CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
February 6th, 2025 (5 months ago)
|
|
|
Description: Summary
While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on.
Details
WhoDB allows users to connect to Sqlite3 databases. By default, the databases must be present in /db/ (or alternatively ./tmp/ if development mode is enabled). Source: https://github.com/clidey/whodb/blob/ba6eb81d0ca40baead74bca58b2567166999d6a6/core/src/plugins/sqlite3/db.go#L14-L20
If no databases are present in the default directory, the UI indicates that the user is unable to open any databases:
The database file is an user-controlled value. This value is used in .Join() with the default directory, in order to get the full path of the database file to open. Source: https://github.com/clidey/whodb/blob/ba6eb81d0ca40baead74bca58b2567166999d6a6/core/src/plugins/sqlite3/db.go#L26
No checks are performed whether the database file that is eventually opened actually resides in the default directory /db.
This allows an attacker to use path traversal (../../) in order to open any Sqlite3 database present on the system.
PoC
Before running the container, an example Sqlite3 database with dummy "secret" data was created:
DB_FILE=$(mktemp)
echo "CREATE TABLE secret_table (data TEXT); INSERT INTO secret_table VALUES ('secret data')" | sqlite3 "$DB_FILE"
The container was then created with nothing mounted ...
February 6th, 2025 (5 months ago)
|
|
|
Description: Summary
The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on.
Details
The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections.
This string concatenation is done unsafely and without escaping or encoding the user input. This allows an user, in many cases, to inject arbitrary parameters into the URI string. These parameters can be potentially dangerous depending on the libraries used.
One of these dangerous parameters is allowAllFiles in the library github.com/go-sql-driver/mysql. Should this be set to true, the library enables running the LOAD DATA LOCAL INFILE query on any file on the host machine (in this case, the machine that WhoDB is running on). Source: https://github.com/go-sql-driver/mysql/blob/7403860363ca112af503b4612568c3096fecb466/infile.go#L128
By injecting &allowAllFiles=true into the connection URI and connecting to any MySQL server (such as an attacker-controlled one), the attacker is able to read local files.
PoC
As this vulnerability does not require sending requests manually and can all be done using the WhoDB UI, screenshots are provided instead of HTTP requests.
For this proof-of-concept, a clean instance of WhoDB and MySQL were set up using podman (docker is a suitable alternative):
podman network create whodb-poc...
February 6th, 2025 (5 months ago)
|
|
|
Description: UNDERGROUND-NET Defaced and Leaked the Data of SM Health Care Sdn Bhd
February 6th, 2025 (5 months ago)
|
|
|
Description: Summary
Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior.
Details
Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions.
Impact
The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use.
Solution
We address this problem by initializing hashes in vllm with a value that is no longer constant and predictable. It will be different each time vllm runs. This restores behavior we got in Python versions prior to 3.12.
Using a hashing algorithm that is less prone to collision (like sha256, for example) would be the best way to avoid the possibility of a collision. However, it would have an impact to both performance and memory footprint. Hash collisions may still occur, though they are no longer straight forward to predict.
To give an idea of the likelihood of a collision, for randomly generated hash values (assuming the hash generation built into Python is uniformly distributed), with a cache capacity of 50,000 messages and an average prompt length of 300, a collision will occur on avera...
February 6th, 2025 (5 months ago)
|
CVE-2024-57610 |
Description: A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-57610
https://github.com/Sylius/Sylius
https://github.com/nca785/CVE-2024-57610
https://sylius.com
https://github.com/advisories/GHSA-2hjh-495w-hmxc
EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
|
Description: Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.
February 6th, 2025 (5 months ago)
|
|
|
Description: "This is the most 1984 email I've ever seen," one worker said.
February 6th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Allegedly Selling IDF Bank Accounts
February 6th, 2025 (5 months ago)
|
|
|
Description: The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. [...]
February 6th, 2025 (5 months ago)
|