{"vulnerability": "CVE-2023-3403", "sightings": [{"uuid": "f8872cfc-0706-4e7e-a1f0-4c20e84c7a7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/Cyber_Watch_insider/57", "content": "PoC of the latest VMware Aria CVE:\n\nhttps://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/", "creation_timestamp": "2023-09-03T06:28:38.000000Z"}, {"uuid": "bfc71349-1377-4edf-864b-8463a54022f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/poxek/3284", "content": "VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)\n\n#CVE #RCE", "creation_timestamp": "2023-10-14T12:49:22.000000Z"}, {"uuid": "63c69abe-90a4-41ed-afab-d47558c8ffad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://t.me/kasperskyb2b/844", "content": "\ud83d\udd04 VMWare \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u0434\u0432\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Aria Operations for Networks.  \u041e\u0434\u043d\u0430 (CVE-2023-34039, CVSS 9.8) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (CLI) \u0431\u0435\u0437 \u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u0439 SSH-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.  \u0412\u0442\u043e\u0440\u0430\u044f (CVE-2023-20890, CVSS 7.2) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0443 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f \u043a RCE.\n\n\u0412\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Aria Operations for Networks (\u0432 \u0434\u0435\u0432\u0438\u0447\u0435\u0441\u0442\u0432\u0435 vRealize Network Insight) \u0440\u0430\u043d\u0435\u0435 6.11 \u0443\u044f\u0437\u0432\u0438\u043c\u044b, \u043c\u0435\u0440 \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u2014 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0430\u0442\u0447\u0438\u0442\u044c\u0441\u044f.  \u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430\u0439\u0434\u0435\u043d\u044b \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 (\u043f\u043e\u043a\u0430) \u043d\u0435 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043e.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-08-31T10:38:02.000000Z"}, {"uuid": "2c46b17e-5207-45cc-bfe8-0343f0ae73c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "Telegram/Y5lRb5s2N7Y_QSvEvEyWrSx2lCXHgn5HSFsrR-o2cggJ", "content": "", "creation_timestamp": "2023-10-23T00:32:37.000000Z"}, {"uuid": "c6746d70-02e1-4043-8471-dedae0436f12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "Telegram/-0SggK295r_PMGpy4saKIHlhBSOW72-EpYhelgiyQ4dFAw", "content": "", "creation_timestamp": "2023-11-15T11:58:15.000000Z"}, {"uuid": "fc08a348-0d61-4096-a84e-876c2b2546f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/arpsyndicate/910", "content": "#ExploitObserverAlert\n\nCVE-2023-34034\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-34034. Using \"**\" as a pattern in Spring Security configuration  for WebFlux creates a mismatch in pattern matching between Spring  Security and Spring WebFlux, and the potential for a security bypass.\n\nFIRST-EPSS: 0.002050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T01:22:14.000000Z"}, {"uuid": "d6b6e74a-6678-45a6-bc53-e30cfb2ba0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://t.me/arpsyndicate/48", "content": "#ExploitObserverAlert\n\nCVE-2023-34039\n\nDESCRIPTION: Exploit Observer has 12 entries related to CVE-2023-34039. Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation.\u00a0A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.\n\nFIRST-EPSS: 0.212410000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-10T20:22:49.000000Z"}, {"uuid": "840f5b03-9972-45f7-af55-f7d65974d2d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "Telegram/ccbvQJvXQtQB8LG2096HlSSu4lpAGPiIOa3lJMflv_Ousw", "content": "", "creation_timestamp": "2023-08-30T14:38:20.000000Z"}, {"uuid": "86b130ef-a743-4059-8823-4b5d88d57749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4311", "content": "\ud83d\udcdfXavier Marks Indonesian Data Leak : Download\n\n\ud83d\udc7eCVE-2023-34039 Exploit : Download\n\n\ud83d\udc32Craxs Rat V6.7 : Download\n\n\ud83d\udd78Invicti Standard V23.9.0.42095 Crack : Download\n\n\ud83e\ude85Telegram Bot For Remote Access To Computer