Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains a collection of vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no prior knowledge of Docker. The repository...

Fedora: Security Advisory for podman (FEDORA-2020-ccc3e64ea5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: podman-1.8.0-4.fc30

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Exploit for Use After Free in Microsoft

This repository is a PoC Proof of Concept scanner for the CVE-2019-0708 vulnerability, also known as "BlueKeep", which is a remote code execution RCE vulnerability in Microsoft Windows Remote Desktop Services. The scanner is a fork of the rdesktop client, a Remote Desktop Protocol client, and is...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022

Summary Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372, Docker CVE-2019-17149, CVE-2019-17150, Kubernetes CVE-2019-11245, CVE-2019-11253, CVE-2019-10223, CVE-2019-17110 Vulnerability Details...

Exploit for Exposure of Resource to Wrong Sphere in Joomla Joomla\!

Made by HK CVE-2020-10238: Incorrect Access Control in comt...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not specified, but the environments are...

Denial Of Service (DOS)

github.com/docker/docker-ce is vulnerable to denial of service DoS attacks. This vulnerability exists due to unreleased log messages in followLogs function in logfile.go. An attacker could exploit this flaw by sending continuous log messages causing an application crash...

[Important] [Security] Virtuozzo PowerPanel Update 1 Hotfix 2 (7.0.4-47)

The update for Virtuozzo PowerPanel introduces a new feature and a security fix. Vulnerability id: PP-647 Fortify Docker configuration in the vzapi-compute service...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for Vulnerability Research and Exploitation. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution vulnerability. The probable entry point is the...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the collection includes various environments with different vulnerabilities, such as SQL injection, cross-site scripting XSS, and server-side template...

GitLab: SSRF into Shared Runner, by replacing dockerd with malicious server in Executor

Note I've assigned the severity HIGH and submitted this report based on previously disclosed blind SSRF bugs that were previously disclosed. https://hackerone.com/reports/398799 If that's not correct, please adjust or let me know if you require more immediate impact on users in order to consider...

Exploit for Classic Buffer Overflow in Exim

Exim RCE CVE-2018-6789 Learning Environment Description...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which are used t...

Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments, including web applications and services. The probable entry points...

Security Bulletin: IBM Security Information Queue has overly permissive CORS policy (CVE-2020-4292)

Summary The cross-origin resource sharing CORS policy in IBM Security Information Queue ISIQ is too permissive. It allows all origins to access the ISIQ Web Server resources when such cross-domain accesses are unnecessary for ISIQ functionality. As of v1.0.5, ISIQ no longer permits cross-origin...

Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283)

Summary IBM Security Information Queue ISIQ stores the JSON web token JWT secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration. Vulnerability Details CVEID: CVE-2020-4283 DESCRIPTION: IBM Security Information Queue ISIQ...

Product release: Virtuozzo Infrastructure Platform 3.5 Update 1 (3.5.1-43)

This update provides a new feature as well as fixes and improvements. Vulnerability id: VSTOR-30003 Unable to release node from cluster: 'Unable to send message to any node in ABGW cluster'. Vulnerability id: VSTOR-30135 No read/write data on dashboards if multipath is configured. Vulnerability i...

Dnssearch - A Subdomain Enumeration Tool

This software is a subdomain enumeration tool. Purpose dnssearch takes an input domain -domain parameter and a wordlist -wordlist parameter , it will then perform concurrent DNS requests using the lines of the wordlist as sub domains eventually bruteforcing every sub domain available on the top...