Smuggling Exploit

Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of removehf. Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date &...

vulhub

It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is not...

vulhub

It is an offensive tool for Vulnerable Environments Based on Docker-Compose. The repository contains a collection of pre-built vulnerable docker environments, allowing users to easily create and test vulnerable environments without requiring prior knowledge of Docker. The tool is designed to be...

GLSA-202008-15 : Docker: Information disclosure

The remote host is affected by the vulnerability described in GLSA-202008-15 Docker: Information disclosure It was found that Docker created network bridges which by default accept IPv6 router advertisements. Impact : An attacker who gained access to a container with CAPNETRAW capability may be...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but it appears to be a collection of vulnerable environments based on Docker-Compose. The vulnerability class/vector is not specified, but it likely involves we...

Docker: Information disclosure

Background Docker is the world’s leading software containerization platform. Description It was found that Docker created network bridges which by default accept IPv6 router advertisements. Impact An attacker who gained access to a container with CAPNETRAW capability may be able to to spoof route...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments, including Flask,...

Yeti - Your Everyday Threat Intelligence

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don't have to. Yeti provides an interface for humans shiny...

docker-cli docker-engine security update

docker-cli 19.03.11-5 - Bugfix for 'docker images name' not working on docker 19.03.11-ol - Address CVE-2020-16845 19.03.11-4 - added patch for registry list 19.03.11-3 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

vulhub

It is an offensive tool for Docker environments. The tool is designed to create a vulnerable Docker environment for testing and training purposes. It provides a collection of pre-built vulnerable Docker environments, allowing users to execute two simple commands to create a vulnerable environment...

The vulnerability of the CAP_NET_RAW component in software for automated deployment and application management in Docker-enabled environments allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the CAPNETRAW component in software for automated deployment and management of applications in Docker-enabled environments is related to the lack of a mechanism for checking input data. Exploiting this vulnerability can allow an attacker operating remotely to access...

Security Bulletin: Vulnerability identified in docker for Red Hat Enterprise Linux

Summary Vulnerability identified in docker package for Red Hat Enterprise Linux potentially impact IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2020-14300 DESCRIPTION: Docker package for Red Hat Enterprise Linux could allow a remote attacker to execute arbitrary code on the system, caus...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Server-Side Template Injection SSTI vulnerability in a Flask application. The repository contains a Docker Compose file that sets up a vulnerable environment for testing and demonstration...

AWS Cryptojacking Worm Spreads Through the Cloud

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services AWS cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency. According to researchers at Cado Security, the...

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable Docker environments, which can be used for training and testing web application security. The tool is designed to be easy to use, requiring only two simple commands to compi...

vulhub

This is an open-source collection of pre-built vulnerable docker environments, called Vulhub. It provides a simple way to create a vulnerable environment for testing and learning purposes. The project is maintained by phith0n and has a community of contributors and backers. The environments are...

GitLab: GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

Summary GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKERAUTHCONFIG build variable. Injected commands are executed on the container host, not within a Docker container, as such could compromise all future builds which are executed by...