{"vulnerability": "CVE-2023-35885", "sightings": [{"uuid": "132ecfed-dce4-44ba-b7aa-a28ee0b2840e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1648", "content": "\u0421\u0438\u0441\u0430\u0434\u043c\u0438\u043d\u044b \u0441 \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u043a\u043e\u043c. \u0412\u043e\u0442 \u0432\u0430\u043c \u043f\u043e\u0434\u0430\u0440\u043e\u043a )\nCVE-2023-35885 Cloudpanel 1-day Exploit\n\u0414\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 : v2.0.0 \u2013 v2.3.0\n\u041f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043e : 20-06-2023  (v2.3.1)\n*\nExploit + shell\n\n#\u043f\u0440\u0430\u0437\u0434\u043d\u0438\u043a\u044a #\u043a\u043b\u043e\u0443\u043dpanel #xploet #sh\u044bll", "creation_timestamp": "2023-07-28T10:25:51.000000Z"}, {"uuid": "ed08c709-b2b1-41da-b5e0-2fc1dd74bb6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "Telegram/qihKOwJuGsTUiCFmLBsc4EI5plaPiMBmeeW9n4dX5E2KRwc", "content": "", "creation_timestamp": "2023-08-23T16:41:53.000000Z"}, {"uuid": "99e4189a-4ebc-4285-997f-acf549c878a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3925", "content": "\ud83d\udc7e\ud83c\udf7aWindows11 Exploits : https://system32.ink/windows11-exploits/\n\n\ud83d\udca9\ud83d\udca5TCL Chinese Theatres Data Leak : https://system32.ink/tcl-chinese-theatres-data-leak/\n\n\u2b50\ud83d\udd30Chrome CVE-2023-2033 PoC : https://system32.ink/chrome-cve-2023-2033-poc/\n\n\ud83d\udc7e\ud83d\udca5\u26a1Cloudpanel 0-day Exploit : https://system32.ink/cloudpanel-0-day-exploit-cve-2023-35885/\n\n\u2623\ufe0f\u26a1WooCommerce Payments: Unauthorized Admin Access Exploit : https://system32.ink/woocommerce-payments-unauthorized-admin-access-exploit-cve-2023-28121/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-23T03:58:34.000000Z"}, {"uuid": "062dc5ea-a74c-4bca-917f-80e3bba28683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-31)", "content": "", "creation_timestamp": "2025-01-31T00:00:00.000000Z"}, {"uuid": "57b3b2d6-f962-4331-bace-54373ec1890c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-27)", "content": "", "creation_timestamp": "2025-03-27T00:00:00.000000Z"}, {"uuid": "270ca257-c640-4916-bfe1-c49447e7cc75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-08)", "content": "", "creation_timestamp": "2025-07-08T00:00:00.000000Z"}, {"uuid": "bda3ddcb-a0ab-4759-8677-96a75d083028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-21)", "content": "", "creation_timestamp": "2025-07-21T00:00:00.000000Z"}, {"uuid": "3886bdb2-424f-4009-bd84-7d008f9621e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-17)", "content": "", "creation_timestamp": "2025-12-17T00:00:00.000000Z"}, {"uuid": "30983889-88e5-48d5-8e64-87f89a4f2b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/HackingVidhya/380", "content": "CVE-2023-35885 Cloudpanel 0-day Exploit\n\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885", "creation_timestamp": "2023-08-23T18:42:16.000000Z"}, {"uuid": "ccd7b892-af4d-48d4-af3e-f052edc45335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "seen", "source": "https://t.me/arpsyndicate/2195", "content": "#ExploitObserverAlert\n\nCVE-2023-35885\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2023-35885. CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n\nFIRST-EPSS: 0.022660000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-28T05:23:44.000000Z"}, {"uuid": "9b2cb73c-8d54-4aed-b309-6cc767b036c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/2988", "content": "CVE-2023-35885 Cloudpanel 0-day Exploit\n\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885", "creation_timestamp": "2023-08-23T18:39:02.000000Z"}, {"uuid": "22086ecc-90cc-4add-8255-50484ed22c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3929", "content": "\ud83d\udc7e\ud83c\udf7aWindows11 Exploits : https://system32.ink/windows11-exploits/\n\n\ud83d\udca9\ud83d\udca5TCL