{"vulnerability": "CVE-2023-3512", "sightings": [{"uuid": "b8f9f86a-d629-44a7-9cc5-6fa753bc708d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3512", "type": "seen", "source": "https://t.me/cibsecurity/71558", "content": "\u203c CVE-2023-3512 \u203c\n\nRelative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the \"Download file\" parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T14:11:56.000000Z"}, {"uuid": "ec94b0d4-2fe7-4888-aaa7-cd10a54dac75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35121", "type": "seen", "source": "https://t.me/ctinow/201361", "content": "https://ift.tt/p2Ng9o5\nCVE-2023-35121 | Intel oneAPI DPC++ Compiler Software prior 2023.2.1 access control (intel-sa-00988)", "creation_timestamp": "2024-03-06T14:11:50.000000Z"}, {"uuid": "e5984187-24bb-4c4a-98cd-ae0bd11a3818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35126", "type": "seen", "source": "https://t.me/cibsecurity/72592", "content": "\u203c CVE-2023-35126 \u203c\n\nAn out-of-bounds write vulnerability exists within the parsers for both the \"DocumentViewStyles\" and \"DocumentEditStyles\" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-19T20:34:37.000000Z"}, {"uuid": "521c2d2f-8a32-402b-a728-4b6559107673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35121", "type": "seen", "source": "https://t.me/ctinow/184807", "content": "https://ift.tt/uql9jeB\nCVE-2023-35121", "creation_timestamp": "2024-02-14T17:03:00.000000Z"}, {"uuid": "e81233c1-847c-4166-a388-f27194781edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35128", "type": "seen", "source": "https://t.me/ctinow/173409", "content": "https://ift.tt/vkDaSNd\nCVE-2023-35128 | GTKWave 3.3.115 fstReaderIterBlocks2 integer overflow (TALOS-2023-1792)", "creation_timestamp": "2024-01-25T12:41:19.000000Z"}, {"uuid": "a4485113-d385-43ce-bce5-aefcc737866f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35124", "type": "seen", "source": "https://t.me/cibsecurity/69858", "content": "\u203c CVE-2023-35124 \u203c\n\nAn information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-05T20:17:05.000000Z"}, {"uuid": "3c910a84-6c19-4025-a17e-7b432e2dd4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35128", "type": "seen", "source": "https://t.me/ctinow/165611", "content": "https://ift.tt/ecBOfbK\nCVE-2023-35128 Exploit", "creation_timestamp": "2024-01-10T08:16:29.000000Z"}, {"uuid": "16b2f0fb-aedf-4432-8629-2172d6b21c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35120", "type": "seen", "source": "https://t.me/cibsecurity/66177", "content": "\u203c CVE-2023-35120 \u203c\n\nPiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T07:26:00.000000Z"}, {"uuid": "2bf22c8e-2f40-48de-9622-393d3cfd5fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35126", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10206", "content": "#exploit\n1. CVE-2024-2891:\nXbox GamingService Arbitrary Folder Move\nhttps://packetstormsecurity.com/files/177712/Xbox-GamingService-Arbitrary-Folder-Move.html\n\n2. Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word (CVE-2023-35126, CVE-2023-34366, CVE-2023-38127, CVE-2023-38128)\nhttps://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite", "creation_timestamp": "2024-03-24T17:54:38.000000Z"}]}