9154 matches found
PYSEC-2018-107
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
PYSEC-2018-107
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
CVE-2018-18548
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
CVE-2018-18548
AjentiCP (Ajenti) up to version 1.2.23.13 contains a Cross-site Scripting (XSS) vulnerability in File Manager caused by mishandling a filename. The issue allows an attacker to inject JavaScript that can run in an Ajenti user’s browser, enabling potentially high-risk exploitation without privilege...
openSUSE Security Update : singularity (openSUSE-2018-1223)
Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...
WPScan v3.3.1 - Black Box WordPress Vulnerability Scanner
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...
RouterSploit v3.4.0 - Exploitation Framework For Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
Updated docker packages fix security vulnerabilities
Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing CVE-2017-14992. The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi...
MGASA-2018-0398 Updated docker packages fix security vulnerabilities
Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing CVE-2017-14992. The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi...
Evilginx v2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide...
Oracle WebLogic Server Multiple Vulnerabilities (October 2018 CPU)
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - Vulnerabilities in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Easily exploitable vulnerabilities allow unauthenticated attacker wi...
CVE-2018-3213
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
CVE-2018-3213
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
CVE-2018-3213
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
CVE-2018-3213
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...
CVE-2018-3213
Oracle WebLogic Server vulnerability CVE-2018-3213 affects the Docker Images subcomponent of Oracle Fusion Middleware. The issue is exploitable via network access using T3 and can lead to unauthorized access to data or complete access to Oracle WebLogic Server data. Affected versions are those pr...
Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2018-24318)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...
Metadata-Attacker - A Tool To Generate Media Files With Malicious Metadata
With this small suite of open source pentesting tools you're able to create an image .jpg, audio .mp3 or video .mp4 file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data...
Docker TOR Hidden Service - Easily Setup A Hidden Service Inside The Tor Network
Easily run a hidden service inside the Tor network with this container Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word 'boss', just use this word as argument. You can use regular...