Dnsmasq < 2.78 - Heap-Based Overflow Exploit

Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14492.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminal...

Dnsmasq Heap-Based Overflow

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14492.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t dnsmasq . docker run --rm -t -i...

Dnsmasq 2-Byte Heap-Based Overflow

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14491.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open three terminals docker build -t dnsmasq . docker run --rm -t -i...

Dnsmasq &lt; 2.78 - Stack Overflow

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14493.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t dnsmasq . docker run --rm -t -i...

Oracle WebLogic Server Java Deserialization Remote Code Execution

Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage: http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html Affetcted Version...

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution

Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage: http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html Affetcted Version...

RHEL 7 : Mobile Application Platform (RHSA-2017:2674)

An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Important: Red Hat Security Advisory: Red Hat Mobile Application Platform security update

An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: Red Hat Mobile Application Platform security update

An update is now available for Red Hat Mobile Application Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Docker Daemon - Unprotected TCP Socket (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Daemon - Unprotected TCP Socket Exploit', 'Description' = %q Utilizing Docker via unprotected tcp socket 2375/tcp, maybe 2376/tcp with tls...

Docker Daemon Unprotected TCP Socket Exploit

Utilizing Docker via unprotected tcp socket 2375/tcp, maybe 2376/tcp with tls but without tls-auth, an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as...

Docker Daemon Unprotected TCP Socket

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Daemon - Unprotected TCP Socket Exploit', 'Description' = %q Utilizing Docker via unprotected tcp socket 2375/tcp, maybe 2376/tcp with tls...

The Struts S2-052 vulnerability bug bounce Shell test-vulnerability warning-the black bar safety net

S2-052 had burst a few days, I also join in the fun hurry up and build the case feel a bit. Don't rest is how, me just beginning the test of time, feel able to fulfil the Royal Decree of unparalleled unlimited: there is no echo, the creation of a designated content files are very difficult, and...

RHEL 7 : docker-distribution (RHSA-2017:2603)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2603 advisory. The docker-distribution package provides the tool set to support the Docker Registry version 2. The following packages have been upgraded to a later...

kernel: Memory leaks in xfs_attr_list.c error paths

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

docker-distribution: Does not properly restrict the amount of content accepted from a user

It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...

Low: Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update

An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Comission - WhiteBox CMS Analysis

CoMisSion is a tool to quickly analyze a CMS setup. The tool: checks for the core version; looks for the last core version; looks for vulnerabilities in core version used; checks for plugins version; looks for vulnerabilities in plugins version used; A complete report can be generated in XLSX or...