CVE-2017-14992

CVE-2017-14992 affects Docker-CE (Moby) across multiple older releases (e.g., 1.12.6-0, 1.10.3, 17.03.x, 17.06.x, 17.09.0 and earlier). The issue is lack of content verification in image layers, allowing a remote attacker to trigger a Denial of Service via a crafted image layer payload (gzip bomb...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

PT-2017-13809 · Docker +1 · Docker Ce +2

Name of the Vulnerable Software and Affected Versions: Docker-CE Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier Description: The issue is related to a lack of content verification, allowing a remote attacker to cause a Denial of Service...

CVE-2017-10940

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] e469cf49-4de3-4658-8419-ab42837916ad. An attacker must first obtain the ability to execute low-privileg...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to email protected e469cf49-4de3-4658-8419-ab42837916ad. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2017-10940

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] e469cf49-4de3-4658-8419-ab42837916ad. An attacker must first obtain the ability to execute low-privileg...

CVE-2017-10940

CVE-2017-10940 affects Joyent Smart Data Center before [email protected]. The Docker API flaw does not properly validate user-supplied data, enabling an attacker who can run low-privileged code to upload arbitrary files and escalate to root execution. Exp...

CloudBees Docker Commons Plugin Information Disclosure Vulnerability

CloudBees Docker Commons Plugin is an API sharing plugin in Jenkins a continuous integration tool based on Java development from the US company CloudBees. An information disclosure vulnerability exists in the CloudBees Docker Commons Plugin that stems from the program failing to detect privileges...

Introducing GoCrack: A Managed Password Cracking Tool

FireEye's Innovation and Custom Engineering ICE team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI Figure 1 shows the dashboard to create, view, and manage...

Introducing GoCrack: A Managed Password Cracking Tool

FireEye's Innovation and Custom Engineering ICE team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI Figure 1 shows the dashboard to create, view, and manage...

Onion Service nMap Scanner: Onion Map

Use nmap to scan hidden “onion” services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS...

Onion Routed Cloud: ORC

Onion Routed Cloud is a decentralized, anonymous, object storage platform owned and operated by allies in defense of human rights and opposition to censorship. ORC is a volunteer run cloud storage network that protects users from surveillance and puts them in control of their data. Use cases: For...

Security Analysis with Bamboo Plugin

Build Management with Bamboo In the process of continuous integration, a code repository is automatically built and tested by a CI service when code is pushed or committed to the repository. This enables automated testing, tracking, and reporting of build errors and boosts the productivity of...

Seccubus - Easy Automated Vulnerability Scanning, Reporting And Analysis

Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendo...

Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities

Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017.09.18 impact:...

Rancher Server Docker Command Execution

A command execution vulnerability exist in Rancher Server Docker. The vulnerability is due to improper privilege handling. A remote attacker can exploit this issue by sending a malicious HTTP request to the target server that could result in command injection and execution...

changeme - A Default Credential Scanner

A default credential scanner. About Getting default credentials added to commercial scanners is often difficult and slow. changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from code. All credentials are...

August 16, 2017—KB4034661 (OS Build 14393.1613)

August 16, 2017—KB4034661 OS Build 14393.1613 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This package contains d3dcompiler47.dll; for more information, read the blog post,HLSL, FXC, a...

Cameradar v2.0 - Hack into RTSP CCTV cameras

An RTSP stream access tool that comes with its library. Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect which device model is streaming Launch automated dictionary attacks to get their stream route e.g.: /live.sdp Launch automated dictionary attacks to get the...