{"vulnerability": "CVE-2023-3584", "sightings": [{"uuid": "d7e4d889-9ea6-461a-806c-6262c4bc5618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35840", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8540", "content": "#exploit\n1. CVE-2023-35840:\nelFinder < 2.1.62 - Path Traversal vulnerability in PHP LocalVolumeDriver connector\nhttps://github.com/afine-com/CVE-2023-35840\n\n2. CVE-2023-24941:\nMicrosoft Network File System RCE\nhttps://www.zerodayinitiative.com/blog/2023/5/31/cve-2023-24941-microsoft-network-file-system-remote-code-execution", "creation_timestamp": "2023-06-23T10:59:01.000000Z"}, {"uuid": "2f4adad6-f2ff-4df8-a901-253e93a971d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8570", "content": "#exploit\n1. CVE-2023-35844:\nLightdash routers path traversal\nhttps://github.com/Szlein/CVE-2023-35844\n\n2. CVE-2023-34840:\nXSS in angular-ui-notification\nhttps://github.com/Xh4H/CVE-2023-34840\n\n3. Office Suite Premium 10.9.1 - Cross Site Scripting\nhttps://packetstormsecurity.com/files/173143", "creation_timestamp": "2023-06-28T18:46:56.000000Z"}, {"uuid": "dbf2ebde-de34-4ea4-9c69-bc468eb39547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-04)", "content": "", "creation_timestamp": "2025-04-04T00:00:00.000000Z"}, {"uuid": "d6dcbf9a-f537-4b93-91b5-81a39166ae31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "f325f483-14c1-4372-8806-e2a9cf5f15bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4628", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aLightdash\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff08CVE-2023-35844\uff09\nURL\uff1ahttps://github.com/Szlein/CVE-2023-35844\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-26T10:27:38.000000Z"}, {"uuid": "e1d96869-1d57-4e1e-867d-a7907a01dded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35843", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4636", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aNocoDB\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6CVE-2023-35843\nURL\uff1ahttps://github.com/Szlein/CVE-2023-35843\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-27T16:22:03.000000Z"}, {"uuid": "e4d2a21d-c388-446a-8353-9d2df242d223", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35843", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4710", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-35843 NocoDB \u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\nURL\uff1ahttps://github.com/b3nguang/CVE-2023-35843\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-09T04:19:04.000000Z"}, {"uuid": "b7c20b63-5006-4a48-93b4-c81c8104a45e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35843", "type": "seen", "source": "https://t.me/kasraone_com/376", "content": "\ud83d\udd34 CVE\n\u00a0\u00a0\u00a0\u00a0\u00a0\n      CVE-2023-35843\n\n\n\u0646\u0633\u062e\u0647 0.106.0 (\u06cc\u0627 0.109.1) \u0627\u0632 NocoDB \u062f\u0627\u0631\u0627\u06cc \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0646\u0627\u0648\u0628\u0631\u06cc \u0645\u0633\u06cc\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u06cc\u06a9 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0631\u0627 \u0628\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 \u0645\u0633\u06cc\u0631 \u062f\u0631 \u0645\u0633\u06cc\u0631 /download \u0645\u06cc\u200c\u062f\u0647\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u06cc\u06a9 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u0648 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0631\u0627\u060c \u0634\u0627\u0645\u0644 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc\u060c \u06a9\u062f \u0645\u0646\u0628\u0639 \u0648 \u0633\u0627\u06cc\u0631 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633\u060c \u0628\u062f\u0647\u062f.", "creation_timestamp": "2023-07-15T05:28:23.000000Z"}, {"uuid": "158c7bc2-3d15-48df-a6f1-ae75133dfa28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3787", "content": "\ud83d\udcdfDataLeak:\n\n\ud83d\udcccAsia Vital Components Leak : https://www.system32.ink/2023/06/asia-vital-components-leak.html\n\n\ud83d\udcccposkok_info Data Leak : https://www.system32.ink/2023/06/poskokinfo-data-leak.html\n\n\ud83d\udcccGeotecsacr Digital Marketing Agency Leak : https://www.system32.ink/2023/06/geotecsacr-digital-marketing-agency-leak.html\n\n\ud83d\udcccDarkForum Leak : https://www.system32.ink/2023/06/darkforums-data-leak.html\n\n\ud83d\udcccRussian Champion Tennis Club in Tomsk Leak : https://www.system32.ink/2023/06/russian-champion-tennis-club-in-tomsk.html\n\n\ud83e\uddeeExploits:\n\n\ud83d\udcccLightdash Exploit (CVE-2023-35844) : https://www.system32.ink/2023/06/lightdash-exploit-cve-2023-35844.html\n\n\ud83d\udcccCVE-2023-33140 OneNote Exploit : https://www.system32.ink/2023/06/cve-2023-33140-onenote-exploit.html\n\n\ud83d\udcccCVE-2023-34840 XSS POC OF angular-ui-notification : https://www.system32.ink/2023/06/cve-2023-34840-xss-poc-of-angular-ui.html\n\n\u2699\ufe0fTools:\n\n\ud83d\udcccCrackMapExec : https://www.system32.ink/2023/06/crackmapexec.html\n\n\ud83d\udcccSAFIREFUZZ - Same-Architecture Firmware Rehosting and Fuzzing : https://www.system32.ink/2023/06/safirefuzz-same-architecture-firmware.html\n\n\ud83d\udcccPwnDoc-ng - Pentest Report Generator : https://www.system32.ink/2023/06/pwndoc-ng-pentest-report-generator.html\n\n\ud83d\udcccVulnX - An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms : https://www.system32.ink/2023/06/vulnx-intelligent-bot-auto-shell.html\n\n\ud83d\udcccNetwork Signal Guru APK : https://www.system32.ink/2023/06/network-signal-guru-apk.html\n\n\ud83d\udcccGoogle CTF : https://www.system32.ink/2023/06/google-ctf.html\n\n\ud83e\udda0Rootkit ANd RAT:\n\n\ud83d\udccc888 RAT New Version 2023 ( 1.2.6 Full Setup ) For Lifetime : https://www.system32.ink/2023/06/888-rat-new-version-2023-126-full-setup.html\n\n\ud83d\udcccreveng_rtkit Rootkit : https://www.system32.ink/2023/06/revengrtkit-rootkit.html", "creation_timestamp": "2023-07-02T12:30:36.000000Z"}, {"uuid": "3bc78c0e-a1ee-4e79-bc1e-cf6377c00f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3767", "content": "\ud83d\udcdfDataLeak:\n\n\ud83d\udcccAsia Vital Components Leak : https://www.system32.ink/2023/06/asia-vital-components-leak.html\n\n\ud83d\udcccposkok_info Data Leak : https://www.system32.ink/2023/06/poskokinfo-data-leak.html\n\n\ud83d\udcccGeotecsacr Digital Marketing Agency Leak : https://www.system32.ink/2023/06/geotecsacr-digital-marketing-agency-leak.html\n\n\ud83d\udcccDarkForum Leak : https://www.system32.ink/2023/06/darkforums-data-leak.html\n\n\ud83d\udcccRussian Champion Tennis Club in Tomsk Leak : https://www.system32.ink/2023/06/russian-champion-tennis-club-in-tomsk.html\n\n\ud83e\uddeeExploits:\n\n\ud83d\udcccLightdash Exploit (CVE-2023-35844) : https://www.system32.ink/2023/06/lightdash-exploit-cve-2023-35844.html\n\n\ud83d\udcccCVE-2023-33140 OneNote Exploit : https://www.system32.ink/2023/06/cve-2023-33140-onenote-exploit.html\n\n\ud83d\udcccCVE-2023-34840 XSS POC OF angular-ui-notification : https://www.system32.ink/2023/06/cve-2023-34840-xss-poc-of-angular-ui.html\n\n\u2699\ufe0fTools:\n\n\ud83d\udcccCrackMapExec : https://www.system32.ink/2023/06/crackmapexec.html\n\n\ud83d\udcccSAFIREFUZZ - Same-Architecture Firmware Rehosting and Fuzzing : https://www.system32.ink/2023/06/safirefuzz-same-architecture-firmware.html\n\n\ud83d\udcccPwnDoc-ng - Pentest Report Generator : https://www.system32.ink/2023/06/pwndoc-ng-pentest-report-generator.html\n\n\ud83d\udcccVulnX - An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms : https://www.system32.ink/2023/06/vulnx-intelligent-bot-auto-shell.html\n\n\ud83d\udcccNetwork Signal Guru APK : https://www.system32.ink/2023/06/network-signal-guru-apk.html\n\n\ud83d\udcccGoogle CTF : https://www.system32.ink/2023/06/google-ctf.html\n\n\ud83e\udda0Rootkit ANd RAT:\n\n\ud83d\udccc888 RAT New Version 2023 ( 1.2.6 Full Setup ) For Lifetime : https://www.system32.ink/2023/06/888-rat-new-version-2023-126-full-setup.html\n\n\ud83d\udcccreveng_rtkit Rootkit : https://www.system32.ink/2023/06/revengrtkit-rootkit.html", "creation_timestamp": "2023-06-28T21:51:53.000000Z"}, {"uuid": "52b79164-e74a-484b-b7af-4af90066c166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35840", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3726", "content": "\ud83d\udda5Instagram DOS Exploit: \n\n\ud83d\udd31Instagram App 287.0.0.22.85 - Denial of Service : https://www.system32.ink/2023/06/exploit-instagram-app-287002285-denial.html\n\n\ud83d\udda5Dataleaks:\n\n\ud83d\udd31Leland Campbell LLP Leak : https://www.system32.ink/2023/06/leland-campbell-llp-leak.html\n\n\ud83d\udd31Ulyanovsk Instrumentation and Repair Plant (uprz.ru) Data Leak : https://www.system32.ink/2023/06/ulyanovsk-instrumentation-and-repair.html\n\n\ud83d\udd31Yayasan Tifa (Tifa Foundation tifafoundation.id) Data Leak : https://www.system32.ink/2023/06/yayasan-tifa-tifa-foundation.html\n\n\ud83d\udd31National Institute of Cardiovascular Diseases, Bangladesh Data Leak : https://www.system32.ink/2023/06/national-institute-of-cardiovascular.html\n\n\ud83d\udd31{azadijobs_com} Bangladesh AzadiJob Company Data Leak : https://www.system32.ink/2023/06/azadijobscom-bangladesh-azadijob.html\n\n\ud83d\udda5Exploit & POC:\n\n\ud83d\udd31CVE-2023-35840 elFinder < 2.1.62 - Path Traversal vulnerability POC : https://www.system32.ink/2023/06/cve-2023-35840-elfinder-2162-path.html\n\n\ud83d\udd31CVE-2023-34599 POC - Multiple Cross-Site Scripting (XSS) in Gibbon v25.0.0 : https://www.system32.ink/2023/06/cve-2023-34599-poc-multiple-cross-site.html\n\n\ud83d\udda5Tools:\n\n\ud83d\udd31NimExec - Fileless Command Execution for Lateral Movement in Nim : https://www.system32.ink/2023/06/nimexec-fileless-command-execution-for.html\n\n\ud83d\udd31PrimusC2 - A C2 framework : https://www.system32.ink/2023/06/primusc2-c2-framework.html\n\n\ud83d\udda5Rat:\n\n\ud83d\udd31S500 Rat : https://www.system32.ink/2023/06/s500-rat-crack.html\n\n@crackcodes | crackcodes.in | system32.ink", "creation_timestamp": "2023-06-24T16:36:08.000000Z"}, {"uuid": "95c60f63-f1e7-4f87-9078-b561e84af032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35845", "type": "seen", "source": "https://t.me/cibsecurity/70192", "content": "\u203c CVE-2023-35845 \u203c\n\nAnaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-11T12:22:05.000000Z"}, {"uuid": "3da7f70e-9296-4ff5-87aa-68ccd752dca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "Telegram/vwBkYa2FKnjj0pgQ43RNXfK94lQaYrM07VlvqBtAIjPacQ", "content": "", "creation_timestamp": "2023-06-28T18:06:46.000000Z"}, {"uuid": "d5e9c103-ddf8-40ec-a1fc-e46d32fb74ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35840", "type": "published-proof-of-concept", "source": "Telegram/UPOEOvXabxzuXPkJBAtH1OWP71MuzCeSWEouGFgNI1I0gw", "content": "", "creation_timestamp": "2023-06-24T16:36:58.000000Z"}, {"uuid": "d5472ef3-27d6-4bf4-8a6c-0aa6aa3ec228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "seen", "source": "https://t.me/proxy_bar/1596", "content": "CVE-2023-35844\ndirectory