Files : Download\n\n\ud83d\udcefGet IP Address On Other Side Audio Call In Telegram : Download", "creation_timestamp": "2023-09-17T05:42:28.000000Z"}, {"uuid": "440ea02c-08d1-486a-a515-038e9ffe7675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/180567", "content": "https://ift.tt/N6lHVqy\nCVE-2023-34034 | Oracle Communications Unified Inventory Management 7.4.1/7.4.2 Security Component Remote Code Execution", "creation_timestamp": "2024-02-07T08:41:42.000000Z"}, {"uuid": "750f528e-1b99-46da-a969-80590ace6414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/181272", "content": "https://ift.tt/qQzLS7r\nCVE-2023-34034 | Oracle Banking Liquidity Management up to 14.7.0 Common Remote Code Execution", "creation_timestamp": "2024-02-08T10:41:45.000000Z"}, {"uuid": "698092a9-2e4b-4ce5-88c1-5d375ad1464e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34030", "type": "seen", "source": "https://t.me/ctinow/157535", "content": "https://ift.tt/u4yzNnC\nCVE-2023-34030 | Really Simple Plugins Complianz Plugin/Complianz Premium Plugin on WordPress cross-site request forgery", "creation_timestamp": "2023-12-21T08:37:51.000000Z"}, {"uuid": "ccdd5515-b4b9-472b-a5e6-a36f2ba2aa32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34032", "type": "seen", "source": "https://t.me/cibsecurity/69441", "content": "\u203c CVE-2023-34032 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <=\u00c2\u00a01.0.12 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T18:12:24.000000Z"}, {"uuid": "8b148924-e5a3-4a55-9b98-3522695b9f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://t.me/cibsecurity/69376", "content": "\u203c CVE-2023-34039 \u203c\n\nAria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation.\u00c2\u00a0A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-29T22:17:36.000000Z"}, {"uuid": "6e517f4c-1a67-47a3-82ce-5ebb0e967b71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3403", "type": "seen", "source": "https://t.me/cibsecurity/66874", "content": "\u203c CVE-2023-3403 \u203c\n\nThe ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T07:25:49.000000Z"}, {"uuid": "a693854e-49bb-4ce9-bb2e-cf7ed2b423c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34036", "type": "seen", "source": "https://t.me/cibsecurity/66807", "content": "\u203c CVE-2023-34036 \u203c\n\nReactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded\u00e2\u20ac\u00a6\u00c2\u00a0headers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T14:35:01.000000Z"}, {"uuid": "964ffe25-a497-4df9-8a01-24d2937971e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://t.me/thehackernews/3803", "content": "\ud83d\udea8 Critical Security Alert!  \n \nNew authentication bypass and file write vulnerabilities found in VMware's Aria Operations Networks that could lead to remote code execution attacks. \n \nKnow more about CVE-2023-34039 and CVE-2023-20890: https://thehackernews.com/2023/08/critical-vulnerability-alert-vmware.html", "creation_timestamp": "2023-08-30T09:18:18.000000Z"}, {"uuid": "9ba1f771-ce99-496c-80ad-725a2aa94b66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "315f80d5-2143-411f-b396-37977e9f20ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11493", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day exploit code | noCVE-2023-34039: Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).\n\nhttps://thehackernews.com/2023/09/poc-exploit-released-for-critical.html", "creation_timestamp": "2023-09-03T22:23:43.000000Z"}, {"uuid": "3b87f45c-3442-4f2c-9e83-fb04fb1bc4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6045", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aDemonstration of CVE-2023-24034 authorization bypass in Spring Security \nURL\uff1ahttps://github.com/hotblac/cve-2023-34034\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-02T10:56:01.000000Z"}, {"uuid": "cda40da4-d3c2-49eb-8614-6daf37e4f273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://t.me/ctinow/134810", "content": "https://ift.tt/PL5uQRY\nVMware Aria Operations for Networks Authentication Bypass Vulnerability (CVE-2023-34039) - Security