{"vulnerability": "cve-2023-2516", "sightings": [{"uuid": "d838b764-5101-47c8-91e7-96f7bc55a595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2516", "type": "seen", "source": "https://t.me/arpsyndicate/590", "content": "#ExploitObserverAlert\n\nCVE-2023-2516\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2023-2516. Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2023-11-26T07:34:24.000000Z"}, {"uuid": "a1c099ca-c359-42b2-8284-2ba6212c87e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2516", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3073", "content": "Tools - Hackers Factory \n\nCVE-2023-3009\n\nStored #XSS on item name - Bypassing CVE-2023-2516 in TeamPass < 3.0.9 - by M Nadeem Qazi.\n\nhttps://github.com/mnqazi/CVE-2023-3009\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bApplywdac \n\nPowerShell script for applying WDAC policies.\n\nhttps://github.com/vu-ls/applywdac\n\n#cybersecurity #infosec\n\n\u200b\u200bfake-useragent\n\nUp-to-date simple useragent faker with real world database.\n\nhttps://github.com/fake-useragent/fake-useragent\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bProxiFyre \n\nAdvanced SOCKS5 Routing Solution for Windows.\n\nhttps://github.com/wiresock/socksify\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bThe DEF CON CTF 2023 Qualifier\n\nThis repository contains the open source release for Nautilus Institute's 2023 DEF CON CTF qualifier.\n\nhttps://github.com/Nautilus-Institute/quals-2023\n\n#cybersecurity #infosec\n\n\u200b\u200bWordlists\n\nReal-world infosec wordlists, updated regularly! These wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:\n\n\u2022 Wordpress\n\u2022 Joomla\n\u2022 Drupal\n\u2022 Magento\n\u2022 Ghost\n\u2022 Tomcat\n\nhttps://github.com/trickest/wordlists\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bNanorobeus\n\nCOFF file (BOF) for managing #Kerberos tickets.\n\nhttps://github.com/wavvs/nanorobeus\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-23638\n\nApache Dubbo Vulnerability Exploitation Engineering Practice, covering Dubbo 3.x from service discovery to vulnerability exploitation and reverse display. \n\nhttps://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp\n\n#cve #poc #cybersecurity #infosec\n\n\u200b\u200bEPI\n\nProcess injection through entry points hijacking.\n\nhttps://github.com/Kudaes/EPI\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCRTER\n\nA command-line tool for fetching subdomains using the CRT.SH certificate search engine. It allows you to provide a list of domain names or fully-qualified domain names (FQDNs) and retrieve the associated subdomains. The tool fetches the subdomains from CRT.SH and saves them to an output file.\n\nhttps://github.com/Micro0x00/CRTER\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bHALA\n\nHALA offers a powerful capability that enables you to identify reflected parameters within the response, providing valuable assistance in your testing and hacking endeavors.\n\nhttps://github.com/whalebone7/Hala\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-06-02T09:34:10.000000Z"}, {"uuid": "ec6bab5e-025d-4601-8ac4-e60b615a2294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25169", "type": "seen", "source": "https://t.me/cibsecurity/59497", "content": "\u203c CVE-2023-25169 \u203c\n\ndiscourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T20:12:55.000000Z"}, {"uuid": "eb11dbfa-fe3f-4413-93e9-ae143c18e5be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2516", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8402", "content": "#exploit\n1. CVE-2023-34152 / CVE-2023-34151:\nShell Command Injection in ImageMagick / \nUndefined behaviors of casting double to size_t in svg, mvg, and other coders\nhttps://github.com/ImageMagick/ImageMagick/issues/6341\n]-> CVE-2023-34153:\u00a0Shell command injection vulnerability\nhttps://github.com/ImageMagick/ImageMagick/issues/6338\n\n2. CVE-2023-28782:\nPHP Object Injection Flaw in WordPress Gravity Forms Plugin\nhttps://securityonline.info/cve-2023-28782-php-object-injection-flaw-in-wordpress-gravity-forms-plugin-with-1-million-active-installations\n\n3. CVE-2023-3009:\nStored XSS on item name - Bypassing CVE-2023-2516 in TeamPass <3.0.9\nhttps://github.com/mnqazi/CVE-2023-3009", "creation_timestamp": "2023-06-01T13:16:22.000000Z"}, {"uuid": "f117b0ef-9435-4386-8f9a-53610015a657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25161", "type": "seen", "source": "https://t.me/cibsecurity/58041", "content": "\u203c CVE-2023-25161 \u203c\n\nNextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T00:30:16.000000Z"}, {"uuid": "205833f8-064b-4fe9-9edd-ed90becdfa06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25162", "type": "seen", "source": "https://t.me/cibsecurity/58030", "content": "\u203c CVE-2023-25162 \u203c\n\nNextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T00:30:00.000000Z"}, {"uuid": "c15a6dcc-6e8e-4d72-b66c-8bb1312584bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25166", "type": "seen", "source": "https://t.me/cibsecurity/57794", "content": "\u203c CVE-2023-25166 \u203c\n\nformula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:23.000000Z"}, {"uuid": "9c0ad5a6-8593-4c0f-9627-bc537ea95373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25163", "type": "seen", "source": "https://t.me/cibsecurity/57815", "content": "\u203c CVE-2023-25163 \u203c\n\nArgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T00:25:20.000000Z"}, {"uuid": "461a1074-25a7-4fd6-8b05-c4ff212cac05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25167", "type": "seen", "source": "https://t.me/cibsecurity/57800", "content": "\u203c CVE-2023-25167 \u203c\n\nDiscourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:32.000000Z"}, {"uuid": "043d4a31-5cb5-4146-a735-da0696f29817", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25165", "type": "seen", "source": "https://t.me/cibsecurity/57796", "content": "\u203c CVE-2023-25165 \u203c\n\nHelm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:25.000000Z"}, {"uuid": "9442a004-3257-4915-80b6-f3f20f670b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2516", "type": "seen", "source": "https://t.me/cibsecurity/63392", "content": "\u203c CVE-2023-2516 \u203c\n\nCross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-05T22:25:14.000000Z"}, {"uuid": "0336ffa8-d502-484e-bd80-a497ec5b9d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25164", "type": "seen", "source": "https://t.me/cibsecurity/57801", "content": "\u203c CVE-2023-25164 \u203c\n\nTinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate those keys immediately. This issue has been patched in @tinacms/cli@1.0.9. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-08T22:25:33.000000Z"}, {"uuid": "dfc633c9-13bb-48f9-ab70-0241153566a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25160", "type": "seen", "source": "https://t.me/cibsecurity/58035", "content": "\u203c CVE-2023-25160 \u203c\n\nNextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T00:30:08.000000Z"}]}