{"vulnerability": "CVE-2023-2908", "sightings": [{"uuid": "10720168-ff29-45aa-bdcb-d2d3a793ab7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29080", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3510", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29080\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2\u00a0due to adding\u00a0InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability.\n\ud83d\udccf Published: 2025-01-30T18:32:09Z\n\ud83d\udccf Modified: 2025-01-30T18:32:09Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-29080\n2. https://community.revenera.com/s/article/cve-2023-29080-security-patch-for-the-possible-privileged-escalation-scenarios-identified-in-installshield-nbsp", "creation_timestamp": "2025-01-30T19:12:40.000000Z"}, {"uuid": "25c6c337-8585-468a-8b11-78d656fbcf20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29081", "type": "seen", "source": "https://t.me/ctinow/174485", "content": "https://ift.tt/eJzBaO1\nCVE-2023-29081", "creation_timestamp": "2024-01-26T21:21:35.000000Z"}, {"uuid": "c941bd0b-bb41-4b03-ac58-3ad6952a506c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29087", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8307", "content": "#exploit\n1. CVE-2023-27363:\nFoxit PDF Reader exportXFAData Exposed Dangerous Method RCE Vulnerability\nhttps://github.com/j00sean/SecBugs/tree/main/CVEs/CVE-2023-27363\n\n2. CVE-2023-29087:\nShannon Baseband SIP Retry-After Header Heap Buffer Overflow\nhttps://packetstormsecurity.com/files/172295\n\n3. CVE-2023-2156:\nLinux IPv6 \"Route of Death\" 0day\nhttps://www.interruptlabs.co.uk/articles/linux-ipv6-route-of-death", "creation_timestamp": "2023-05-16T13:31:40.000000Z"}, {"uuid": "712e5ae9-864b-406f-b77e-3a42742d88c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "33226f17-f11e-468a-bc70-b59cb5873b52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:53.000000Z"}, {"uuid": "ec2600ad-fb29-407a-97b9-3fddf6eb4c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection.rb", "content": "", "creation_timestamp": "2023-06-02T16:30:01.000000Z"}, {"uuid": "e7be740f-3059-44ea-935e-f29ea4344410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "049719cf-0dcb-44ca-983f-ca103acdde73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29081", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "4c59f739-d662-4bc0-9b1f-ff7cfae42fa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29080", "type": "seen", "source": "https://t.me/cvedetector/16810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-29080 - InstallShield InstallScript MSI DLL Hijacking Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2023-29080 \nPublished : Jan. 30, 2025, 6:15 p.m. | 58\u00a0minutes ago \nDescription : Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2\u00a0due to adding\u00a0InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during installation time. The standard user account has write access to these files and folders, hence replacing them during installation time can lead to a DLL hijacking vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T20:57:47.000000Z"}, {"uuid": "c6f3d5e0-a247-46fc-9424-bbcd9dfe71e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "published-proof-of-concept", "source": "https://t.me/RespaldoHackingTeam/1201", "content": "#exploit\n1. CVE-2023-25135: \nPre-authentication RCE\nhttps://github.com/ambionics/vbulletin-exploits\n\n2. CVE-2023-29084:\nCommand injection in ManageEngine ADManager Plus\nhttps://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus", "creation_timestamp": "2023-04-16T12:59:50.000000Z"}, {"uuid": "ab883e9d-8a9d-4095-ad0c-955d82910c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29081", "type": "seen", "source": "https://t.me/ctinow/188094", "content": "https://ift.tt/wSZfblu\nCVE-2023-29081 | Revenera InstallShield 2023 R1 denial of service", "creation_timestamp": "2024-02-20T04:11:43.000000Z"}, {"uuid": "c9731ab6-8bcb-4619-9fd8-c09343c0b332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29086", "type": "seen", "source": "https://t.me/cibsecurity/62200", "content": "\u203c CVE-2023-29086 \u203c\n\nAn issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T00:26:26.000000Z"}, {"uuid": "57649d60-524c-46ac-8ca3-efc4b6e977c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29089", "type": "seen", "source": "https://t.me/cibsecurity/62195", "content": "\u203c CVE-2023-29089 \u203c\n\nAn issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T00:26:20.000000Z"}, {"uuid": "14da039e-82c1-4218-8398-2fcb006ded59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29087", "type": "seen", "source": "https://t.me/cibsecurity/62194", "content": "\u203c CVE-2023-29087 \u203c\n\nAn issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T00:26:19.000000Z"}, {"uuid": "8bb7bbb5-dad4-44d0-aebd-9531a2af7e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29088", "type": "seen", "source": "https://t.me/cibsecurity/62191", "content": "\u203c CVE-2023-29088 \u203c\n\nAn issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T00:26:16.000000Z"}, {"uuid": "ff3fb043-5ae9-4020-b8b7-d516b31300e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29085", "type": "seen", "source": "https://t.me/cibsecurity/62188", "content": "\u203c CVE-2023-29085 \u203c\n\nAn issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T00:26:10.000000Z"}, {"uuid": "de681a59-a933-4143-ad6a-2ec485ef99a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8127", "content": "#exploit\n1. CVE-2023-25135: \nPre-authentication RCE\nhttps://github.com/ambionics/vbulletin-exploits\n\n2. CVE-2023-29084:\nCommand injection in ManageEngine ADManager Plus\nhttps://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus", "creation_timestamp": "2023-04-16T16:39:36.000000Z"}, {"uuid": "003fbc16-ff69-4d9f-9603-7d2b6f0a277e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2023-29080", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918546518575953", "content": "", "creation_timestamp": "2025-01-30T17:44:32.127835Z"}, {"uuid": "6ddac405-19db-4864-868c-68d30686a0bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29080", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgy3pdajj72c", "content": "", "creation_timestamp": "2025-01-30T18:15:52.899540Z"}, {"uuid": "18665562-e61b-4ae1-83e2-61d0435849f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29080", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgya4y7azs2e", "content": "", "creation_timestamp": "2025-01-30T19:35:07.729617Z"}, {"uuid": "2c93f2cc-2851-46f8-aaa1-0aec1693b1af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29084", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10917", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2023-29084 Command injection in ManageEngine ADManager Plus.\n\nhttps://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/", "creation_timestamp": "2023-04-16T01:03:19.000000Z"}]}