{"vulnerability": "cve-2023-3080", "sightings": [{"uuid": "5b5a93a8-394b-46cd-9d4f-cbf876463898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30806", "type": "seen", "source": "https://t.me/cibsecurity/71951", "content": "\u203c CVE-2023-30806 \u203c\n\nThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:16:52.000000Z"}, {"uuid": "b5d8457d-aa93-4950-8019-d25a6e3b954a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30804", "type": "seen", "source": "https://t.me/cibsecurity/71946", "content": "\u203c CVE-2023-30804 \u203c\n\nThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:16:46.000000Z"}, {"uuid": "9865380e-1089-42e5-bf97-7b91b42b71b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30802", "type": "seen", "source": "https://t.me/cibsecurity/71945", "content": "\u203c CVE-2023-30802 \u203c\n\nThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:16:45.000000Z"}, {"uuid": "6cc3bb90-5e5f-4be0-80f4-4bd5cd059803", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30801", "type": "exploited", "source": "https://t.me/cibsecurity/71941", "content": "\u203c CVE-2023-30801 \u203c\n\nAll versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:16:40.000000Z"}, {"uuid": "159495bf-ca3e-4c6a-ab54-315af29908fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30800", "type": "seen", "source": "https://t.me/cibsecurity/70100", "content": "\u203c CVE-2023-30800 \u203c\n\nThe web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T20:18:48.000000Z"}, {"uuid": "88a032b5-93e2-4f6b-bac7-1e806b855833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30803", "type": "seen", "source": "https://t.me/cibsecurity/71946", "content": "\u203c CVE-2023-30804 \u203c\n\nThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:16:46.000000Z"}, {"uuid": "1a352291-970c-459e-840d-e45b017c78dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3080", "type": "seen", "source": "https://t.me/cibsecurity/66464", "content": "\u203c CVE-2023-3080 \u203c\n\nThe WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:35:23.000000Z"}, {"uuid": "07c17151-2d40-4bd2-b5c5-03c1d38df58d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30800", "type": "seen", "source": "Telegram/cPqT6nqiD-thauJ-DKhE53G7U-5ABg4xxTY3u1WPg9UTpjI", "content": "", "creation_timestamp": "2023-09-08T03:40:16.000000Z"}, {"uuid": "788bdeb3-ea2e-4c48-949f-c16ec1d94df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30803", "type": "seen", "source": "https://t.me/cibsecurity/71953", "content": "\u203c CVE-2023-30803 \u203c\n\nThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:16:54.000000Z"}, {"uuid": "ee3c02bf-3e5c-4b58-a309-b30b0ec34419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30805", "type": "seen", "source": "https://t.me/cibsecurity/71958", "content": "\u203c CVE-2023-30805 \u203c\n\nThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the \"un\" parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T18:17:00.000000Z"}, {"uuid": "260082cd-9136-4c76-8827-a98aa8f085c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30800", "type": "seen", "source": "https://t.me/mtikpro/292", "content": "MikroTik: CVE-2023-30800\n\n\u0412\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0432 MikroTik RouterOS version 6, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0441 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435\u043c \"heap memory\" (heap memory corruption issue). \u0423\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u0438 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u043d\u044b\u0439 HTTP \u043f\u0430\u043a\u0435\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0451\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 (can corrupt the server's heap memory).\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440 \u0441\u043a\u0440\u0430\u0448\u0438\u0442\u0441\u044f \u0438 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 RouterOS 6.49.10 stable.\nRouterOS version 7 \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u0430.\n\n----\n\u0412\u0440\u0435\u043c\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f!", "creation_timestamp": "2023-09-07T18:45:20.000000Z"}]}