Exploit for Code Injection in Vmware Spring_Framework

Target machine bash docker run -itd -p 80:8080 vulfocus/spr...

Exploit for Code Injection in Apache Commons_Text

Install maven - maven-linuxhttps://www.digitalocean.com/c...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 a.k.a. Text4Shell RCE Proof of Concept !ima...

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix and Sam Quinn · November 1, 2022 This story was also written by Charles McFarland and Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that we...

Reverse_SSH - SSH Based Reverse Shell

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trus...

Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-739c7a0058)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-distribution-3-3.0.0-0.1.pre1.20221009git0122d7d.fc36

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-regis try project with a new API design, focused around security and performance...

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure...

New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

By Deeba Ahmed The Austin, Texas-based American cybersecurity technology CrowdStrike has discovered a brand-new cryptojacking campaign in which attackers are targeting… This is a post from HackRead.com Read the original post: New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes...

Docker Command Escaping in the GitHub Actions Runner

Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...

CVE-2022-39321

The CVE-2022-39321 vulnerability affects GitHub Actions Runner: a logic bug in how the environment is encoded into docker invocations allowed input to escape environment variables and modify docker commands. Affected versions prior to patch are 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. Pat...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 aka text4shell PoC for recently discovered vu...

Fedora: Security Advisory for moby-engine (FEDORA-2022-12790ca71a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: moby-engine-20.10.20-1.fc36

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 PoC Test Application This is a vulnerable appli...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Test application This repository contains a si...

PenguinTrace - Tool To Show How Code Runs At The Hardware Level

penguinTrace is intended to help build an understanding of how programs run at the hardware level. It provides a way to see what instructions compile to, and then step through those instructions and see how they affect machine state as well as how this maps back to variables in the original...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-POC A simple demo application that shows how to...

Amazon Linux 2 : containerd, docker (ALASDOCKER-2022-021)

The version of containerd installed on the remote host is prior to 1.6.6-1. The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2022-021 advisory. In net/http in Go before 1.18.6 and 1.19.x befor...

Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Docker used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-24769 DESCRIPTION: Moby could allow a local attacker to gain elevated privileges on the system, caused by an issue with containers started incorrectly with...