Chebuya

**Name of the Vulnerable Software and Affected Versions** Sliver versions 1.5.26 through 1.5.42 **Description** The reverse port forwarding in Sliver Teamserver allows the implant to open a reverse tunnel on the Sliver Teamserver without verifying if the operator instructed the implant to do so. This issue can lead to the exposure of the server's IP address to a third party. **Recommendations** For Sliver versions 1.5.26 through 1.5.42, upgrade to version 1.5.43 to address the issue. As a temporary workaround, consider disabling the reverse port forwarding feature in the Sliver Teamserver until a patch is available. Restrict access to the Sliver Teamserver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BYOB (Build Your Own Botnet) version 2.0 **Description** An arbitrary file write issue in the exfiltration endpoint allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in `file add` in `api/files/routes.py`. **Recommendations** As a temporary workaround, consider disabling the `file add` function in `api/files/routes.py` until a patch is available. Restrict access to the exfiltration endpoint to minimize the risk of exploitation. Avoid using crafted parameters in unauthenticated HTTP requests to the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.