{"vulnerability": "CVE-2023-27372", "sightings": [{"uuid": "1da05d15-ac01-49af-9445-bd24424ff12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "MISP/56626e53-6379-435a-9535-a3d292e0fbd9", "content": "", "creation_timestamp": "2023-06-28T18:16:32.000000Z"}, {"uuid": "3a3c91cd-1eb7-4e86-b7b0-412ca5048e0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51536", "content": "", "creation_timestamp": "2023-06-20T00:00:00.000000Z"}, {"uuid": "3f3069c1-16ef-462a-8556-46911dec6dcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "85f1faaa-92b8-484a-90d8-e85d3ad47487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/spip_rce_form.rb", "content": "", "creation_timestamp": "2024-09-11T14:19:17.000000Z"}, {"uuid": "0b407564-9a22-4f2c-a528-e4c401c87a8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:52.000000Z"}, {"uuid": "58875f14-a112-418b-a137-4d16e0574bd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "5ed129e7-7505-4247-9104-c176d8f1cb82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/AGENTZSECURITY/1245", "content": "https://github.com/attacker-codeninja/My-Nuclei-Templates-2\nhttps://github.com/badboy-sft/badboy_17-Nuclei-Templates-Collection\nhttps://github.com/bhataasim1/PersonalTemplates\nhttps://github.com/bjhulst/nuclei-custom-templates\nhttps://github.com/bufferbandit/gitScanNucleiTemplate\nhttps://github.com/bugbountydude/Nuclei-TamplatesBackup\nhttps://github.com/c3l3si4n/malicious_nuclei_templates\nhttps://github.com/chouaibhm/foulenzer-templates\nhttps://github.com/cipher387/juicyinfo-nuclei-templates\nhttps://github.com/compr00t/nuclei-templates\nhttps://github.com/e1abrador/SpringCorePoC.sh\nhttps://github.com/emadshanab/nucleiDB\nhttps://github.com/ibaiw/nuclei_templates\nhttps://github.com/kh4sh3i/Nextcloud-Pentesting\nhttps://github.com/kh4sh3i/Webmin-CVE\nhttps://github.com/learnerboy88/CVE-2023-29489\nhttps://github.com/lliwi/nuclei-repo-hunter\nhttps://github.com/manasmbellani/nuclei-templates\nhttps://github.com/marcositu/nuclei-custom-templates\nhttps://github.com/mertugur/nuclei-templates\nhttps://github.com/milo2012/nuclei-templates-others\nhttps://github.com/narasimha5x5/nuclei-templates\nhttps://github.com/nullfuzz-pentest/custom-nuclei-templates\nhttps://github.com/numanturle/CVE-2022-41040\nhttps://github.com/p0ch4t/nuclei-special-templates\nhttps://github.com/p3n73st3r/Nuclei-Templates\nhttps://github.com/pentest-dev/Profesional-Nuclei-Templates\nhttps://github.com/psc4re/nuclei-templates\nhttps://github.com/rahul-nakum14/Recon\nhttps://github.com/rutgerhrm/valid8\nhttps://github.com/samy1937/mynuclei_templates\nhttps://github.com/shubham-rooter/Nuclei-custom-templates\nhttps://github.com/sl4x0/NC-Templates\nhttps://github.com/sudouday/nuclei-templates\nhttps://github.com/sushant-kamble/mynuclei-template\nhttps://github.com/tamimhasan404/Open-Source-Nuclei-Templates-Downloader\nhttps://github.com/thecyberneh/nuclei-templatess\nhttps://github.com/thecybertix/Nuclei-templates\nhttps://github.com/themoonbaba/private_templates\nhttps://github.com/twseptian/custom-nuclei-templates\nhttps://github.com/vidocsecurity/templates\nhttps://github.com/vishal12300/all_nuclei_templatess\nhttps://github.com/vulnspace/nuclei-templates\nhttps://github.com/websecresearch/nucleirecordloginsession\nhttps://github.com/windyGarlic/nuclei-templates\nhttps://github.com/xinZa1/template\nhttps://github.com/yarovit-developer/nuclei-templates\nhttps://github.com/vsh00t/nuclei-templates\nhttps://github.com/nikhilhvr/nuclei-templates\nhttps://github.com/ed-red/redmc_custom_templates_nuclei\nhttps://github.com/DrakenKun-cyber/Templates