Security Bulletin: Vulnerabilities in Node.js modules affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js modules affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By...

CVE-2023-40453

CVE-2023-40453 affects Docker Machine versions 0.16.2 and earlier. A compromised worker node can supply crafted version data, potentially tricking an administrator into unsafe actions via escape sequence injection, or cause a denial of service to a bastion node. Red Hat and OSV records corroborat...

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

Jenkins plugins Multiple Vulnerabilities (2022-11-15)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Script Security Plugin 1189.vbab7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it...

Exploit for Path Traversal in Apache Http_Server

PoC exploit for CVE-2021-41773 and CVE-2021-42013, two vulnerabi...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Refresh This container emulates the vulnerable functionality o...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel RCE CVE-2021-3129 Test Environment...

Exploit for SQL Injection in Apache Log4J

CVE-2022-23305 Log4j JDBCAppender sql injection POC This is a...

Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)

Summary A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...

Amazon Linux 2023 : docker (ALAS2023-2023-260)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-260 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...

Docker Hub images found to expose secrets and private keys

Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computi...

Arbitrary Code Execution

agpt is vulnerable to Arbitrary Code Execution. The vulnerability exists in executecode.py due to using a dedicated Docker container which Auto-GPT uses on the host system through run.sh or run.bat files while sandboxing customized Python code. It is possible to take advantage of this to execute...

Sysreptor - Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike

Easy and customisable pentest report creator based on simple web technologies. SysReptor is a fully customisable, offensive security reporting tool designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-37582EXPLOIT Apache RocketMQ Arbitrary File Write Vu...

TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform GCP services, marking the adversary's expansion in targeting beyond Amazon Web Services AWS. The findings come from SentinelOne and Permiso, which said the...

Amazon Linux 2 : ecs-init, docker, containerd, runc (ALASECS-2022-001)

The version of containerd installed on the remote host is prior to 1.4.13-3. The version of docker installed on the remote host is prior to 20.10.13-2. The version of ecs-init installed on the remote host is prior to 1.61.1-1. The version of runc installed on the remote host is prior to 1.0.3-3. ...

CVE-2023-37274

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

Design/Logic Flaw

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...

Path traversal

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...