Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 21:37:08 +0000 528d5f53-79dd-4686-83dd-88ce3445fff6 https://vulnerability.circl.lu/sighting/528d5f53-79dd-4686-83dd-88ce3445fff6/export {"uuid": "528d5f53-79dd-4686-83dd-88ce3445fff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3635", "content": "\ud83d\udda5Dataleak: \n\n\ud83d\udd31Leak auchan(.)ru : https://system32.ink/d/leak-auchan-ru/\n\n\ud83d\udd31Leak askona(.)ru : https://system32.ink/d/leak-askona-ru/\n\n\ud83d\udd31Leak Leak book24(.)ru: https://system32.ink/d/leak-book24-ru/\n\n\ud83d\udd31BSI (Bank Syariah Indonesia) All employeers Leak : https://system32.ink/d/bsi-bank-syariah-indonesia-all-employeers-full-database/\n\n\ud83d\udd31Leak uprz(.)ru : https://system32.ink/d/leak-uprz-ru/\n\n\ud83d\udda5Exploit:\n\n\ud83d\udd31CVE-2023-25157 GeoServer SQL Injection \u2013 PoC : https://system32.ink/d/cve-2023-25157-geoserver-sql-injection-poc/\n\n\ud83d\udd31Public key authentication bypass in libssh POC : https://system32.ink/d/public-key-authentication-bypass-in-libssh-poc/\n\n\ud83d\udd31CVE-2023-33829: SCM Manager XSS: https://system32.ink/d/cve-2023-33829-scm-manager-xss/\n\n\ud83d\udda5ToolS:\n\n\ud83d\udd31SMSCaster a Tool to send Sms with GSM senders : https://system32.ink/d/smscaster-a-tool-to-send-sms-with-gsm-senders/\n\n\ud83d\udd31ATM Scanner Vulns : https://system32.ink/d/atm-scanner-vulns/", "creation_timestamp": "2023-06-08T06:54:48.000000Z"} {"uuid": "528d5f53-79dd-4686-83dd-88ce3445fff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3635", "content": "\ud83d\udda5Dataleak: \n\n\ud83d\udd31Leak auchan(.)ru : https://system32.ink/d/leak-auchan-ru/\n\n\ud83d\udd31Leak askona(.)ru : https://system32.ink/d/leak-askona-ru/\n\n\ud83d\udd31Leak Leak book24(.)ru: https://system32.ink/d/leak-book24-ru/\n\n\ud83d\udd31BSI (Bank Syariah Indonesia) All employeers Leak : https://system32.ink/d/bsi-bank-syariah-indonesia-all-employeers-full-database/\n\n\ud83d\udd31Leak uprz(.)ru : https://system32.ink/d/leak-uprz-ru/\n\n\ud83d\udda5Exploit:\n\n\ud83d\udd31CVE-2023-25157 GeoServer SQL Injection \u2013 PoC : https://system32.ink/d/cve-2023-25157-geoserver-sql-injection-poc/\n\n\ud83d\udd31Public key authentication bypass in libssh POC : https://system32.ink/d/public-key-authentication-bypass-in-libssh-poc/\n\n\ud83d\udd31CVE-2023-33829: SCM Manager XSS: https://system32.ink/d/cve-2023-33829-scm-manager-xss/\n\n\ud83d\udda5ToolS:\n\n\ud83d\udd31SMSCaster a Tool to send Sms with GSM senders : https://system32.ink/d/smscaster-a-tool-to-send-sms-with-gsm-senders/\n\n\ud83d\udd31ATM Scanner Vulns : https://system32.ink/d/atm-scanner-vulns/", "creation_timestamp": "2023-06-08T06:54:48.000000Z"} https://vulnerability.circl.lu/sighting/528d5f53-79dd-4686-83dd-88ce3445fff6/export Thu, 08 Jun 2023 06:54:48 +0000 5889f5f3-3322-4d31-bf9d-42b8913f7cc4 https://vulnerability.circl.lu/sighting/5889f5f3-3322-4d31-bf9d-42b8913f7cc4/export {"uuid": "5889f5f3-3322-4d31-bf9d-42b8913f7cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "Telegram/yQ6S4ZyZuQP8mKzezf1BQcvxva051_sxizI1YHgjKAB8ww", "content": "", "creation_timestamp": "2023-06-08T06:55:59.000000Z"} {"uuid": "5889f5f3-3322-4d31-bf9d-42b8913f7cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "Telegram/yQ6S4ZyZuQP8mKzezf1BQcvxva051_sxizI1YHgjKAB8ww", "content": "", "creation_timestamp": "2023-06-08T06:55:59.000000Z"} https://vulnerability.circl.lu/sighting/5889f5f3-3322-4d31-bf9d-42b8913f7cc4/export