Boulevard", "creation_timestamp": "2023-09-05T16:52:19.000000Z"}, {"uuid": "71a48c22-3a19-41a1-8a35-7894fac39dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/134513", "content": "https://ift.tt/QRtxXD3\nPoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks", "creation_timestamp": "2023-09-03T19:07:31.000000Z"}, {"uuid": "821f3798-fa4a-45de-b900-b561987c559b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://t.me/ctinow/133791", "content": "https://ift.tt/0FsLECw\nVMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)", "creation_timestamp": "2023-08-30T14:33:15.000000Z"}, {"uuid": "315941d0-e2b0-4feb-8ff4-401223141df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/KomunitiSiber/737", "content": "PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability\nhttps://thehackernews.com/2023/09/poc-exploit-released-for-critical.html\n\nProof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).\nThe flaw, tracked as\u00a0CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.\n\u201cA", "creation_timestamp": "2023-09-03T09:20:33.000000Z"}, {"uuid": "4100fe5f-e1fe-49a9-988a-3d53cb3d0f0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "Telegram/axcjS-pjejSYiAQFt0jBcD4tylfvrOresV-gsZPupIPzOQ", "content": "", "creation_timestamp": "2023-09-17T05:40:42.000000Z"}, {"uuid": "447be894-f41c-407a-8198-aa546e8daf60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/xxexm/1190", "content": "#tools\n\nCVE-2023-34039\n\n\u0641\u0643\u0631\u0629 \u0627\u0644 CVE :\n\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0628\u0631\u0648\u062a\u0643\u0648\u0644 SSH \u0648 \u0627\u062e\u062a\u0631\u0627\u0642\u0629 \n\u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u0623\u0635\u062f\u0631\u0627\u062a \u0645\u0646 \n6.0 \u0627\u0644\u0649 6.10\n\nhttps://github.com/sinsinology/CVE-2023-34039", "creation_timestamp": "2023-09-07T20:46:42.000000Z"}, {"uuid": "71777943-3ee5-4024-8c48-e68ac5302578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3176", "content": "Hackers Factory \n\nSocial engineering tool [Access Webcam & Microphone & Location Finder] With Python\n\nhttps://github.com/ultrasecurity/Storm-Breaker\n\nEternalHush - new free advanced open-source c2 framework\n\nhttps://github.com/APT64/EternalHushFramework\n\nVMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)\n\nhttps://github.com/sinsinology/CVE-2023-34039\n\nCSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.\n\nhttps://github.com/BrunoTeixeira1996/CVE-2023-36250\n\nA collection of tools for security research on Starlink's User Terminal\n\nhttps://github.com/quarkslab/starlink-tools\n\nSession Hijacking Visual Exploitation\n\nhttps://github.com/doyensec/Session-Hijacking-Visual-Exploitation\n\nPwn2Own Vancouver 2023 Ubuntu LPE exploit\n\nhttps://github.com/synacktiv/CVE-2023-35001\n\nMaking Favicon.ico based Recon Great again \n\nhttps://github.com/devanshbatham/FavFreak\n\nA modern tool written in Python that automates your xss findings.\n\nhttps://github.com/faiyazahmad07/xss_vibes\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\n#infosec #cybersecurity #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-04T16:29:39.000000Z"}, {"uuid": "19eb0f51-457b-4ad4-a83c-2201a21028db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1662", "content": "CVE-2023-34034\nSpring WebFlux \nWrite-Up and POC", "creation_timestamp": "2023-08-08T21:07:53.000000Z"}, {"uuid": "539d069d-612c-4352-94b6-96eeae4a36d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/5204", "content": "\ud83d\udcdfXavier Marks Indonesian Data Leak : Download\n\n\ud83d\udc7eCVE-2023-34039 Exploit : Download\n\n\ud83d\udc32Craxs Rat V6.7 : Download\n\n\ud83d\udd78Invicti Standard V23.9.0.42095 Crack : Download\n\n\ud83e\ude85Telegram Bot For Remote Access To Computer Files : Download\n\n\ud83d\udcefGet IP Address On Other Side Audio Call In Telegram : Download", "creation_timestamp": "2024-02-05T08:19:00.000000Z"}, {"uuid": "ae49e6e1-81b4-44ab-ba4d-d34d0b3d2418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/cibsecurity/67011", "content": "\u203c CVE-2023-34034 \u203c\n\nUsing \"**\" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T18:21:56.000000Z"}, {"uuid": "be6d8e44-6220-4798-9fcf-4438b35ad2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34035", "type": "seen", "source": "https://t.me/cibsecurity/66926", "content": "\u203c CVE-2023-34035 \u203c\n\nSpring Security versions 5.8\u00c2\u00a0prior to 5.8.5, 6.0\u00c2\u00a0prior to 6.0.5,\u00c2\u00a0and 6.1\u00c2\u00a0prior to 6.1.2\u00c2\u00a0could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String)\u00c2\u00a0and multiple servlets, one of them being Spring MVC\u00e2\u20ac\u2122s DispatcherServlet.