CVE-2018-10892

The default OCI linux spec in oci/defaultslinux.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness...

CVE-2018-10892

The default OCI linux spec in oci/defaultslinux.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness...

CVE-2018-10892

CVE-2018-10892 : In Docker/Moby, the default OCI Linux spec (oci/defaults_linux.go) from 1.11 to current does not block /proc/acpi pathnames. This allows a container to affect host hardware state (e.g., enabling/disabling Bluetooth, changing keyboard brightness) by targeting /proc/acpi, represent...

CVE-2018-10892

The default OCI linux spec in oci/defaultslinux.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness...

CVE-2017-0913

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

Default credentials

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

CVE-2017-0913

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

CVE-2017-0913

CVE-2017-0913 affects Ubiquiti UCRM versions 2.3.0–2.7.7. An authenticated user with Edit access to System Customization can read arbitrary files on the local filesystem; note that the container runs in Docker isolation by default. Exploitation requires valid credentials; no exploit details are p...

CVE-2017-0913

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

Dependency-Track - An Intelligent Software Composition Analysis (SCA) Platform That Allows Organizations To Identify And Reduce Risk From The Use Of Third-Party And Open Source Components

Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top o...

Pspy - Monitor Linux Processes Without Root Permissions

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as argumen...

Stego-Toolkit - Collection Of Steganography Tools (Helps With CTF Challenges)

This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes preinstalled with many popular see list below and several screening scripts you can use check simple things for instance, run checkjpg.sh image.jpg...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Exploit Demo for CVE-2017-5638 !DepShield Badgehttps://de...

Sever Side Request Forgery (SSRF) Via Unauthorised Access To Docker API

github.com/portainer/portainer is vulnerable to unauthorized access to docker API. The access is granted as the application does not validate the endpoint access requests, allowing unauthorized users to access internal Docker API, consequently allowing an attacker to leverage sever side request...

Mquery - YARA Malware Query Accelerator (Web Frontend)

Ever had trouble searching for particular malware samples? This project is an analyst-friendly web GUI to look through your digital warehouse. mquery can be used to search through terabytes of malware in a blink of an eye: Thanks to the UrsaDB database, queries on large datasets can be extremely...

RF Fuzzing Framework: TumbleRF

TumbleRF is a framework that orchestrates the application of fuzzing techniques to RF systems. While fuzzing has always been a powerful mechanism for fingerprinting and enumerating bugs within software systems, the application of these techniques to wireless and hardware systems has historically...

SUSE-SU-2018:1757-1 Security update for salt

This update for salt provides version 2018.3 and brings many fixes and improvements: - Fix for sorting of multi-version packages bsc1097174 and bsc1097413 - Align SUSE salt-master.service 'LimitNOFILES' limit with upstream Salt - Add 'other' attribute to GECOS fields to avoid inconsistencies with...

Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs.

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2016-3697 DESCRIPTION: Docker could allow a local attacker to gain elevated privileges on the system, caused by an error in...

PwnAdventure3 - Game Open-World MMORPG Intentionally Vulnerable To Hacks

Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That's because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you...

Uber: [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth

Vulnerability description not provided...