\nhttps://github.com/Dalaho-bangin/nuclei-templates2\nhttps://github.com/Mr-xn/CVE-2023-23333\nhttps://github.com/boobooHQ/private_templates\nhttps://github.com/Erenlancaster/CVE-2021-46704\nhttps://github.com/stevemason/nuclei-template-forked-daapd-path-traversal\nhttps://github.com/topscoder/nuclei-zero-day\nhttps://github.com/mdube99/nuclei-templates\nhttps://github.com/nuts7/CVE-2023-27372\nhttps://github.com/k00kx/nuclei-templates\nhttps://github.com/YashVardhanTrip/nuclei-templates\nhttps://github.com/Deep2142004/Nuclei-Templates\nhttps://github.com/RajaUzairAbdullah/nuclei-templates\nhttps://github.com/mdube99/custom-nuclei-templates\nhttps://github.com/Esonhugh/public-nuclei-template\nhttps://github.com/Rabb1ter/nuclei-templates\nhttps://github.com/zodmagus/z0ds3c-Nuclei-Templates\nhttps://github.com/thefool45/nuclei-templates\nhttps://github.com/SumedhDawadi/Nuclei_Template_Subdomain_Takeover\nhttps://github.com/r3dcl1ff/Symfony-Fuck\nhttps://github.com/polling-repo-continua/KozinTemplates\nhttps://github.com/b4dboy17/badboy_17-Nuclei-Templates-Collection\nhttps://github.com/narasimhareddy5x5/nuclei-templates\nhttps://github.com/baharebenesbordi/Nuclei-Templates\nhttps://github.com/v3l4r10/Nuclei-Templates\nhttps://github.com/Deepparasiya/Nuclei-Templates\nhttps://github.com/valaDevs/env-js-nuclei", "creation_timestamp": "2025-04-22T02:52:21.000000Z"}, {"uuid": "9c6b734a-5ff1-4ba4-adb5-f90eb833f3b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4618", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aSPIP Vulnerability Scanner - CVE-2023-27372 Detector\nURL\uff1ahttps://github.com/Chocapikk/CVE-2023-27372\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-25T19:35:56.000000Z"}, {"uuid": "d1191ef4-7d72-4ce7-bfea-c17716a0e3a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4723", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-27372-SPIP-CMS-Bypass\nURL\uff1ahttps://github.com/izzz0/CVE-2023-27372-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-11T10:24:05.000000Z"}, {"uuid": "6ad51f13-b726-4184-a872-ac71d31f06aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7145", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27372\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n\ud83d\udccf Published: 2023-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T14:27:45.289Z\n\ud83d\udd17 References:\n1. https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html\n2. https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266\n3. https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d\n4. https://www.debian.org/security/2023/dsa-5367\n5. http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html\n6. http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html", "creation_timestamp": "2025-03-11T14:39:38.000000Z"}, {"uuid": "fb1a1475-f4cd-4b89-8f47-f53fab031574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "Telegram/FXJxDe8XguxkKYlovSvBVM8kIvGQE21Xz1NTW-TenA", "content": "", "creation_timestamp": "2023-08-08T11:22:19.000000Z"}, {"uuid": "56061b2e-f5e6-4a33-ac4b-963fb6c2abbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5102", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aThis is a PoC for CVE-2023-27372 and spawns a fully interactive shell.