Thu, 08 Jun 2023 06:55:59 +0000 38826cf2-0b52-4a6a-998d-d23d5f325a78 https://vulnerability.circl.lu/sighting/38826cf2-0b52-4a6a-998d-d23d5f325a78/export {"uuid": "38826cf2-0b52-4a6a-998d-d23d5f325a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8454", "content": "#exploit\n1. CVE-2023-33865, CVE-2023-33864, CVE-2023-33863:\nLPE and RCE in RenderDoc\nhttps://seclists.org/fulldisclosure/2023/Jun/2\n\n2. CVE-2023-33829:\nSCM Manager XSS\nhttps://github.com/CKevens/CVE-2023-33829-POC", "creation_timestamp": "2023-06-08T12:39:13.000000Z"} {"uuid": "38826cf2-0b52-4a6a-998d-d23d5f325a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8454", "content": "#exploit\n1. CVE-2023-33865, CVE-2023-33864, CVE-2023-33863:\nLPE and RCE in RenderDoc\nhttps://seclists.org/fulldisclosure/2023/Jun/2\n\n2. CVE-2023-33829:\nSCM Manager XSS\nhttps://github.com/CKevens/CVE-2023-33829-POC", "creation_timestamp": "2023-06-08T12:39:13.000000Z"} https://vulnerability.circl.lu/sighting/38826cf2-0b52-4a6a-998d-d23d5f325a78/export Thu, 08 Jun 2023 12:39:13 +0000 556b0b5e-bb2b-422d-bf62-bfc27db78984 https://vulnerability.circl.lu/sighting/556b0b5e-bb2b-422d-bf62-bfc27db78984/export {"uuid": "556b0b5e-bb2b-422d-bf62-bfc27db78984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3080", "content": "30 Tools \ud83d\udd27 \ud83d\udee0\ud83e\ude9b\ud83d\udd28 - Hackers Factory \n\nBREAD\n\nBREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable.\n\nhttps://github.com/Theldus/bread\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bGTScan \u2014 The Nmap Scanner for Telco\n\nGTScan relies on using empty TCAP layers as probes to detect listening subsystem numbers (i.e application port numbers like 80 for http, 443 for https but for telecom nodes) on the respective global titles. With this way will be able to map the network and use the results to conduct targeted direct attacks to the respective nodes.\n\nhttps://github.com/SigPloiter/GTScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bYAWNING-TITAN\n\nYAWNING-TITAN (YT) is an abstract, graph based cyber-security simulation environment that supports the training of intelligent agents for autonomous cyber operations. YAWNING-TITAN currently only supports defensive autonomous agents who face off against probabilistic red agents.\n\nhttps://github.com/dstl/Yawning-Titan\n\n#cybersecurity #infosec\n\n\u200b\u200bIRCP\n\nA robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers.\n\nhttps://github.com/internet-relay-chat/IRCP\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bTinyCheck\n\nTinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs).\n\nhttps://github.com/KasperskyLab/TinyCheck\n\n#cybersecurity #infosec\n\n\u200b\u200bDropSpawn\n\nA #CobaltStrike BOF used to spawn additional Beacons via a relatively unknown method of DLL hijacking. Works x86-x86, x64-x64, and x86-x64/vice versa. Use as an alternative to process injection.\n\nhttps://github.com/Octoberfest7/DropSpawn_BOF\n\n#infosec #pentesting #redteam\n\n\u200b\u200bInstagram-Lookup\n\nThis script allows you to search for an Instagram profile using user ID or retrieve a profile's ID by username. It utilizes the Instagram API to retrieve profile information based on the provided input.