Lucene search
K

9270 matches found

GithubExploit
GithubExploit
added 2024/01/19 12:15 a.m.832 views

Exploit for SQL Injection in Djangoproject Django

CVE-2022-28346 A flaw was found in the Django package, which l...

9.8CVSS7.4AI score0.18661EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/01/18 4:31 p.m.31 views

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits applicatio...

7.7AI score
Exploits0
HackRead
HackRead
added 2024/01/18 12:0 p.m.19 views

Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners

By Deeba Ahmed 9Hits, Double Hit: Malware Mimics Web Tool to Mine Crypto, Generate Fake Website Traffic. This is a post from HackRead.com Read the original post: Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners...

7.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.37 views

popup-builder < 4.2.6 - Admin+ SSRF & File Read

Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...

6.5AI score0.00812EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2024/01/16 8:46 a.m.359 views

Exploit for Injection in Atlassian Confluence_Data_Center

CVE-2023-22527 Confluence RCE CVE-2023-22527 - RCE Remote Co...

10CVSS10AI score0.99984EPSS
Exploits31
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.33 views

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2023-2679)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various...

8.7CVSS7.1AI score0.02733EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.19 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-3118)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1,...

7.5CVSS7.5AI score0.27392EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.33 views

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2023-2637)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various...

8.7CVSS7.1AI score0.02733EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.37 views

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2023-2680)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...

7.8CVSS6.9AI score0.00457EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.33 views

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2023-2638)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this...

7.8CVSS6.9AI score0.00457EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.35 views

Siemens SCALANCE LPE9403 Improper Preservation of Permissions (CVE-2021-41089)

A vulnerability was found in Moby Docker Engine where attempting to copy files using 'docker cp' into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read,...

6.3CVSS5.9AI score0.0027EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.32 views

Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)

A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS6.2AI score0.01536EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.37 views

Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)

A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...

6.3CVSS7.3AI score0.02693EPSS
Exploits3References4
GithubExploit
GithubExploit
added 2024/01/12 9:34 a.m.357 views

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...

9.8CVSS9.9AI score0.80819EPSS
Exploits15
The Hacker News
The Hacker News
added 2024/01/12 7:56 a.m.33 views

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua...

9.1AI score
Exploits0
Hacker One
Hacker One
added 2024/01/11 8:35 p.m.22 views

U.S. Dept Of Defense: Full Access to sonarQube and Docker

The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file withi...

6.9AI score
Exploits0
Prion
Prion
added 2024/01/11 3:15 a.m.20 views

Code injection

IBM Security Access Manager Appliance IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584...

1.7CVSS6.2AI score0.00148EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2024/01/11 2:44 a.m.20 views

CVE-2023-31001 IBM Security Access Manager Container information disclosure

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653...

5.1CVSS5.2AI score0.0021EPSS
Exploits1References2
CVE
CVE
added 2024/01/11 2:22 a.m.71 views

CVE-2023-31003

CVE-2023-31003 affects IBM Security Verify Access (ISVA) components: IBM Security Access Manager Container (10.0.0.0–10.0.6.1) and IBM Security Verify Access Appliance/Docker (10.0.0.0–10.0.6.1). The root cause is improper access controls that could let a local user obtain root access. Public sou...

8.4CVSS7.1AI score0.00247EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.4 views

PT-2024-1196 · Ibm · Ibm Security Verify Access Appliance +1

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker version 10.0.6.1 Description: The issue is caused by the lack of encryption of protected data in the IBM Security Verify Access Docker...

6.2CVSS8.9AI score0.00148EPSS
Exploits1References7
Rows per page
Query Builder