Exploit for Incorrect Authorization in Cacti

Cacti | Auth Bypass | RCE | CVE-2022-46169 Cacti: Unauthentica...

CVE-2022-39258 mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

ZipSlip Symlink variant allows to read any file within OctoPrint Box

Using the ZipSlip symlink variant, it is possible to steal any file from the OctoPrint remote server via an upload of a maliciously crafted archive as a language pack and download the stolen files within a backup archive. To set up the Octoprint web application, we used the dockerized version bas...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 CVE-2021-41773 According to The National Vulne...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 CVE-2021-41773 According to The National Vulne...

Spring4Shell-POC - Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability CVE-2022-22965. Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about...

Kraken - A Multi-Platform Distributed Brute-Force Password Cracking System

Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator based cracking across multiple machines both as a web app in a web browser and as a standalone electron based client. Kraken aims to be easy to use, fault tolera...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 The Polkithttps://en.wikipedia.org/wiki/Polk...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell Honeypot Enhanced dockerized honeypot for CVE-2021...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Cisco Ios

CVE-2016-6415-BenignCertain-Monitor Re-implementation of Virtu...

Manuka - A Modular OSINT Honeypot For Blue Teamers

Manuka is an Open-source intelligence OSINT honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and trac...

Guardedbox - Online Client-Side Manager For Secure Storage And Secrets Sharing

GuardedBox is an open-source online client-side manager for secure storage and secrets sharing. It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups. Secre...

Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paper We present our approach and the findings of this work in the following research paper: KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware PDF Nilo Redini, Aravind...

Nextcloud: In Dockerized Environments, Failing to Read config.php Grants Any Anonymous User Full Admin Access

Consider this deployment: - Nextcloud is already installed in a Dockerized environment. - There are two Nextcloud containers running in the environment. - Both containers share the same MySQL database. - Both containers share the same data /var/www/html/data and config /var/www/html/config via...

CVE-2017-8928

mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF...

CVE-2017-8928

mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF...

Multi-Honeypot Platform: T-Pot

Multi-Honeypot Platform T-Pot is based on Ubuntu Server 16.10 LTS. The honeypot daemons as well as other support components being used have been paravirtualized using docker . This allowed developers to run multiple honeypot daemons on the same network interface without problems and make the enti...

Mercenary Linux

Mercenary-Linux is a “new-era” lightweight distribution of mostly Dockerized tools built for field expedient hunting, forensics, and malware analysis. This problem birthed MHF Mercenary Hunt Framework which allows the hunt team to easily perform hunt operations within a framework that aggregates...