\n\nhttps://github.com/AyalX/Instagram-Lookup\n\n#OSINT #recon #infosec\n\n\u200b\u200bScreenshotBOFPlus\n\nTake a screenshot without injection for #CobaltStrike. I only made minor optimizations to the existing code, and made it support the ability to get a complete screenshot when global scaling is initiated on Windows.\n\nhttps://github.com/baiyies/ScreenshotBOFPlus\n\n#infosec #pentesting #redteam\n\n\u200b\u200bBytesafe\n\nSecurity platform that protects organizations from open source software supply chain attacks.\n\nhttps://github.com/bitfront-se/bytesafe-ce\n\n#cybersecurity #infosec\n\n\u200b\u200bSignatureGate\n\nWeaponized version of HellsGate, bypassing AV/EDR/EPPs by abusing opt-in-fix CVE-2013-3900. \n\nhttps://github.com/florylsk/SignatureGate\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-33829\n\nSCM Manager XSS\n\nhttps://github.com/CKevens/CVE-2023-33829-POC\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bBypassNeo-reGeorg\n\nAnti-kill version Neo-reGeorg.\n\nhttps://github.com/r00tSe7en/BypassNeo-reGeorg\n\n#infosec #pentesting #redteam\n\n\u200b\u200bUTopia\n\nA tool for automatically generating fuzz drivers from unit tests.\n\nhttps://github.com/Samsung/UTopia\n\n#cybersecurity #infosec\n\n\u200b\u200bShellcode PageSplit\n\nSplitting and executing shellcode across multiple pages.\n\nhttps://github.com/x0reaxeax/PageSplit\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-2283\n\nAuthentication bypass vulnerability in libssh, which, under certain conditions, may enable a remote attacker to gain unauthorized access to another user\u2019s account via ssh login.\n\nhttps://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283\n\n#cybersecurity #infosec\n\n\u200b\u200bIndoXploit-Shell \n\nhttps://github.com/flux10n/IndoXploit-WebShell\n\n#infosec #pentesting #redteam\n\n\u200b\u200b1/2", "creation_timestamp": "2023-06-10T10:53:16.000000Z"} {"uuid": "556b0b5e-bb2b-422d-bf62-bfc27db78984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3080", "content": "30 Tools \ud83d\udd27 \ud83d\udee0\ud83e\ude9b\ud83d\udd28 - Hackers Factory \n\nBREAD\n\nBREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable.\n\nhttps://github.com/Theldus/bread\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bGTScan \u2014 The Nmap Scanner for Telco\n\nGTScan relies on using empty TCAP layers as probes to detect listening subsystem numbers (i.e application port numbers like 80 for http, 443 for https but for telecom nodes) on the respective global titles. With this way will be able to map the network and use the results to conduct targeted direct attacks to the respective nodes.\n\nhttps://github.com/SigPloiter/GTScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bYAWNING-TITAN\n\nYAWNING-TITAN (YT) is an abstract, graph based cyber-security simulation environment that supports the training of intelligent agents for autonomous cyber operations. YAWNING-TITAN currently only supports defensive autonomous agents who face off against probabilistic red agents.\n\nhttps://github.com/dstl/Yawning-Titan\n\n#cybersecurity #infosec\n\n\u200b\u200bIRCP\n\nA robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers.\n\nhttps://github.com/internet-relay-chat/IRCP\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bTinyCheck\n\nTinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs).