ciguard: Container image runs as root (no USER directive)

Summary The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactfu...

OpenClaw has multiple E2E/test Dockerfiles that run all processes as root

Three Dockerfiles in scripts/docker/ and scripts/e2e/ lack a USER directive, meaning all processes run as uid 0 root. If any process is compromised, the attacker has root inside the container, making container breakout significantly easier. Partial fix 2026-02-08: Commit 28e1a65e added USER sandb...

GHSA-W7J5-J98M-W679 OpenClaw has multiple E2E/test Dockerfiles that run all processes as root

Three Dockerfiles in scripts/docker/ and scripts/e2e/ lack a USER directive, meaning all processes run as uid 0 root. If any process is compromised, the attacker has root inside the container, making container breakout significantly easier. Partial fix 2026-02-08: Commit 28e1a65e added USER sandb...

CVE-2019-1656

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

CVE-2019-1656 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

X7 Chat <= 2.0.5 (day) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/python Exploit for xchat 2.0.5 Saca los usuarios y los hash By nonroot - 2008 it's a PoC, please use responsibly import string,urllib import sys,re print Target host: i.e: http://127.0.0.1/x7chat/ host=rawinputTarget host include http and /: print Outp...

Openfiler 2.3 Password Change

Exploit code PoC for OpenFiler 2.3 current by just a nonroot user http://nonroot.blogspot.com/ import urllib,sys,re host example: https://192.168.20.5:446/ host=rawinput"OpenFiler system include http and /: " Super admin user user='openfiler' What pass do you want? password='nonroot' use it pleas...

Openfiler 2.3 (Auth Bypass) Remote Password Change Exploit

No description provided by source. Exploit code PoC for OpenFiler 2.3 current by just a nonroot user http://nonroot.blogspot.com/ import urllib,sys,re host example: https://192.168.20.5:446/ host=rawinput"OpenFiler system include http and /: " Super admin user user='openfiler' What pass do you...

OpenFiler 2.3 - (Authentication Bypass) Remote Password Change

OpenFiler 2.3 - Authentication Bypass Remote Password Change Exploit code PoC for OpenFiler 2.3 current by just a nonroot user http://nonroot.blogspot.com/ import urllib,sys,re host example: https://192.168.20.5:446/ host=rawinput"OpenFiler system include http and /: " Super admin user...

Flash Player policy file interpretation flaw

Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy...

Destar 0.2.2-5 - Arbitrary Add Admin

Destar 0.2.2-5 - Arbitrary Add Admin !/usr/bin/python Exploit for destar 0.2.2-5, tested on Linux Debian Bug found and exploit coded by a non root user http://nonroot.blogspot.com/ Enero 2008 This is a PoC, please use it just for learning how to exploit something use: $python ./exploitcode.py...

MoinMoin 1.5.x - &#039;MOIND_ID&#039; Cookie Login Bypass

!/usr/bin/python Exploit for the MOINDID cookie Bug MoinMoin 1.5.x Find your patch in : http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630 Bug and exploit coded by just a nonroot and colombian user Enero 21 de 2008 Greets: el directorio and all the SL community import urllib2,sys print "MoinMoin host:...

X7 Chat 2.0.5 - &#039;day&#039; SQL Injection

!/usr/bin/python Exploit for xchat 2.0.5 Saca los usuarios y los hash By nonroot - 2008 it's a PoC, please use responsibly import string,urllib import sys,re print "Target host: i.e: http://127.0.0.1/x7chat/" host=rawinput"Target host include http and /: " print "Output file: i.e: salida.txt"...