{"vulnerability": "cve-2023-35803", "sightings": [{"uuid": "9a81303f-c98a-4c4a-a206-9570897f5890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "published-proof-of-concept", "source": "Telegram/MBo5r8zps0JS7_29sQ2y-EFz_1BTbbIfyJGAk2lYQ326dQ", "content": "", "creation_timestamp": "2023-07-13T14:42:25.000000Z"}, {"uuid": "a2702b2d-0ae8-4119-aebe-d57efe5ca68a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4736", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine\nURL\uff1ahttps://github.com/lachlan2k/CVE-2023-35803\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-12T08:25:26.000000Z"}, {"uuid": "fbaef0af-c298-4003-b892-480c0d9cf6dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3121", "content": "25 Tools \ud83d\udd27 \ud83d\udd27 - Hackers Factory\n\n\u200b\u200bstratosphere\n\nA free and open source #OSINT platform that automatically collects every page you visit, building a private knowledge base you can analyze with Jupyter notebooks and an extensible suite of web apps including:\n\n\u2022 LinkedIn contacts and companies explorer: Explore previously browsed LinkedIn profiles and companies\n\u2022 Google search results: Review your past Google search results\n\u2022 vk.com contacts explorer: Explore previously seen vk.com contacts, highlighting their connections\n\u2022 Flows overview: Overview of web traffic intercepted in the last 10 minutes\n\nhttps://github.com/elehcimd/stratosphere\n\n#cybersecurity #infosec\n\n\u200b\u200bFreeroute\n\nA traffic router which can direct traffic to different gateways based on destination domain. It is designed to be used in conjunction with a VPN client such as OpenVPN, to allow traffic to be routed to the VPN or directly to the internet.\n\nhttps://github.com/admitrievsky/freeroute\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-2255\n\nRemote documents loaded without prompt via IFrame\n\nhttps://github.com/elweth-sec/CVE-2023-2255\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32235\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.\n\nhttps://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bEasyScan\n\nA Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.\n\nhttps://github.com/introvertmac/EasyScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCloudPrivs\n\nDetermine privileges from cloud credentials via brute-force testing.\n\nhttps://github.com/AbstractClass/CloudPrivs\n\n#infosec #pentesting #redteam\n\nBadZure\n\nBadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.\n\nhttps://github.com/mvelazc0/BadZure\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-3460\n\nUnauthorized admin access for Ultimate Member plugin POC.\n\nhttps://github.com/Fire-Null/CVE-2023-3460\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bNoSQL Injection\n\nThe Power of Secure Coding Practices: Safeguarding MongoDB Against Exploitation.\n\nhttps://github.com/kiliczsh/nosql-injection\n\n#cybersecurity #infosec\n\n\u200b\u200bFindmytakeover\n\nFind dangling domains in a multi cloud environment.\n\nhttps://github.com/anirudhbiyani/findmytakeover\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2023-35803\n\nPoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine.\n\nhttps://github.com/lachlan2k/CVE-2023-35803\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPerfExec Tooling PoC\n\nThe code is not super clean but project contains an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.\n\nhttps://github.com/0xthirteen/PerfExec\n\n#cybersecurity #infosec\n\n\u200b\u200bSharpDXWebcam \n\nUtilizing the DirectX and DShowNET assemblies to record video from the host's webcam.\n\nhttps://github.com/snovvcrash/SharpDXWebcam\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bDocumentSpark\n\nSimple secure document viewing server. Converts a document to a picture of its pages. Content disarm and reconstruction. CDR. Formerly p2. The CDR solution for BrowserBox Pro remote browser isolation.\n\nhttps://github.com/dosyago/documentspark\n\n#cybersecurity #infosec\n\n\u200b\u200bVenera Framework\n\nA tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits.\n\nhttps://github.com/farinap5/Venera\n\n#infosec #pentesting #redteam\n\n\u200b\u200bNavgix\n\nA multi-threaded golang tool that will check for nginx alias traversal vulnerabilities.\n\nhttps://github.com/hakaioffsec/navgix\n\n#infosec #pentesting #bugbounty\n\n1/2", "creation_timestamp": "2023-07-15T21:16:33.000000Z"}, {"uuid": "f0415a37-50d1-450b-87a3-0dc0caff6a93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1623", "content": "CVE-2023-35803 \nExtreme Networks/Aerohive Wireless Access Points\nPOC exploit", "creation_timestamp": "2023-07-13T06:52:26.000000Z"}, {"uuid": "4290495c-162f-48ac-93d6-af1474f39692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "seen", "source": "https://t.me/cibsecurity/71651", "content": "\u203c CVE-2023-35803 \u203c\n\nIQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-05T02:12:12.000000Z"}, {"uuid": "da3c61b6-088c-44e9-8e47-c2a4708c4c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3875", "content": "\ud83c\udf2a\ufe0f\u26a1250.8 Millions US Citizens Leak : https://system32.ink/250.8-millions-us-citizens-leak/\n\n\u2623\ufe0fMalcat (0.9.2 - 2023)  Download Free : https://system32.ink/malcat-0.9.2-2023-download-free/\n\n\ud83d\udca5\u26a1SatIntel - OSINT Tool For Satellites : https://system32.ink/satintel-osint-tool-for-satellites/\n\n\ud83d\udca9Pakistan Ministry of Finance Leak : https://system32.ink/pakistan-ministry-of-finance-leak-2022/\n\n\ud83d\udc7e\u26a1CVE-2023-2255 Exploit : https://system32.ink/%e2%80%8b%e2%80%8bcve-2023-2255-exploit/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fPoC Exploit for CVE-2023-35803 : https://system32.ink/poc-exploit-for-cve-2023-35803/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-13T14:40:41.000000Z"}]}