\n\nhttps://github.com/KasperskyLab/TinyCheck\n\n#cybersecurity #infosec\n\n\u200b\u200bDropSpawn\n\nA #CobaltStrike BOF used to spawn additional Beacons via a relatively unknown method of DLL hijacking. Works x86-x86, x64-x64, and x86-x64/vice versa. Use as an alternative to process injection.\n\nhttps://github.com/Octoberfest7/DropSpawn_BOF\n\n#infosec #pentesting #redteam\n\n\u200b\u200bInstagram-Lookup\n\nThis script allows you to search for an Instagram profile using user ID or retrieve a profile's ID by username. It utilizes the Instagram API to retrieve profile information based on the provided input.\n\nhttps://github.com/AyalX/Instagram-Lookup\n\n#OSINT #recon #infosec\n\n\u200b\u200bScreenshotBOFPlus\n\nTake a screenshot without injection for #CobaltStrike. I only made minor optimizations to the existing code, and made it support the ability to get a complete screenshot when global scaling is initiated on Windows.\n\nhttps://github.com/baiyies/ScreenshotBOFPlus\n\n#infosec #pentesting #redteam\n\n\u200b\u200bBytesafe\n\nSecurity platform that protects organizations from open source software supply chain attacks.\n\nhttps://github.com/bitfront-se/bytesafe-ce\n\n#cybersecurity #infosec\n\n\u200b\u200bSignatureGate\n\nWeaponized version of HellsGate, bypassing AV/EDR/EPPs by abusing opt-in-fix CVE-2013-3900. \n\nhttps://github.com/florylsk/SignatureGate\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-33829\n\nSCM Manager XSS\n\nhttps://github.com/CKevens/CVE-2023-33829-POC\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bBypassNeo-reGeorg\n\nAnti-kill version Neo-reGeorg.\n\nhttps://github.com/r00tSe7en/BypassNeo-reGeorg\n\n#infosec #pentesting #redteam\n\n\u200b\u200bUTopia\n\nA tool for automatically generating fuzz drivers from unit tests.\n\nhttps://github.com/Samsung/UTopia\n\n#cybersecurity #infosec\n\n\u200b\u200bShellcode PageSplit\n\nSplitting and executing shellcode across multiple pages.\n\nhttps://github.com/x0reaxeax/PageSplit\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-2283\n\nAuthentication bypass vulnerability in libssh, which, under certain conditions, may enable a remote attacker to gain unauthorized access to another user\u2019s account via ssh login.\n\nhttps://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283\n\n#cybersecurity #infosec\n\n\u200b\u200bIndoXploit-Shell \n\nhttps://github.com/flux10n/IndoXploit-WebShell\n\n#infosec #pentesting #redteam\n\n\u200b\u200b1/2", "creation_timestamp": "2023-06-10T10:53:16.000000Z"} https://vulnerability.circl.lu/sighting/556b0b5e-bb2b-422d-bf62-bfc27db78984/export Sat, 10 Jun 2023 10:53:16 +0000 2dfbfbb4-6b2f-481e-bd20-4ea509ac259a https://vulnerability.circl.lu/sighting/2dfbfbb4-6b2f-481e-bd20-4ea509ac259a/export {"uuid": "2dfbfbb4-6b2f-481e-bd20-4ea509ac259a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "Telegram/6YMYgXaTeaTMlsushUbrL-ALfpXZDXxKt9CDuYJIpRmPLcY", "content": "", "creation_timestamp": "2023-06-12T21:13:08.000000Z"} {"uuid": "2dfbfbb4-6b2f-481e-bd20-4ea509ac259a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33829", "type": "published-proof-of-concept", "source": "Telegram/6YMYgXaTeaTMlsushUbrL-ALfpXZDXxKt9CDuYJIpRmPLcY", "content": "", "creation_timestamp": "2023-06-12T21:13:08.000000Z"} https://vulnerability.circl.lu/sighting/2dfbfbb4-6b2f-481e-bd20-4ea509ac259a/export Mon, 12 Jun 2023 21:13:08 +0000