\nURL\uff1ahttps://github.com/redboltsec/CVE-2023-27372-PoC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-07T16:31:01.000000Z"}, {"uuid": "8aa870b6-6fb6-43ac-9a8c-fdeb8859ccba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "Telegram/Wgh9I_6Pt4K1UFsK6lXbnk0AueReVnqreF5ZoTLINHuI9Cs", "content": "", "creation_timestamp": "2025-04-28T23:00:05.000000Z"}, {"uuid": "869edb69-5aaf-48b9-99ef-6a02ab5fe3c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/AGENTZSECURITY/1252", "content": "https://github.com/mdsabbirkhan/0xPugazh-my-nuclei-templates\nhttps://github.com/mdube99/custom-nuclei-templates\nhttps://github.com/mdube99/nuclei-templates\nhttps://github.com/medbsq/ncl\nhttps://github.com/meme-lord/Custom-Nuclei-Templates\nhttps://github.com/mertugur/nuclei-templates\nhttps://github.com/microphone-mathematics/custom-nuclei-templates\nhttps://github.com/milo2012/nuclei-templates-others\nhttps://github.com/myuyu/nuclei-templates\nhttps://github.com/n1f2c3/mytemplates\nhttps://github.com/narasimha5x5/nuclei-templates\nhttps://github.com/narasimhareddy5x5/nuclei-templates\nhttps://github.com/nicholasaleks/NucleiGPT\nhttps://github.com/nikhilhvr/nuclei-templates\nhttps://github.com/notnotnotveg/nuclei-custom-templates\nhttps://github.com/nullfuzz-pentest/custom-nuclei-templates\nhttps://github.com/numanturle/CVE-2022-41040\nhttps://github.com/nuts7/CVE-2023-27372\nhttps://github.com/obreinx/nuceli-templates\nhttps://github.com/optiv/mobile-nuclei-templates\nhttps://github.com/p0ch4t/nuclei-special-templates\nhttps://github.com/p3n73st3r/Nuclei-Templates\nhttps://github.com/panch0r3d/nuclei-templates\nhttps://github.com/peanuth8r/Nuclei_Templates\nhttps://github.com/pentest-dev/Profesional-Nuclei-Templates\nhttps://github.com/pikpikcu/nuclei-templates\nhttps://github.com/ping-0day/templates\nhttps://github.com/polling-repo-continua/KozinTemplates\nhttps://github.com/praetorian-inc/chariot-launch-nuclei-templates\nhttps://github.com/praetorian-inc/zeroqlik-detect\nhttps://github.com/psc4re/nuclei-templates\nhttps://github.com/ptyspawnbinbash/template-enhancer\nhttps://github.com/qaisarafridi/MY-Nuclei-Templates\nhttps://github.com/r3dcl1ff/Symfony-Fuck\nhttps://github.com/rafaelcaria/Nuclei-Templates\nhttps://github.com/rafaelwdornelas/my-nuclei-templates\nhttps://github.com/rahul-nakum14/Recon\nhttps://github.com/rahulkadavil/nuclei-templates\nhttps://github.com/randomstr1ng/nuclei-sap-templates\nhttps://github.com/redteambrasil/nuclei-templates\nhttps://github.com/ree4pwn/my-nuclei-templates\nhttps://github.com/reewardius/mytemplates-log4shell\nhttps://github.com/reewardius/nuclei-special-templates\nhttps://github.com/reewardius/nuclei-templates\nhttps://github.com/reewardius/nuclei-templates-new\nhttps://github.com/ricardomaia/nuclei-template-generator-for-wordpress-plugins\nhttps://github.com/rutgerhrm/valid8\nhttps://github.com/sadnansakin/my-nuclei-templates\nhttps://github.com/samy1937/mynuclei_templates\nhttps://github.com/schooldropout1337/nuclei-templates\nhttps://github.com/securitytest3r/nuclei_templates_work\nhttps://github.com/sharathkramadas/k8s-nuclei-templates\nhttps://github.com/shifa123/detections\nhttps://github.com/shubham-rooter/Nuclei-custom-templates\nhttps://github.com/sl4x0/NC-Templates\nhttps://github.com/smaranchand/nuclei-templates\nhttps://github.com/soapffz/myown-nuclei-poc\nhttps://github.com/soumya123raj/Nuclei\nhttps://github.com/souzomain/mytemplates\nhttps://github.com/stevemason/nuclei-template-forked-daapd-path-traversal\nhttps://github.com/sudouday/nuclei-templates\nhttps://github.com/sushant-kamble/mynuclei-template\nhttps://github.com/szybnev/nuclei-custom\nhttps://github.com/tamimhasan404/Open-Source-Nuclei-Templates-Downloader\nhttps://github.com/test502git/log4j-fuzz-head-poc\nhttps://github.com/testtt3424/nuclei-templates\nhttps://github.com/th3-r3sistanc3/nuclei-templates\nhttps://github.com/th3r4id/nuclei-templates\nhttps://github.com/thebrnwal