2678 matches found
Exploit for SQL Injection in Djangoproject Django
CVE-2022-28346 A flaw was found in the Django package, which l...
EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2023-2679)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua...
U.S. Dept Of Defense: Full Access to sonarQube and Docker
The vulnerability involved the exposure of sensitive credentials and IP addresses in a JavaScript file. The researcher gained access to the organization's Hub Docker account and Sonar projects, allowing them to identify and assess the issue. The vulnerability was caused by a JavaScript file withi...
Code injection
IBM Security Access Manager Appliance IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1 could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584...
CVE-2023-31003
CVE-2023-31003 affects IBM Security Verify Access (ISVA) components: IBM Security Access Manager Container (10.0.0.0ā10.0.6.1) and IBM Security Verify Access Appliance/Docker (10.0.0.0ā10.0.6.1). The root cause is improper access controls that could let a local user obtain root access. Public sou...
Exploit for Server-Side Request Forgery in Apache Ofbiz
Go-Exploit for CVE-2023-51467 This repository contains a go-e...
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)
Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...
Security Bulletin: Multiple Multiple Vulnerabilities in Docker affect Cloud Pak System [CVE-2023-28840, CVE-2023-28841, CVE-2023-28842]
Summary Vulnerabilities were identified within Docker shipped as pattern type pType component with Cloud Pak System Software. IBM Cloud Pak System Software addressed these vulnerabilities CVE-2023-28840, CVE-2023-28841, CVE-2023-28842. Vulnerability Details CVEID:CVE-2023-28840 DESCRIPTION: Moby ...
SUSE: Security Advisory (SUSE-SU-2023:4936-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : docker, rootlesskit (SUSE-SU-2023:4936-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4936-1 advisory. - A potential vulnerability in the AMD extension to Linux hwmon service may allow an attacker to use the Linux-based...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...
Exploit for Incorrect Authorization in Polkit_Project Polkit
CVE-2021-3560-Polkit-Privilege-Escalation by Mark, Qingchen Yu...
Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...
Security Misconfiguration
dockerspawner is vulnerable to Security Misconfiguration. The vulnerability is due to overly permissible pull container image configuration. An attacker can launch any pullable image as a result of this vulnerability...
Docker cgroups Container Escape Exploit
This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYSADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux...
Docker cgroups Container Escape
This exploit module takes advantage of a Docker image which has either the privileged flag, or SYSADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's...
ownCloud Phpinfo Reader
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
GHSA-6FWG-JRFW-FF7P Traefik docker container using 100% CPU
Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the...