Exploit for Generation of Error Message Containing Sensitive Information in Apache Tomcat

PoC exploit for CVE-2024-21733, a vulnerability in Apache Tomcat...

Exploit for Infinite Loop in Nlnetlabs Unbound

This is a PoC exploit for CVE-2024-1931. The target product/serv...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...

OESA-2024-1959 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an...

PT-2024-29969 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.5.7 through 1.5.8 Description: OpenFGA is an authorization/permission engine. The issue concerns an authorization bypass when calling the Check API with a model that uses but not and from expressions and a userset...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2080)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to github.com/docker/distribution ( CVE-2023-2253 )

Summary Go module github.com/docker/distribution is used by IBM Cloud Pak for Data. CVE-2023-2253. Vulnerability Details CVEID:CVE-2023-2253 DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/catalog endpoint. By sending a specially...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-2097)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

SUSE: Security Advisory (SUSE-SU-2024:2801-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-2080)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

Microweber 2.0.15 Cross Site Scripting Vulnerability

Microweber version 1.0 suffers from a cross site scripting vulnerability in the search functionality. Original discovery of cross site scripting in this version is attributed to tmrswrr in June of 2024. Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Exploit Author: Prerak...

SUSE: Security Advisory (SUSE-SU-2024:2801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microweber 2.0.15 Cross Site Scripting

Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-41110)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41110 advisory. - Moby is an open-source project created by Docker for software containerization. A security vulnerabilit...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2024-2069)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

CVE-2024-41960

CVE-2024-41960 affects mailcow: dockerized (Relay Hosts configuration). An authenticated admin can inject a JavaScript payload into the Relay Hosts config, and the payload executes in the user’s browser when the configuration page is viewed, enabling arbitrary script execution in the user context...

CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...