Chinese Theatres Data Leak : https://system32.ink/tcl-chinese-theatres-data-leak/\n\n\u2b50\ud83d\udd30Chrome CVE-2023-2033 PoC : https://system32.ink/chrome-cve-2023-2033-poc/\n\n\ud83d\udc7e\ud83d\udca5\u26a1Cloudpanel 0-day Exploit : https://system32.ink/cloudpanel-0-day-exploit-cve-2023-35885/\n\n\u2623\ufe0f\u26a1WooCommerce Payments: Unauthorized Admin Access Exploit : https://system32.ink/woocommerce-payments-unauthorized-admin-access-exploit-cve-2023-28121/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-23T16:31:42.000000Z"}, {"uuid": "357c60b3-0794-4168-84b8-b08dd231fde6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8707", "content": "#exploit\n1. CVE-2023-28121:\nWooCommerce Payments: Unauthorized Admin Access Exploit\nhttps://github.com/gbrsh/CVE-2023-28121\n]-> https://github.com/Jenderal92/CVE-2023-28121\n\n2. CVE-2023-35885:\nCloudpanel 0-day Exploit\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885", "creation_timestamp": "2023-07-21T10:59:01.000000Z"}, {"uuid": "4f0ec828-873e-4e68-833d-540ecd5079a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-02)", "content": "", "creation_timestamp": "2025-01-02T00:00:00.000000Z"}, {"uuid": "fd133101-997d-4208-b0e1-eb9f3ab0fa4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-21)", "content": "", "creation_timestamp": "2025-02-21T00:00:00.000000Z"}, {"uuid": "26f644f7-33a6-4d02-ae46-8842178bdf9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-22)", "content": "", "creation_timestamp": "2025-03-22T00:00:00.000000Z"}, {"uuid": "cf9012ed-4978-421e-a96e-1900c74afa36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-07)", "content": "", "creation_timestamp": "2025-07-07T00:00:00.000000Z"}, {"uuid": "70d60d3a-15c8-4a2e-a8e8-5ebec4f02d1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-29)", "content": "", "creation_timestamp": "2025-07-29T00:00:00.000000Z"}, {"uuid": "260e161c-75a7-4164-a1f6-94c768de7f4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "Telegram/72q_6K-Gw2SSBLexfL7RRBs4aQAazbzl569yjTYRGLrjOQ", "content": "", "creation_timestamp": "2023-07-22T15:31:47.000000Z"}, {"uuid": "4fb712a1-1809-42d1-ba8d-317bb120303d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3153", "content": "Hackers Factory \n\nBlack Hat USA 2023\nDefender-Pretender: When Windows Defender Updates Become a Security Risk\n\nhttps://github.com/SafeBreach-Labs/wd-pretender\n\n#BlackHat #blackhat23 #Infosec #Windows #Security #cyberattacks\n\nRCE exploit for CVE-2023-3519\n\nhttps://github.com/BishopFox/CVE-2023-3519\n\nCVE-2023-37979\n\nhttps://github.com/Fire-Null/CVE-2023-37979\n\nGolang client for querying SecurityTrails API data\n\nhttps://github.com/hakluke/haktrails\n\nExtract URLs, paths, secrets, and other interesting bits from JavaScript\n\nhttps://github.com/BishopFox/jsluice\n\nCVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC\n\nhttps://github.com/vchan-in/CVE-2023-35078-Exploit-POC\n\nSub-Domain TakeOver Vulnerability Scanner\n\nhttps://github.com/m4ll0k/takeover\n\nCloudpanel 0-day Exploit\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885\n\nnse script to identify server vulnerable to CVE-2023-3519\n\nhttps://github.com/dorkerdevil/CitrixFall\n\nCVE-2023-34960 Chamilo PoC\n\nhttps://github.com/Aituglo/CVE-2023-34960/blob/master/poc.py\n\nVMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887\n\nhttps://github.com/projectdiscovery/nuclei-templates/pull/7405\n\nKeyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.\n\nhttps://github.com/streaak/keyhacks\n\n#Infosec #cybersec #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-08-14T01:40:46.000000Z"}, {"uuid": "0e92b1f5-5bb1-41b9-bd58-b2eeb1bef79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3126", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  - Hackers Factory\n\n\u200b\u200bTor / Darknet Links\n\nVerified darknet market and darknet service links on the Tor Network.