{"vulnerability": "CVE-2023-3366", "sightings": [{"uuid": "84ea123a-280e-476b-898d-e0b8e48363c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33660", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/238", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33660\n\ud83d\udd39 Description: A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.\n\ud83d\udccf Published: 2023-06-08T00:00:00\n\ud83d\udccf Modified: 2025-01-06T21:21:57.214Z\n\ud83d\udd17 References:\n1. https://github.com/emqx/nanomq\n2. https://github.com/nanomq/NanoNNG/pull/509/commits/6815c4036a2344865da393803ecdb7af27d8bde1\n3. https://github.com/emqx/nanomq/issues/1155", "creation_timestamp": "2025-01-06T21:36:23.000000Z"}, {"uuid": "1baf1d26-cd2a-4484-9841-5f0d1e1aeae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33669", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/848", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33669\n\ud83d\udd39 Description: Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-01-08T20:27:53.950Z\n\ud83d\udd17 References:\n1. https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N1/README.md\n2. https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N1", "creation_timestamp": "2025-01-08T21:14:58.000000Z"}, {"uuid": "9acc6c58-ea1d-4640-8889-9c33abc4fd73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3366", "type": "seen", "source": "https://t.me/cibsecurity/68887", "content": "\u203c CVE-2023-3366 \u203c\n\nThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-23T23:35:33.000000Z"}, {"uuid": "68de2e4f-4fd3-4966-92d3-b4ba47874b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33663", "type": "seen", "source": "https://t.me/cibsecurity/68661", "content": "\u203c CVE-2023-33663 \u203c\n\nIn the module \u00e2\u20ac\u0153Customization fields fee for your store\u00e2\u20ac\ufffd (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T18:49:54.000000Z"}, {"uuid": "659b2ced-94c6-4143-bd54-9b0e4d343777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33666", "type": "seen", "source": "https://t.me/cibsecurity/67732", "content": "\u203c CVE-2023-33666 \u203c\n\nai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T00:40:20.000000Z"}, {"uuid": "70968cb3-ceae-4399-b95c-09c9423353e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33664", "type": "seen", "source": "https://t.me/cibsecurity/66213", "content": "\u203c CVE-2023-33664 \u203c\n\nai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T20:18:07.000000Z"}, {"uuid": "bdd04417-54d6-40e5-8fad-af273f9de329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33665", "type": "seen", "source": "https://t.me/cibsecurity/67751", "content": "\u203c CVE-2023-33665 \u203c\n\nai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T07:45:54.000000Z"}, {"uuid": "bc740bb8-7734-4ba9-9bb7-6bf242792b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33668", "type": "seen", "source": "https://t.me/cibsecurity/66536", "content": "\u203c CVE-2023-33668 \u203c\n\nDigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T16:15:34.000000Z"}, {"uuid": "c4374038-8ee7-4aab-a80c-43adcf0dd025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33660", "type": "seen", "source": "https://t.me/cibsecurity/65067", "content": "\u203c CVE-2023-33660 \u203c\n\nA heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-08T16:15:57.000000Z"}]}