Drozer - The Leading Security Assessment Framework For Android

drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Malicious code was discovered in the upstream ta...

Security Bulletin: Multiple Security Vulnerabilities have been fixed in the IBM Directory Server and IBM Directory Suite products (CVE-2022-22473. CVE-2021-38951)

Summary Multiple Security Vulnerabilities in the IBM WebSphere Application Server product as shipped with the IBM Directory Server and IBM Directory Suite products have been fixed. Vulnerability Details CVEID:CVE-2022-22473 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 coul...

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Access.

Summary IBM Security Verify Access could disclose sensitive information in the snapshot file due to reuse of encryption keys. Vulnerability Details CVEID:CVE-2024-25027 DESCRIPTION: IBM Security Verify Access could disclose sensitive snapshot information due to missing encryption. CVSS Base score...

DNS Rebind Attack

Docker is vulnerable to DNS Rebind Attack. This vulnerability is due to the lack of proper isolation between containers and the host's DNS resolver, allowing malicious actors to exploit DNS rebinding to bypass network restrictions...

GHSA-CFF3-5QRP-HQX7 Apache Airflow Improper Preservation of Permissions vulnerability

Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

Apache Airflow Improper Preservation of Permissions vulnerability

Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735

CVE-2024-29735 affects Apache Airflow (versions 2.8.2–2.8.3) due to the local file task handler incorrectly setting permissions on parent folders of the log directory, potentially granting group write access. The issue can impact log storage paths, and, if the home directory becomes group-writabl...

AutoWLAN - Run A Portable Access Point On A Raspberry Pi Making Use Of Docker Containers

This project will allow you run a portable access point on a Raspberry Pi making use of Docker containers. Further reference and explanations: https://fwhibbit.es/en/automatic-access-point-with-docker-and-raspberry-pi-zero-w Tested on Raspberry Pi Zero W. Access point configurations You can...

Security Bulletin: Security Vulnerability in IBM GSKit affects IBM Security Directory Server Container Products (CVE-2023-32342)

Summary A Security Vulnerability in IBM GSKit that ships with IBM Security Directory Server Container Products has been addressed in an update. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based...

GO-2024-2659 Data exfiltration from internal networks in github.com/docker/docker

dockerd forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics, networks marked as 'internal' can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative...

Security Bulletin: Multiple Security Vulnerabilites have been fixed in IBM Security Verify Directory Container (CVE-2022-32753, CVE-2022-32756, CVE-2022-32751, CVE-2022-32754)

Summary Multiple Vulnerabilities found by the IBM Ethical Hacking team have been fixed in IBM Verify Directory Container. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Directory Server uses weaker than expected cryptographic algorithms that could allow an attacker to decryp...

OESA-2024-1302 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch...

Exploit for Improper Access Control in Zenml

Exploit for CVE-2024-25723 This repository is dedicated to ad...

Exploit for File Descriptor Leak in Linuxfoundation Runc

PoC of CVE-2024-21626 Read my full article for detailed explan...

Gtfocli - GTFO Command Line Interface For Easy Binaries Search Commands That Can Be Used To Bypass Local Security Restrictions In Misconfigured Systems

GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in misconfigured systems. Installation Using go: go install github.com/cmd-tools/gtfocli@latest Using homebrew: brew tap cmd-tools/homebrew-tap brew install gtfocli Using...

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

Important: Red Hat Security Advisory: docker security update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Cross Site Request Forgery (CSRF)

org.jenkins-ci.plugins: docker-build-step is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate validation of user inputs, allowing attackers to connect to an attacker-specified TCP or Unix socket URL and reconfigure the plugin using provided connection test...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...