1678 matches found
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution
Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...
RHEL 8 : OpenShift Container Platform 4.1.38 skopeo (RHSA-2020:0697)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0697 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...
Giting Command Execution Vulnerability
Giting is a Git version control system server. A security vulnerability exists in Giting versions prior to 0.0.8, which is caused by the program executing the 'repo' parameter of the 'pull' function without performing arbitrary validation. The vulnerability can be exploited to execute arbitrary...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.11.6: Fix missing authorization check on pull for public repos of private/limited org 11656 11683 Use session for retrieving org teams 11438 11439...
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull" is executed by the package without any validation...
CVE-2019-10802
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull" is executed by the package without any validation...
CVE-2019-10802
CVE-2019-10802 affects giting prior to version 0.0.8. The vulnerability arises because the first argument of the pull() function, named repo, is executed by the package without input validation, allowing arbitrary command execution (command injection). Several sources (Red Hat, Snyk, CNVD, GHSA, ...
Command Injection
Overview giting is a Git server. Affected versions of this package are vulnerable to Command Injection. The first argument "repo" of function pull is executed by the package without any validation. PoC by JHU System Security Lab var Test = require"giting"; var injectioncommand = ";echo vulnerable...
WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How "What the Hack" is a challenge based hackathon format Challenges describe high-level tasks and goals to be...
AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
AlertResponder is a serverless framework for automatic response of security alert. Overview AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response. 1. Inspector investigates entiti...
Command Injection
Overview All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix i...
CVE-2019-15589
An improper access control vulnerability exists in Gitlab v12.3.2, v12.2.6, v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before...
UBUNTU-CVE-2019-15589
An improper access control vulnerability exists in Gitlab v12.3.2, v12.2.6, v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before...
DEBIAN-CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
Input validation
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
UBUNTU-CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...