UBUNTU-CVE-2021-29136

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...

Aleksa Sarai umoci modifies Open Container images 输入验证错误漏洞

Aleksa Sarai umoci modifies Open Container images is an open source application from Aleksa Sarai, a reference implementation of the OCI image specification that provides users with the ability to create, manipulate, and interact with container images. A security vulnerability exists in Open...

PT-2021-18100 · Open Container Initiative +1 · Umoci +1

Name of the Vulnerable Software and Affected Versions: Open Container Initiative umoci versions prior to 0.4.7 Description: The issue allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. This is due...

OESA-2021-1084 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as...

CVE-2020-2026

A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata...

PT-2020-10295 · Open Container Initiative +7 · Runc +7

Name of the Vulnerable Software and Affected Versions: runc versions through 1.0.0-rc9 runc version 1.0.0-rc10 is not affected, as it contains the fix for this issue. Description: The issue is related to incorrect access control, leading to escalation of privileges. An attacker must be able to...

PHPKick v0.8 statistics.php SQL Injection Exploit

No description provided by source. ?php echo"\n\n"; echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n"; echo"| |\n"; echo"|Syntax: php ".$SERVER'argv'0." host path |\n"; echo"| |\n"; echo"|Example: php ".$SERVER'argv'0." http://www.domain.com /path/ |\n"; echo"...

Joomla Component acctexp <= 0.12.x Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " \n"; print " Joomla Component acctexp Blind SQL Injection Exploit \n"; print " Author:His0k4 ALGERIAN HaCkeR \n"; print " &nb...

CMSimple 3.1 Local File Inclusion / Arbitrary File Upload Exploit

No description provided by source. pre CMSimple 3.1 Local File Inclusion / Arbitrary File Upload download: http://www.cmsimple.org/?Downloads dork: "Powered by CMSimple" author: [email protected] homepage: http://irk4z.wordpress.com Local File Inclusion : http://host/path/index.php?sl=file%00...

YaPiG 0.95b - Remote Code Execution

?php / \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- Portal : YaPIG 0.95b Vendor : http://yapig.sourceforge.net Author : Dj7xpl We Are : Y4Ho0 -Mr.Mithridates -Sir SiSiLi -System Failure -Satanic Soulfull -And Me Email : [email protected] Home :...

CVE-2000-0874

Eudora mail client includes the absolute path of the sender's host within a virtual card VCF...