Dnsmasq Heap based overflow(CVE-2017-14491)

1 Build the docker and open three terminals docker build -t dnsmasq . docker run --rm -t -i --name dnsmasqtest dnsmasq bash docker cp poc.py dnsmasqtest:/poc.py docker exec -it bash docker exec -it bash 2 On one terminal let’s launch attacker controlled DNS server: python poc.py 127.0.0.2 53...

Rancher Server - Docker Daemon Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Server - Docker Exploit', 'Description' = %q Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounte...

Dnsmasq Stack based overflow(CVE-2017-14493)

1 Build the docker and open two terminals docker build -t dnsmasq . docker run --rm -t -i --name dnsmasqtest dnsmasq bash docker cp poc.py dnsmasqtest:/poc.py docker exec -it bash 2 On one terminal start dnsmasq: /test/dnsmasqnoasn/src/dnsmasq --no-daemon --dhcp-range=fd00::2,fd00::ff dnsmasq:...

Rancher Server Docker Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Server - Docker Exploit', 'Description' = %q Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounte...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Code injection

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

DEBIAN-CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

UBUNTU-CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

CVE-2014-0047

CVE-2014-0047 affects Docker before 1.5, where local users can cause unspecified impact via vectors involving unsafe /tmp usage. The available connected documents confirm the vulnerable condition and local-privilege context but do not provide concrete exploitation details or a confirmed fix/versi...

CVE-2014-0047

Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage...

CVE-2017-1000094

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...

CVE-2017-1000094

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...

Design/Logic Flaw

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...

Man In The Middle (MitM)

github.com/remind101/empire is vulnerable to Man in the Middle MitM attacks. The library pulls Docker images using a tag. Pulling a Docker image doesn't guarantee the pull data hasn't been modified, the usage of the content-addressable identifier guarantees the Empire API will safely pull the...

CVE-2017-1000094

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...

CVE-2017-1000094

The CVE-2017-1000094 entry concerns the Jenkins Docker Commons Plugin. The exposed issue is that the plugin enumerates credential IDs without proper permission checks, allowing any user with Overall/Read permission to retrieve a list of valid credentials IDs. This can facilitate credential theft ...