{"vulnerability": "CVE-2023-22974", "sightings": [{"uuid": "3cc851e0-6b2b-4a9f-a3ef-72b86017af7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "seen", "source": "https://t.me/cibsecurity/58715", "content": "\u203c CVE-2023-22974 \u203c\n\nA Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T00:52:14.000000Z"}, {"uuid": "3af63711-657b-4ca6-bb85-f6bae1eb4ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7812", "content": "#exploit\n1. CVE-2022-25664:\nReading memory on an Android device by accident\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident\n\n2. CVE-2023-22974:\nOpenEMR <7.0.0 - Arbitrary File Read\nhttps://github.com/gbrsh/CVE-2023-22974", "creation_timestamp": "2023-02-24T15:12:17.000000Z"}, {"uuid": "08c67f43-4e63-40d7-8fcb-a15b0ce7a6ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2346", "content": "#Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bokta scim attack tool\n\nThis repository contains a pen-testing tool based on passbleed that allows pen-testers to extract clear text passwords from Okta by abusing Okta's implementation of the System for Cross-domain Identity Management (SCIM) protocol. The issue allows for clear text password stealing and PII theft.\n\nhttps://github.com/authomize/okta_scim_attack_tool\n\nDetails:\nhttps://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/#challenges\n\nLinux Kodachi 8.27\n\nLinux Kodachi is a privacy-focused operating system based on Ubuntu that is designed to provide users with a secure and anonymous online experience. With pre-installed VPN, Tor connection, and DNScrypt service, Kodachi is easy to use and requires no setup or Linux knowledge. \n\nIt is a live operating system that can be started on any computer from a DVD, USB stick, or SD card, leaving no trace of activity once shut down. Kodachi aims to preserve the privacy and anonymity of its users, making it a great option for those who are concerned about their online security.\n\nhttps://sourceforge.net/projects/linuxkodachi/\n\n#os #security #linux #ubuntu #privacy\n\n\u200b\u200bSubzy\n\nSubdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz.\n\nhttps://github.com/LukaSikic/subzy\n\n#pentesting #bugbounty\n\n\u200b\u200bChatbot Injections & Exploits\ud83d\udc31\u200d\ud83d\udcbb\n\nWelcome to the ChatBot Injections & Exploits repo. This repo is a collection of known and not ChatBot injections and exploits to \"trick\" any ChatBot into doing something it shouldn't.\n\nhttps://github.com/Cranot/chatbot-injections-exploits\n\n#chatgpt #gpt\n\n\u200b\u200bOffSec Tools\n\nThis repository is intended for pentesters and red teamers using a variety of offensive security tools during their assessments. The repository is a collection of useful tools suitable for assessments in internal environments. We fetch and compile the latest version of each tool on a regular basis and provide it to you as a release.\n\nYou don't have to worry about updating and compiling the tools yourself. Just download the latest release and find all the awesome tools you will need in a single archive.\n\nhttps://github.com/Syslifters/offsec-tools\n\n\u200b\u200bSpy Extension\n\nThis Chrome extension will steal literally everything it can. User discretion advised.\n\nhttps://github.com/msfrisbie/spy-extension\n\nDetails:\nhttps://mattfrisbie.substack.com/p/spy-chrome-extension\n\n\u200b\u200bAzure-AccessPermissions\n\nEasy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.\n\nhttps://github.com/csandker/Azure-AccessPermissions\n\n\u200b\u200bfuzz4bounty\n\nAwesome wordlists for Bug Bounty Hunting\n\nThis repository contains publicly available wordlists for Bug hunting. The main Objective for creating this repo is to bring all the available worlists at one place.\n\nWordlists will be updated regularly.\n\nhttps://github.com/0xPugazh/fuzz4bounty\n\n\u200b\u200bVidar Spaming Tool\n\nViDone is capable of speaking with Vidar Command & Control servers enabling Defenders, Researchers and Law Enforcment to inject data into attacker's data.\n\nhttps://github.com/hariomenkel/ViDone\n\n\u200b\u200bAD-Config-Automation\n\nAutomating Active Directory Environment Configuration\n\nThese are collections of scripts and pieces of code that I use to set up my Active directory Home Lab for self practices or official trainings, mainly focused on security misconfigurations. You can use these scripts individually or embed them in your other automation tools or scripts.\n\nhttps://github.com/kha1ifuzz/AD-Config-Automation\n\n\u200b\u200bCVE-2023-22974\n\nOpenEMR < 7.0.0 Arbitrary File Read.\n\nhttps://github.com/gbrsh/CVE-2023-22974\n\n#cve\n\n\u200b\u200bHawkScan\n\nSecurity Tool for Reconnaissance and Information Gathering on a website. (python 3.x)\n\nhttps://github.com/c0dejump/HawkScan\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n#Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2023-02-27T10:17:15.000000Z"}, {"uuid": "c9d7e334-0f24-4c6f-a8e3-191462b6fdec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/712", "content": "CVE-2023-22974 : OpenEMR < 7.0.0 Arbitrary File Read\nPOC : https://github.com/gbrsh/CVE-2023-22974", "creation_timestamp": "2023-02-26T18:30:14.000000Z"}, {"uuid": "88b62a65-5402-4356-b8bd-95c8fb41de98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "published-proof-of-concept", "source": "Telegram/fVAi-2jlumWXp_13t2tpVSnrXbgvd4NCjsvYezRXGI3Ek9I", "content": "", "creation_timestamp": "2023-02-28T20:07:41.000000Z"}, {"uuid": "cd503123-f6a9-4f76-87ea-99e4398c15fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "published-proof-of-concept", "source": "Telegram/qh6a8iTNEQsIE0clp8wGnoQBR1wanvuQImFvBx2w5KBFyZ0", "content": "", "creation_timestamp": "2023-02-26T12:28:03.000000Z"}, {"uuid": "3cf34068-fa76-4be3-b8db-10083b30ade5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22974", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2672", "content": "https://github.com/gbrsh/CVE-2023-22974", "creation_timestamp": "2023-02-28T09:25:47.000000Z"}]}