CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10963 |
Description: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
February 7th, 2025 (5 months ago)
|
|
|
February 6th, 2025 (5 months ago)
|
|
|
Description: OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.
February 6th, 2025 (5 months ago)
|
|
|
Description: 12 Git Commands
February 6th, 2025 (5 months ago)
|
|
|
Description: In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
February 6th, 2025 (5 months ago)
|
|
|
Description: Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.
February 6th, 2025 (5 months ago)
|
|
|
Description: Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]
February 6th, 2025 (5 months ago)
|
|
|
February 6th, 2025 (5 months ago)
|
|
|
Description: Summary
While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on.
Details
WhoDB allows users to connect to Sqlite3 databases. By default, the databases must be present in /db/ (or alternatively ./tmp/ if development mode is enabled). Source: https://github.com/clidey/whodb/blob/ba6eb81d0ca40baead74bca58b2567166999d6a6/core/src/plugins/sqlite3/db.go#L14-L20
If no databases are present in the default directory, the UI indicates that the user is unable to open any databases:
The database file is an user-controlled value. This value is used in .Join() with the default directory, in order to get the full path of the database file to open. Source: https://github.com/clidey/whodb/blob/ba6eb81d0ca40baead74bca58b2567166999d6a6/core/src/plugins/sqlite3/db.go#L26
No checks are performed whether the database file that is eventually opened actually resides in the default directory /db.
This allows an attacker to use path traversal (../../) in order to open any Sqlite3 database present on the system.
PoC
Before running the container, an example Sqlite3 database with dummy "secret" data was created:
DB_FILE=$(mktemp)
echo "CREATE TABLE secret_table (data TEXT); INSERT INTO secret_table VALUES ('secret data')" | sqlite3 "$DB_FILE"
The container was then created with nothing mounted ...
February 6th, 2025 (5 months ago)
|