/Content-Injection-Nuclei-Script\nhttps://github.com/thecyberneh/nuclei-templatess\nhttps://github.com/thecybertix/Nuclei-templates\nhttps://github.com/thefool45/nuclei-templates\nhttps://github.com/thelabda/nuclei-templates\nhttps://github.com/themoonbaba/private_templates\nhttps://github.com/topscoder/nuclei-wordfence-cve\nhttps://github.com/topscoder/nuclei-zero-day\nhttps://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228", "creation_timestamp": "2025-04-22T02:52:22.000000Z"}, {"uuid": "b7e309ff-8196-4f08-8f72-7a8b252061ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3096", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  - Hackers Factory \n\n\u200b\u200bSophia Script for Windows\n\nThe largest PowerShell module on GitHub for Windows 10 & Windows 11 for fine-tuning and automating the routine tasks. It offers more than 150 unique tweaks, and shows how Windows can be configured without making any harm to it.\n\nhttps://github.com/farag2/Sophia-Script-for-Windows\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-35844\n\nLightdash directory traversal.\n\nhttps://github.com/Szlein/CVE-2023-35844\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27372 \n\nSPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner \ud83d\udee1\ud83d\udcbb\n\nhttps://github.com/Chocapikk/CVE-2023-27372\n\n#cve #cybersecurity #infosec\n\nUTBotCpp\n\nTool that generates unit test by C/C++ source code, trying to reach all branches and maximize code coverage.\n\nhttps://github.com/UnitTestBot/UTBotCpp\n\n#cybersecurity #infosec\n\n\u200b\u200bthreat-composer\n\nA threat modeling tool to help humans to reduce time-to-value when threat modeling.\n\nhttps://github.com/awslabs/threat-composer\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-33140\n\nMicrosoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker.\n\nhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140\n\n#cve #exploit #RCE\n\n\u200b\u200b\u267b\ufe0f CrackMapExec (a.k.a CME) \n\nA post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of \"Living off the Land\": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.\n\nhttps://github.com/mpgn/CrackMapExec\n\nWiki:\nhttps://wiki.porchetta.industries/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSecret Fragment exploit v2\n\nThis exploit is a V2 that provides clearer output, new code execution methods, and fixes a few bugs.\n\nDetails:\nhttps://www.ambionics.io/blog/symfony-secret-fragment\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCoffee\n\nA custom implementation of the original Cobalt Strike's beacon_inline_execute. It is written in Rust and supports most of the features of the #CobaltStrike compatibility layer. Coffee is structured so it can be used as a library in other projects too.\n\nhttps://github.com/hakaioffsec/coffee\n\n#infosec #pentesting #redteam\n\n\u200b\u200b\ud83d\udc0d Pyscan\n\nPython dependency vulnerability scanner, written in Rust.\n\nhttps://github.com/aswinnnn/pyscan\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-28T15:16:50.000000Z"}, {"uuid": "99c69342-283d-4998-aa4c-889613730914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "Telegram/um7znkuFP5jGDQJzOSWnS_HQUMBte84tLXs9M1m_HeHRzA", "content": "", "creation_timestamp": "2023-06-23T10:50:49.000000Z"}, {"uuid": "f4a2f019-9f35-4f0d-87e6-4c88ca29915a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/2823", "content": "CVE-2023-27372\n\nSPIP (before 4.2.1)\nRCE\n\nhttps://github.com/nuts7/CVE-2023-27372", "creation_timestamp": "2023-07-29T05:28:51.000000Z"}, {"uuid": "a5673903-c8f9-4787-b74a-faa090811c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5292", "content": "CVE-2023-27372\nhttps://har-sia.info/CVE-2023-27372.html", "creation_timestamp": "2023-07-15T19:08:01.000000Z"}, {"uuid": "3d286760-a60e-40c5-a5bf-4ba548826b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3090", "content": "25 Tools \ud83d\udd27 \ud83d\udd28\ud83d\udd27\ud83d\udd28-  Hackers Factory \n\n\u200b\u200bCVE-2023-27997u\n\nSafely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing.\n\nhttps://github.com/BishopFox/CVE-2023-27997-check\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bServer-Side Prototype Pollution\n\nThis repository contains a collection of Server-Side Prototype Pollution gadgets in Node.js core code and 3rd party NPM packages.\n\nhttps://github.com/yuske/server-side-prototype-pollution\n\n#cybersecurity #infosec\n\n\u200b\u200bRIDS - Remote ID Spoofer\n\nAn ESP8266/NodeMCU Drone RemoteID Spoofer. This spawns 16 different fake drones broadcasting RemoteID, with them all flying in random directions around a particular GPS location. \n\nhttps://github.com/jjshoots/RemoteIDSpoofer\n\n#cybersecurity #infosec\n\n\u200b\u200bSteganim\n\nNim implementation of storing a payload into the least significant bit of each byte of an image. Using this technique to remotely fetch shellcode or other secrets at runtime can help into removing some IOCs like payload entropy.\n\nhttps://github.com/OffenseTeacher/Steganim\n\n#infosec #pentesting #redteam\n\n\u200b\u200bqualcomm_baseband_scripts\n\nCollection of scripts for reversing Qualcomm Hexagon baseband / modem firmware.\n\nhttps://github.com/mzakocs/qualcomm_baseband_scripts\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-1454\n\nJeecg Boot qurestSql SQL vuln\n\nhttps://github.com/Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bSilent Spring\n\nPrototype Pollution Leads to Remote Code Execution in Node.js\n\nhttps://github.com/yuske/silent-spring\n\n#cybersecurity #infosec\n\n\u200b\u200bSemgrep Rules for Android Application Security\n\nA collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.\n\nhttps://github.com/mindedsecurity/semgrep-rules-android-security\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-30347\n\nReflected Cross-Site-Scripting in Neox Contact Center\n\nhttps://github.com/huzefa2212/CVE-2023-30347\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bEFI Resolver\n\nA Binary Ninja plugin that automatically resolves type information for EFI protocol usage.\n\nhttps://github.com/Vector35/efi-resolver\n\n#cybersecurity #infosec\n\n\u200b\u200bGhostFart\n\nUnhooking is performed via indirect syscalls Leveraging NTAPI to grab NTDLL for unhooking without triggering \"PspCreateProcessNotifyRoutine\"\n\nhttps://github.com/mansk1es/GhostFart\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27372\n\nSPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n\nhttps://github.com/nuts7/CVE-2023-27372\n\ncve #cybersecurity #infosec\n\n\u200b\u200bkbtls\n\nKey-Based TLS - Mutually Trusted TLS Connections Based on a Pre-Shared Connection Key.\n\nhttps://github.com/RedTeamPentesting/kbtls\n\n#infosec #pentesting #redteam\n\n\u200b\u200bArtemis\n\nA modular web reconnaissance tool and vulnerability scanner based on Karton.\n\nhttps://github.com/CERT-Polska/Artemis\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bRS-Shell\n\nA dirty PoC for a reverse shell with cool features in Rust.\n\nhttps://github.com/BlWasp/rs-shell\n\n#infosec #pentesting #redteam\n\n\u200b\u200bInvoke-PowerExtract\n\nThis tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process.