\u00c2\u00a0(DispatcherServlet\u00c2\u00a0is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC\u00e2\u20ac\u2122s DispatcherServlet) * The application uses requestMatchers(String)\u00c2\u00a0to refer to endpoints that are not Spring MVC endpointsAn application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC\u00e2\u20ac\u2122s DispatcherServlet * The application uses requestMatchers(String)\u00c2\u00a0only for Spring MVC endpoints\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T20:31:03.000000Z"}, {"uuid": "abd97350-92cb-4f51-8e23-4831b952139b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34037", "type": "seen", "source": "https://t.me/cibsecurity/67759", "content": "\u203c CVE-2023-34037 \u203c\n\nVMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T17:25:08.000000Z"}, {"uuid": "0ad8eb4e-14ba-40f1-ac33-ac7889c3087f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8886", "content": "#exploit\n1. LPE on the DJI RM500 Smart Controller\nhttps://icanhack.nl/blog/dji-rm500-privilege-escalation\n\n2. CVE-2023-34034:\nSpring WebFlux PoC\nhttps://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept", "creation_timestamp": "2023-08-21T10:55:25.000000Z"}, {"uuid": "ece3df08-51ea-4e38-beb0-38a292d26097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "9f70f7ef-a7d3-40d4-9470-c4d22ec13217", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:00.000000Z"}, {"uuid": "de1a7560-3a9c-46ba-93d4-761dd29627e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5076", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-34039\nURL\uff1ahttps://github.com/syedhafiz1234/CVE-2023-34039\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-04T03:32:01.000000Z"}, {"uuid": "8de6f96e-708c-41a8-b55a-847486384b70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3182", "content": "Hackers Factory \n\nTrack down GitHub users.\n\nhttps://github.com/mxrch/GitFive\n\nHere it is, the VMware newest exploit\n\nhttps://github.com/Cyb3rEnthusiast/CVE-2023-34039\n\nA shellcode injection tool capable of bypassing AMSI. Features the QueueUserAPC() injection technique and supports XOR encryption\n\nhttps://github.com/trevorsaudi/Mshikaki\n\nan exploit of Server-side request forgery (SSRF)\n\nhttps://github.com/errorfiathck/ssrf-exploit\n\nUnauthenticated-RCE-FUXA-CVE-2023-33831\n\nhttps://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831\n\nCVE-2023-28229\n\nhttps://github.com/Y3A/CVE-2023-28229\n\nIntroductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.\n\nhttps://github.com/arth0sz/Practice-AD-CS-Domain-Escalation\n\nEternalHush - new free advanced open-source c2 framework\n\nhttps://github.com/APT64/EternalHushFramework\n\nPerforms OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. \n\nhttps://github.com/SharadKumar97/OSINT-SPY\n\nGitHub - wvanderp/awesome-dutch-osint\n\nhttps://github.com/wvanderp/awesome-dutch-osint\n\n#infosec #cybersecurity #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-09-07T08:00:59.000000Z"}, {"uuid": "6176b828-31ed-4ca0-bff9-7e4b85790b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/4804", "content": "\u0412\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043a\u0440\u0443\u043f\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SSH \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 VMware Aria Operations for Networks (\u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u043a\u0430\u043a vRealize Network Insight).\n\nCVE-2023-34039 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0438\u0437 ProjectDiscovery Research \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 VMware \u0432 \u043f\u0440\u043e\u0448\u043b\u0443\u044e \u0441\u0440\u0435\u0434\u0443 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 6.11.