NodeJsScan - A Static Security Code Scanner For Node.js Applications

Static security code scanner SAST for Node.js applications. Configure & Run NodeJsScan Install Postgres and configure SQLALCHEMYDATABASEURI in core/settings.py pip3 install -r requirements.txt python3 migrate.py Run once to create database entries required python3 app.py Testing Environment...

CMS Scanner - Scan Wordpress, Drupal, Joomla, vBulletin Websites For Security Issues

Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports...

Nmap Web Dashboard and Reporting: WebMap

Features Import and parse Nmap XML files Statistics and Charts on discovered services, ports, OS, etc… Inspect a single host by clicking on its IP address Attach labels on a host Insert notes for a specific host Create a PDF Report with charts, details, labels and notes Copy to clipboard as Nikto...

ACHE - A Web Crawler For Domain-Specific Search

ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant...

Privilege Escalation

hadoop-yarn-server-nodemanager is vulnerable to a privilege escalation. The library does not properly sanitize input from the LinuxContainerExecutor when running in a docker container, allowing authenticated user to run commands in the container as a root user...

Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-10892)

Summary Users of IBM Cloud Private and the IBM Cloud Automation Manager component could be affected by a vulnerability in Docker Vulnerability Details CVEID: CVE-2018-10892 DESCRIPTION: Docker could allow a local attacker to bypass security restrictions, caused by the failure to block /proc/acpi...

VB-Trend 2018 Splunk Conference

Today I attended VB-Trend 2018 Splunk conference organized by system integrator VolgaBlob. Video fragments from the event: Comparing to "Splunk Discovery Day", the conference was much smaller less than 100 people, focused on technical aspects, Information Security and informal communication. And...

Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954)

Summary Hard-code credentials in IBM dashDB Local might be exploited by an attacker. Vulnerability Details CVEID: CVE-2016-8954 DESCRIPTION: IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. CVSS Base Score: 9.8 CVS...

vulhub

It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable docker environments, including a web application vulnerable to various attacks. The tool is designed to help developers and security researchers test and demonstrate the effectiveness of web...

Evince 3.24.0 Command Injection

Exploit Title: evince command line injection Date: 2017-09-05 Exploit Author: Matlink Vendor Homepage: https://wiki.gnome.org/Apps/Evince Software Link: https://wiki.gnome.org/Apps/Evince Version: 3.24.0 Tested on: Debian sid CVE : CVE-2017-1000083 Can be tested on docker with...

Evince 3.24.0 - Command Injection

Evince 3.24.0 - Command Injection Exploit Title: evince command line injection Date: 2017-09-05 Exploit Author: Matlink Vendor Homepage: https://wiki.gnome.org/Apps/Evince Software Link: https://wiki.gnome.org/Apps/Evince Version: 3.24.0 Tested on: Debian sid CVE : CVE-2017-1000083 Can be tested ...

Evince 3.24.0 - Command Injection

Exploit Title: evince command line injection Date: 2017-09-05 Exploit Author: Matlink Vendor Homepage: https://wiki.gnome.org/Apps/Evince Software Link: https://wiki.gnome.org/Apps/Evince Version: 3.24.0 Tested on: Debian sid CVE : CVE-2017-1000083 Can be tested on docker with...

Evince 3.24.0 - Command Injection Exploit

Exploit for linux platform in category dos / poc Exploit Title: evince command line injection Exploit Author: Matlink Vendor Homepage: https://wiki.gnome.org/Apps/Evince Software Link: https://wiki.gnome.org/Apps/Evince Version: 3.24.0 Tested on: Debian sid CVE : CVE-2017-1000083 Can be tested on...

New Docker-based Dev Pipeline: Microservice Projects Just Got A ‘Speed-Boost’

A bulwark of software engineering projects, the development pipeline is an automated process used to deliver changes from development through to production; enabling near real-time updates. The dev pipeline is a critical time saver as it enables you to: Avoid mistakes and wasted time as a result...

WebMap - Nmap Web Dashboard And Reporting

A Web Dashbord for Nmap XML Report Usage You should use this with docker, just by sending this command: $ mkdir /tmp/webmap $ docker run -d \ --name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap $ now you can run Nmap and save the XML Report on /tmp/webmap $ nmap -s...

Docker-Inurlbr - Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. How to build git clone https://github.com/gmdutra/docker-inurlbr.git cd docker-inurlbr docker build -t gmdutra/inurl...

goto.docker.com XSS vulnerability

Open Bug Bounty ID: OBB-696009 Description| Value ---|--- Affected Website:| goto.docker.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

openSUSE: Security Advisory for singularity (openSUSE-SU-2018:3316-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-18548

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

Design/Logic Flaw

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...