\n\nhttps://github.com/powerseb/PowerExtract\n\n#infosec #pentesting #redteam\n\nRPC Firewall\n\nCheck out our RPC Firewall blog post or our BlackHat talk to gain better understanding of RPC, RPC attacks and the solution: the RPC Firewall.\n\nhttps://github.com/zeronetworks/rpcfirewall\n\n#cybersecurity #infosec\n\n\u200b\u200bGooFuzz \n\nA tool to perform fuzzing with an #OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).\n\nhttps://github.com/m3n0sd0n4ld/GooFuzz\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200b1/2", "creation_timestamp": "2023-06-24T16:00:44.000000Z"}, {"uuid": "fb963005-5a20-421b-adc5-d2a9b061320b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "Telegram/k1aw5B9ColmBxsT2NRsMAhg5O_mmuNNuvfqPg0IhIAkjVjE", "content": "", "creation_timestamp": "2023-07-29T04:57:05.000000Z"}, {"uuid": "1a80a04c-a7c1-4b15-ba89-f361f212a661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "https://t.me/proxy_bar/1588", "content": "CVE-2023-27372\nSPIP (before 4.2.1)\nRCE\nEXploit\n\n#spip #rce", "creation_timestamp": "2023-06-25T09:39:06.000000Z"}, {"uuid": "2e26f397-9e5a-4b9c-97de-8ee724ec4bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "seen", "source": "https://t.me/cibsecurity/59155", "content": "\u203c CVE-2023-27372 \u203c\n\nSPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T22:32:44.000000Z"}, {"uuid": "34887969-6712-423c-a73a-fba57c44c731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/DailyToolz/988", "content": "https://github.com/Pari-Malam/CVE-2023-27372\n- @blackcybersec", "creation_timestamp": "2023-07-31T22:56:18.000000Z"}, {"uuid": "15d7b9c2-a119-495b-bd79-9e2b99198ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3719", "content": "\ud83d\udda5Database:\n\n\ud83d\udd31Sindad_com Leak database : https://www.system32.ink/2023/06/sindadcom-leak-database.html\n\n\ud83d\udd31SkyBuzz \u2013 Motivational Images App Data Leak : https://www.system32.ink/2023/06/skybuzz-motivational-images-data-leak.html\n\n\ud83d\udda5Exploit:\n\n\ud83d\udd31CVE-2023-27372 Exploit SPIP before 4.2.1 allows Remote Code Execution  : https://www.system32.ink/2023/06/cve-2023-27372-exploit-spip-before-421.html\n\n\ud83d\udda5Stealer & Builder:\n\n\ud83d\udd31HTA Exploit Builder : https://www.system32.ink/2023/06/hta-exploit-builder.html\n\n\ud83d\udd31Prynt Stealer Download : https://www.system32.ink/2023/06/prynt-stealer-cracked-download.html\n\n@crackcodes | crackcodes.in | System32.ink", "creation_timestamp": "2023-06-23T10:49:17.000000Z"}, {"uuid": "7f178a3a-4449-4885-be89-8a2f36f827ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8566", "content": "#tools\n#Blue_Team_Techniques\nCVE-2023-27372 SPIP <4.2.1 - RCE Vulnerability Scanner\nhttps://github.com/Chocapikk/CVE-2023-27372", "creation_timestamp": "2023-06-27T11:00:43.000000Z"}, {"uuid": "603a14ac-4e23-4871-8cc8-8fb4f5cdf69a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "Telegram/bRz_cS9yHAB4nvFSaPLAGw_kBB8GcNfom8hUwZ6rO4DcgziQwg", "content": "", "creation_timestamp": "2023-06-26T00:18:01.000000Z"}, {"uuid": "5e93e713-93c5-4d44-afa9-a0a959d75dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/662", "content": "SPIP - RCE\nhttps://github.com/nuts7/CVE-2023-27372\n#github", "creation_timestamp": "2023-08-28T13:45:03.000000Z"}, {"uuid": "4e3f8a67-dc45-4990-8d97-6765bec50d2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8529", "content": "#exploit\n1. CVE-2023-27372:\nSPIP <4.2.1 - RCE\nhttps://github.com/nuts7/CVE-2023-27372\n\n2. CVE-2023-32412:\niOS/macOS libIPTelephony.dylib UaF\nhttps://packetstormsecurity.com/files/172990", "creation_timestamp": "2023-06-22T05:41:46.000000Z"}]}