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e SSH \u043d\u0430 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0438\u0437-\u0437\u0430 \u00ab\u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430\u00bb.\n\nVMware \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 CVE-2023-34039 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435, \u0447\u0435\u0440\u0435\u0437 \u0434\u0432\u0430 \u0434\u043d\u044f \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0430\u0433\u0438.\n\nPoC \u043d\u0430\u0446\u0435\u043b\u0435\u043d \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Aria Operations for Networks \u0441 6.0 \u043f\u043e 6.10. \u041e\u043d \u0431\u044b\u043b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d \u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c Summoning Team \u0421\u0438\u043d\u043e\u0439 \u0425\u0435\u0439\u0440\u043a\u0445\u043e\u0439.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u043d \u043d\u0430\u0437\u0432\u0430\u043b - \u0436\u0435\u0441\u0442\u043a\u043e \u0437\u0430\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 SSH, \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a VMware \u0437\u0430\u0431\u044b\u043b\u0430 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 SSH, \u0438 \u0447\u0442\u043e\u0431\u044b \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u0435\u043c\u0443 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0432\u0441\u0435 \u043a\u043b\u044e\u0447\u0438 \u0438\u0437 \u0440\u0430\u0437\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u044d\u0442\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430.\n\n\u041d\u0430 \u043d\u0435\u0434\u0435\u043b\u0435 VMware \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 (CVE-2023-20890), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c RCE \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 (PoC CVE-2023-34039 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0438\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u043f\u0440\u0430\u0432\u0430 \u043f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u0430\u0442\u0430\u043a\u0438).\n\n\u0412 \u0441\u0432\u0435\u0442\u0435 \u044d\u0442\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Aria Operations for Networks \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0435\u0432\u0435\u043d\u0442\u0438\u0432\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u043f\u0440\u043e\u0442\u0438\u0432 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0430\u0442\u0430\u043a.", "creation_timestamp": "2023-09-04T18:30:06.000000Z"}, {"uuid": "a0dbbace-a923-47ac-9f34-49bd5f875b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "Telegram/HN9hPbaAIC-EMsKpuBEKpt_lBAGKgR9MPj6X-aKfaNotSQg", "content": "", "creation_timestamp": "2023-09-04T08:55:45.000000Z"}, {"uuid": "4570c5fd-f1eb-40b4-a938-8a883df26baa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4260", "content": "\ud83d\udcccEmpower Insurance Data Leak : Download\n\n\ud83e\ude85Xavier Marks Indonesian Data Leak : Download\n\n\ud83d\udcdfCVE-2023-34039 Exploit Poc : Download\n\n\ud83d\udc32Shodan Dorks 2023 : Download\n\n\ud83d\udcefNOVI PAZAR \u2013 PUT Data Leak : Download\n\n\ud83d\udd78CVE-2023-4596 Forminator WordPress Plugin Exploit : Download\n\n\ud83e\udeacChatGPT Next Web : Download\n\n\ud83d\udc00XWorm v5.0 RAT Cracked : Download", "creation_timestamp": "2023-09-04T20:31:02.000000Z"}, {"uuid": "58805eb2-8b4e-48a8-b4f2-b550ed862853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/180559", "content": "https://ift.tt/0NS6DGI\nCVE-2023-34034 | Oracle Communications Service Catalog and Design 7.4.2.8.0 PSR Designer Remote Code Execution", "creation_timestamp": "2024-02-07T08:11:29.000000Z"}, {"uuid": "99452a47-82c7-4855-a9b8-3309838c23cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/180719", "content": "https://ift.tt/0ZHe1Ka\nCVE-2023-34034 | Oracle Communications Cloud Native Core Network Slice Selection Function Install/Upgrade Remote Code