{"vulnerability": "cve-2023-3850", "sightings": [{"uuid": "955b9022-669f-424a-9b8c-ee9a11dc0ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5296", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass exploit - CVE-2023-38501 - Copyparty < Cross-Site Scripting [XSS]\nURL\uff1ahttps://github.com/codeb0ss/CVE-2023-38501-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-06T02:59:19.000000Z"}, {"uuid": "1c08f937-df51-43d0-81c7-b41b0591735c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1217", "content": "", "creation_timestamp": "2023-10-06T04:59:49.000000Z"}, {"uuid": "8d2c4b08-aa9f-4542-b5e7-977504f815c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38508", "type": "seen", "source": "https://t.me/cibsecurity/69170", "content": "\u203c CVE-2023-38508 \u203c\n\nTuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-25T02:13:42.000000Z"}, {"uuid": "28c7ad14-c98e-4bb9-a013-232d2f939502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38507", "type": "seen", "source": "https://t.me/cibsecurity/70623", "content": "\u203c CVE-2023-38507 \u203c\n\nStrapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-16T00:26:01.000000Z"}, {"uuid": "b068e71d-8b48-4398-82b6-45754e1932c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3850", "type": "seen", "source": "https://t.me/cibsecurity/67129", "content": "\u203c CVE-2023-3850 \u203c\n\nA vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-23T14:25:10.000000Z"}, {"uuid": "66831cb4-e2b6-4ea0-993f-bf9a7b44350d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38507", "type": "seen", "source": "https://t.me/arpsyndicate/2859", "content": "#ExploitObserverAlert\n\nCVE-2023-38507\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2023-38507. Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T14:55:36.000000Z"}, {"uuid": "274d8e8d-019c-4667-83d8-c08091d8a679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38504", "type": "seen", "source": "https://t.me/cibsecurity/67351", "content": "\u203c CVE-2023-38504 \u203c\n\nSails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T22:58:43.000000Z"}, {"uuid": "4b3a3ff5-f467-48c4-a5a7-4fe54fd54e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38505", "type": "seen", "source": "https://t.me/cibsecurity/67348", "content": "\u203c CVE-2023-38505 \u203c\n\nDietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T22:28:54.000000Z"}, {"uuid": "b8d39171-e7fb-4879-889c-d6f60e3263b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38500", "type": "seen", "source": "https://t.me/cibsecurity/67264", "content": "\u203c CVE-2023-38500 \u203c\n\nTYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:22.000000Z"}, {"uuid": "4a23f05e-eec9-4fa6-ba69-d65da4acd355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "seen", "source": "https://t.me/cibsecurity/67279", "content": "\u203c CVE-2023-38501 \u203c\n\ncopyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T02:27:12.000000Z"}, {"uuid": "33c30db2-5680-4204-9949-e704822d28f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38502", "type": "seen", "source": "https://t.me/cibsecurity/67278", "content": "\u203c CVE-2023-38502 \u203c\n\nTDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T02:27:11.000000Z"}, {"uuid": "0f417774-7f1e-4f38-85ef-fa71e7532c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38503", "type": "seen", "source": "https://t.me/cibsecurity/67276", "content": "\u203c CVE-2023-38503 \u203c\n\nDirectus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T02:27:09.000000Z"}, {"uuid": "f14b8bf1-1a17-42e8-95c5-1e4708286948", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9167", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2023-10-09T10:58:01.000000Z"}, {"uuid": "cf4fa478-82a3-4673-a673-78b74635d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1305", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2024-08-16T08:32:35.000000Z"}, {"uuid": "520d62f6-3d72-4c55-88e7-91c086205b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38501", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51635", "content": "", "creation_timestamp": "2023-07-28T00:00:00.000000Z"}]}