{"vulnerability": "cve-2023-2738", "sightings": [{"uuid": "4c515cb0-d6c6-401a-b512-55a0834132d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27384", "type": "seen", "source": "https://t.me/kasraone_com/362", "content": "\ud83d\udd34 CVE \n\nCVE-2023-27384\n\nCVE-2023-27384 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 Cybozu Garoon 5.15.0 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0647 \u062d\u0645\u0644\u0627\u062a \u062f\u0648\u0631 \u0632\u062f\u0646 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u0639\u0645\u0644\u06a9\u0631\u062f \u062f\u0631 MultiReport \u0645\u0646\u062c\u0631 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u06cc\u06a9 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0628\u0627 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u060c \u0642\u0627\u062f\u0631 \u0627\u0633\u062a \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc MultiReport \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f. \u0628\u0647 \u0639\u0628\u0627\u0631\u062a \u062f\u06cc\u06af\u0631\u060c \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0635\u0648\u0631\u062a \u062f\u0648\u0631 \u0627\u0632 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u0639\u0645\u0644\u06a9\u0631\u062f\u060c \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0644\u0627\u0632\u0645 \u0631\u0627 \u062f\u0631 \u06af\u0632\u0627\u0631\u0634\u0627\u062a MultiReport \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u062f.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627\u0639\u062b \u0645\u062e\u0627\u0637\u0631\u0627\u062a \u062c\u062f\u06cc\u062f \u0628\u0631\u0627\u06cc \u0633\u0627\u0645\u0627\u0646\u0647 Cybozu Garoon 5.15.0 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0632\u06cc\u0631\u0627 \u062d\u0645\u0644\u0647\u200c\u06a9\u0646\u0646\u062f\u0647 \u0628\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc MultiReport \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0648 \u0628\u0647 \u0646\u0638\u0627\u0645 \u062e\u0637\u0631 \u0648\u0627\u0631\u062f \u06a9\u0646\u062f.\n\n\u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u060c \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u062a\u0648\u0644\u06cc\u062f \u06a9\u0646\u0646\u062f\u0647 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 Cybozu Garoon 5.15.0 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0644\u0627\u0632\u0645 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0635\u0644\u0627\u062d \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0628\u0639\u062f\u06cc \u0627\u06cc\u0646 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u062f \u0648 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0647\u0645\u0686\u0646\u06cc\u0646 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0633\u0631\u0639\u062a \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0634\u062f\u0647 \u0627\u0632 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0645\u0630\u06a9\u0648\u0631 \u0628\u0631\u0648\u0646\u062f \u062a\u0627 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u06a9\u0627\u0647\u0634 \u062f\u0647\u0646\u062f", "creation_timestamp": "2023-07-11T02:29:43.000000Z"}, {"uuid": "c5980b82-6dcc-4bb0-9fd0-ba76c2902ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27389", "type": "seen", "source": "Telegram/edvUCQXOFfhZF61XJ4-Y38Udlzzu6MfJT6zp3t4c_CFL3oay", "content": "", "creation_timestamp": "2025-02-14T10:00:36.000000Z"}, {"uuid": "e1f6df61-d89d-4307-af31-dea83e7ca119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27380", "type": "seen", "source": "https://t.me/cibsecurity/72122", "content": "\u203c CVE-2023-27380 \u203c\n\nAn OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T20:17:52.000000Z"}, {"uuid": "534f8426-8137-4c34-a6f3-7b567379ef0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27386", "type": "seen", "source": "https://t.me/cibsecurity/63765", "content": "\u203c CVE-2023-27386 \u203c\n\nUncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T18:19:54.000000Z"}, {"uuid": "666ff5ac-2f7d-42f1-b5e8-626e1ec25ca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2738", "type": "seen", "source": "https://t.me/cibsecurity/64212", "content": "\u203c CVE-2023-2738 \u203c\n\nA vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T18:30:30.000000Z"}, {"uuid": "25ebbab3-7284-46f8-a082-cd8519e8a7ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27388", "type": "seen", "source": "Telegram/h2R6MoZTYUzpujJyqd5QX2J3Z7HA9KYHhRItoNg3JhI8rFqa", "content": "", "creation_timestamp": "2025-02-01T17:28:09.000000Z"}, {"uuid": "6537ce8b-b61c-4f9c-8311-d6fec26827d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27385", "type": "seen", "source": "https://t.me/cibsecurity/63722", "content": "\u203c CVE-2023-27385 \u203c\n\nHeap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T12:20:20.000000Z"}, {"uuid": "2b1e7572-db02-4d80-aa91-6aace3e0e3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27382", "type": "seen", "source": "https://t.me/cibsecurity/63750", "content": "\u203c CVE-2023-27382 \u203c\n\nIncorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T18:19:33.000000Z"}, {"uuid": "8fb7eec8-896c-4006-a96d-0e32f4c3400a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27387", "type": "seen", "source": "https://t.me/cibsecurity/64603", "content": "\u203c CVE-2023-27387 \u203c\n\nCross-site request forgery (CSRF) in T&amp;D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&amp;D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-23T07:25:23.000000Z"}, {"uuid": "86f1d0b9-c6bd-47a2-9c59-17f5d2fe383c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27384", "type": "seen", "source": "https://t.me/cibsecurity/64590", "content": "\u203c CVE-2023-27384 \u203c\n\nOperation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-23T07:25:07.000000Z"}]}