traversal\n\nexpl", "creation_timestamp": "2023-06-27T14:13:45.000000Z"}, {"uuid": "5df54a45-6d2a-484e-ab3c-d5088c32e708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35843", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/899", "content": "#CVE202335843", "creation_timestamp": "2023-07-22T03:48:33.000000Z"}, {"uuid": "ea12b54b-e7c0-491f-9885-b7f193191703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/871", "content": "", "creation_timestamp": "2023-07-13T05:10:46.000000Z"}, {"uuid": "b0fdc1fd-ae31-445a-bead-6ab856eafa95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "seen", "source": "https://t.me/cibsecurity/65328", "content": "\u203c CVE-2023-35844 \u203c\n\npackages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-19T07:25:13.000000Z"}, {"uuid": "ddd13229-49d0-446f-aa99-efb165c00be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "Telegram/6PZKKGQl03Vi6ZEkQInhbXHc7Cdk1szybYRTzghfbAVd-Q", "content": "", "creation_timestamp": "2023-07-02T10:21:51.000000Z"}, {"uuid": "2fcc63cb-a603-485b-a7b6-cc0ca0589bcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35844", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3096", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  - Hackers Factory \n\n\u200b\u200bSophia Script for Windows\n\nThe largest PowerShell module on GitHub for Windows 10 & Windows 11 for fine-tuning and automating the routine tasks. It offers more than 150 unique tweaks, and shows how Windows can be configured without making any harm to it.\n\nhttps://github.com/farag2/Sophia-Script-for-Windows\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-35844\n\nLightdash directory traversal.\n\nhttps://github.com/Szlein/CVE-2023-35844\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27372 \n\nSPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner \ud83d\udee1\ud83d\udcbb\n\nhttps://github.com/Chocapikk/CVE-2023-27372\n\n#cve #cybersecurity #infosec\n\nUTBotCpp\n\nTool that generates unit test by C/C++ source code, trying to reach all branches and maximize code coverage.\n\nhttps://github.com/UnitTestBot/UTBotCpp\n\n#cybersecurity #infosec\n\n\u200b\u200bthreat-composer\n\nA threat modeling tool to help humans to reduce time-to-value when threat modeling.\n\nhttps://github.com/awslabs/threat-composer\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-33140\n\nMicrosoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.\n\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140\n\n#cve #exploit #RCE\n\n\u200b\u200b\u267b\ufe0f CrackMapExec (a.k.a CME) \n\nA post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of \"Living off the Land\": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.\n\nhttps://github.com/mpgn/CrackMapExec\n\nWiki:\nhttps://wiki.porchetta.industries/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSecret Fragment exploit v2\n\nThis exploit is a V2 that provides clearer output, new code execution methods, and fixes a few bugs.\n\nDetails:\nhttps://www.ambionics.io/blog/symfony-secret-fragment\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCoffee\n\nA custom implementation of the original Cobalt Strike's beacon_inline_execute. It is written in Rust and supports most of the features of the #CobaltStrike compatibility layer. Coffee is structured so it can be used as a library in other projects too.\n\nhttps://github.com/hakaioffsec/coffee\n\n#infosec #pentesting #redteam\n\n\u200b\u200b\ud83d\udc0d Pyscan\n\nPython dependency vulnerability scanner, written in Rust.\n\nhttps://github.com/aswinnnn/pyscan\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-28T15:16:50.000000Z"}, {"uuid": "81ba869c-685f-4e0f-83a0-dfb240687dc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3584", "type": "seen", "source": "https://t.me/cibsecurity/66847", "content": "\u203c CVE-2023-3584 \u203c\n\nMattermost fails to properly check the authorization of\u00c2\u00a0POST /api/v4/teams when passing a team override scheme ID in the request,\u00c2\u00a0allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T20:40:30.000000Z"}]}