\n\nhttps://github.com/DarkNetEye/tor-links\n\nWeb:\nhttps://darkneteye.com/\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bDragondoom\n\nThe PAKE Dragonfly is used as SAE in WPA3 authentication. A critical point during the authentication is when the password needs to be derived into an elliptic curve point.\n\nhttps://gitlab.inria.fr/ddealmei/artifact_dragondoom\n\n#cybersecurity #infosec\n\n\u200b\u200bwhatlicense\n\nFull tool chain to extract WinLicense secrets from a protected program then launch it bypassing all verification steps, utlizing an Intel PIN tool and license file builder.\n\nhttps://github.com/charlesnathansmith/whatlicense\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2022-44875\n\nTesting CVE-2022-44875\n\nhttps://github.com/c0d30d1n/CVE-2022-44875-Test\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bWiFi-OSINT\n\nSome great Wifi, resources, tools and blogs if Wi-Fi #OSINT is your thing.\n\nhttps://github.com/cqcore/WiFi-OSINT\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-35885\n\nCloudpanel 0-day Exploit\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-3519\n\nThis script is a basic Citrix Scanner for CVE-2023-3519. We try to identify vulnerable Citrix Gateways/ADCs by looking at the HTTP headers.\n\nhttps://github.com/telekom-security/cve-2023-3519-citrix-scanner\n\n#cve #infosec #pentesting\n\n\u200b\u200bvala-vala-hey\n\nThis is a 0day root LPE for latest #Manjaro distro, tested on embedded ARM and x86_64 desktop installs.\n\nhttps://github.com/c-skills/vala-vala-hey\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2020-1472\n\nA Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472).\n\nhttps://github.com/SecuraBV/CVE-2020-1472\n\n#cve #cybersecurity #infosec\n\nEX-SQLi\n\nA tool for scanning and exploiting the famous SQL injection vulnerability in more than millions of sites. The exploit was programmed by the TYG team.\n\nhttps://github.com/mr-sami-x/SQLi\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-38632\n\nAsync-sockets-cpp <0.3.1 TCP Packet tcpsocket.hpp Stack-based Overflow\n\nhttps://github.com/Halcy0nic/CVE-2023-38632\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-3519\n\nThis Nuclei template checks for the presence of the CVE-2023-3519 vulnerability in a target web server.\n\nhttps://github.com/SalehLardhi/CVE-2023-3519\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-28121\n\nWooCommerce Payments: Unauthorized Admin Access #Exploit.\n\nhttps://github.com/gbrsh/CVE-2023-28121\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bVanMoof Encryption Key Exporter\n\nExport all bike details (such as encryption key) of your VanMoof bikes.\n\nhttps://github.com/grossartig/vanmoof-encryption-key-exporter\n\nWeb:\nhttps://keyexporter.grossartig.io/\n\n#cybersecurity #infosec\n\n\u200b\u200bPowershellKerberos\n\nSome scripts to abuse kerberos using Powershell.\n\nhttps://github.com/MzHmO/PowershellKerberos\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-07-23T12:08:55.000000Z"}, {"uuid": "f3e5e74c-5d1f-4071-8af0-e4e63b943109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/854", "content": "CVE-2023-35885 : Cloudpanel 2.0.0 - 2.3.0- Insecure File-manager Cookie Authentication\nPOC : https://github.com/passwa11/FallingSkies-CVE-2023-35885\nBlog : https://www.datack.my/fallingskies-cloudpanel-0-day/", "creation_timestamp": "2023-08-22T23:19:52.000000Z"}, {"uuid": "5bdec55b-1802-4827-a8b2-edc86a2d7d30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-13)", "content": "", "creation_timestamp": "2025-07-13T00:00:00.000000Z"}, {"uuid": "acc1fd40-b177-4419-88d3-eac18e1ebb34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35885", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-30)", "content": "", "creation_timestamp": "2026-01-30T00:00:00.000000Z"}]}