GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

Covenant 0.5 Remote Code Execution

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

Covenant v0.5 - Remote Code Execution (RCE)

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

Design/Logic Flaw

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

Stored XSS on Multiple Edit Page

Description A stored XSS with alert on Editing page. \ I clone repo from master branch and build with docker. Footer show: Version: 1.3.4 Proof of Concept Request image Request raw: POST /api/saveedit HTTP/1.1 Host: 192.168.125.131 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0...

Mageia: Security Advisory (MGASA-2023-0009)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3369-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0795-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3369-1] runc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3369-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 27, 2023 https://wiki.debian.org/LTS -...

WordPress NEX-Forms plugin < 7.9.7 - Authenticated SQL injection Vulnerability

Exploit Title: NEX-Forms WordPress plugin =3D 5.0.12 AND time-based blind query SLEEP Payload: page=3Dnex-forms-dashboard&formid=3D1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! information disclosure - CVE-2023-23752 exploit Explo...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

Design/Logic Flaw

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

CVE-2023-28444

The CVE concerns angular-server-side-configuration. It detects environment variables in TypeScript files during Angular CLI build, writes them to ngssc.json, and can expose them in index.html. In monorepo deployments with a backend, this may leak variables; a mitigation in v15.1.0 adds a searchPa...

Amazon Linux 2023 : docker (ALAS2023-2023-143)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-143 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Tenable has extracted the preceding...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-079)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-079 advisory. A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary...

vulhub

This repository is an offensive tool for a variety of areas, including web application security, container security, and more. It contains a collection of vulnerable environments and tools for testing and learning about various security vulnerabilities. The repository includes a range of tools an...

Wifi_Db - Script To Parse Aircrack-ng Captures To A SQLite Database

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes in 22000 hashcat format, MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen. / | | || | \ \ /\ / /| || | | | / ...