9202 matches found
Evince 3.24.0 - Command Injection
Exploit Title: evince command line injection Date: 2017-09-05 Exploit Author: Matlink Vendor Homepage: https://wiki.gnome.org/Apps/Evince Software Link: https://wiki.gnome.org/Apps/Evince Version: 3.24.0 Tested on: Debian sid CVE : CVE-2017-1000083 Can be tested on docker with...
New Docker-based Dev Pipeline: Microservice Projects Just Got A ‘Speed-Boost’
A bulwark of software engineering projects, the development pipeline is an automated process used to deliver changes from development through to production; enabling near real-time updates. The dev pipeline is a critical time saver as it enables you to: Avoid mistakes and wasted time as a result...
WebMap - Nmap Web Dashboard And Reporting
A Web Dashbord for Nmap XML Report Usage You should use this with docker, just by sending this command: $ mkdir /tmp/webmap $ docker run -d \ --name webmap \ -h webmap \ -p 8000:8000 \ -v /tmp/webmap:/opt/xml \ rev3rse/webmap $ now you can run Nmap and save the XML Report on /tmp/webmap $ nmap -s...
Docker-Inurlbr - Advanced Search In Search Engines, Enables Analysis Provided To Exploit GET / POST Capturing Emails & Urls
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. How to build git clone https://github.com/gmdutra/docker-inurlbr.git cd docker-inurlbr docker build -t gmdutra/inurl...
goto.docker.com XSS vulnerability
Open Bug Bounty ID: OBB-696009 Description| Value ---|--- Affected Website:| goto.docker.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
openSUSE: Security Advisory for singularity (openSUSE-SU-2018:3316-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-18548
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
Design/Logic Flaw
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
PYSEC-2018-107
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
PYSEC-2018-107
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
CVE-2018-18548
ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...
CVE-2018-18548
AjentiCP (Ajenti) up to version 1.2.23.13 contains a Cross-site Scripting (XSS) vulnerability in File Manager caused by mishandling a filename. The issue allows an attacker to inject JavaScript that can run in an Ajenti user’s browser, enabling potentially high-risk exploitation without privilege...
openSUSE Security Update : singularity (openSUSE-2018-1223)
Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...
WPScan v3.3.1 - Black Box WordPress Vulnerability Scanner
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...
RouterSploit v3.4.0 - Exploitation Framework For Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
MGASA-2018-0398 Updated docker packages fix security vulnerabilities
Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing CVE-2017-14992. The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi...
Updated docker packages fix security vulnerabilities
Updated docker packages fix security vulnerabilities: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing CVE-2017-14992. The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi...
Evilginx v2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide...
Oracle WebLogic Server Multiple Vulnerabilities (October 2018 CPU)
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - Vulnerabilities in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Easily exploitable vulnerabilities allow unauthenticated attacker wi...
CVE-2018-3213
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Docker Images. The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...