Execution", "creation_timestamp": "2024-02-07T14:46:52.000000Z"}, {"uuid": "7a4df7a0-4ad3-40a5-87e7-ec270626b013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/181258", "content": "https://ift.tt/KXNw0aS\nCVE-2023-34034 | Oracle Banking Digital Experience 21.1.0/22.1.0/22.2.0 UI General Remote Code Execution", "creation_timestamp": "2024-02-08T10:11:46.000000Z"}, {"uuid": "3ff25587-d3db-466e-b605-e3bc719ef881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "seen", "source": "https://t.me/ctinow/181256", "content": "https://ift.tt/PKwbINc\nCVE-2023-34034 | Oracle Banking Corporate Lending Process Management up to 14.7.0 Base Remote Code Execution", "creation_timestamp": "2024-02-08T10:11:40.000000Z"}, {"uuid": "3222e87c-5792-45aa-8c06-24cfccd22bbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34038", "type": "seen", "source": "https://t.me/cibsecurity/67758", "content": "\u203c CVE-2023-34038 \u203c\n\nVMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T17:25:01.000000Z"}, {"uuid": "105e892e-60ca-49f0-ba90-06d3e6c8d4fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/3819", "content": "Exploit code now available for critical SSH authentication bypass flaw in VMware Aria Operations for Networks. Discover how CVE-2023-34039 could lead to unauthorized access. \n \nRead detais: https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html", "creation_timestamp": "2023-09-03T06:45:21.000000Z"}, {"uuid": "f4876980-6b14-4b23-b48f-c753e5ec944c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7629", "content": "Spring WebFlux \u2013 CVE-2023-34034 \u2013 Write-Up and Proof-of-Concept\n\nhttps://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept/", "creation_timestamp": "2023-08-08T23:19:26.000000Z"}, {"uuid": "e180c525-2045-4f75-9e0a-40a4a6336260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/837", "content": "https://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept/\ncve-2023-34034\n#poc", "creation_timestamp": "2023-08-09T06:55:26.000000Z"}, {"uuid": "27a9504c-716f-493c-b19f-386e6534938b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34034", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/902", "content": "https://jfrog.com/blog/spring-webflux-cve-2023-34034-write-up-and-proof-of-concept\ncve 2023-34034 poc", "creation_timestamp": "2023-08-21T05:00:50.000000Z"}, {"uuid": "9b15e924-31b1-43a4-b755-0e1126c0a455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8961", "content": "#exploit\n1. CVE-2023-34039:\nVMWare Aria Operations for Networks Static SSH key RCE\nhttps://github.com/sinsinology/CVE-2023-34039\n\n2. CVE-2023-34039:\nCritical Authentication Bypass Vulnerability in VMware Aria Operations for Networks\nhttps://github.com/Cyb3rEnthusiast/CVE-2023-34039", "creation_timestamp": "2023-09-03T22:06:03.000000Z"}, {"uuid": "7f1f9e54-a75c-4bfb-90e5-f3983eaac6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5582", "content": "VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)\n\n#CVE #RCE \n \u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-10-14T13:45:42.000000Z"}, {"uuid": "7ea09de4-2f07-4aed-86ac-ba0e5278d1bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:54.000000Z"}, {"uuid": "cb4cd355-dc4a-4200-9e43-6164c16d012e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/vmware_vrni_known_privkey.rb", "content": "", "creation_timestamp": "2023-10-24T15:55:19.000000Z"}, {"uuid": "ae6fe42f-fa4f-45e2-9e07-928e2238b9b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_15/2023", "content": "", "creation_timestamp": "2023-08-30T09:43:07.000000Z"}, {"uuid": "39c97566-7e47-4819-b4ae-65a0976e11e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/26", "content": "#exploit\n#CVE-2023-34039:\nCritical Authentication Bypass Vulnerability in VMware Aria Operations for Networks\nhttps://github.com/Cyb3rEnthusiast/CVE-2023-34039", "creation_timestamp": "2023-09-03T15:44:26.000000Z"}, {"uuid": "4962694c-9c68-47b8-8805-35acb8133092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34039", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/25", "content": "#exploit\n#CVE-2023-34039:\nVMWare Aria Operations for Networks Static SSH key RCE\nhttps://github.com/sinsinology/CVE-2023-34039", "creation_timestamp": "2023-09-03T15:44:02.000000Z"}]}