{"vulnerability": "cve-2023-2290", "sightings": [{"uuid": "952d58ba-f1f4-4243-88de-2e5fe2c51c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22906", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4708", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aProof of Concept for CVE-2023-22906\nURL\uff1ahttps://github.com/nonamecoder/CVE-2023-22906\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-08T23:30:14.000000Z"}, {"uuid": "3a9828d8-a83f-4c6c-b60f-ad17e2bcb8da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22909", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10751", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22909\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.\n\ud83d\udccf Published: 2023-01-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T18:36:40.333Z\n\ud83d\udd17 References:\n1. https://phabricator.wikimedia.org/T320987\n2. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/", "creation_timestamp": "2025-04-07T18:46:03.000000Z"}, {"uuid": "825a7ffe-7c99-49f7-9a53-dcd1c135b6d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22906", "type": "published-proof-of-concept", "source": "Telegram/ZPMcjDl_YbbDJ3etZP3BqKChdYJaSzNeePm8ZdO0d0CqNg", "content": "", "creation_timestamp": "2023-07-11T14:57:43.000000Z"}, {"uuid": "01a1f648-50e5-4a1b-a134-6eecae9193e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22901", "type": "seen", "source": "https://t.me/cibsecurity/62963", "content": "\u203c CVE-2023-22901 \u203c\n\nChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator\u00e2\u20ac\u2122s privilege can exploit this vulnerability to access arbitrary system files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T07:42:53.000000Z"}, {"uuid": "9f44c765-819d-416e-8b7d-7ffbc5f2b2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22906", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3120", "content": "CVE-2023-22906\n\nA critical vulnerability that affects the Hero Qubo Smart Doorbell device running version HCD01_02_V1.38_20220125. This particular device allows Telnet access with root privileges by default, without requiring a password. \n\nhttps://github.com/nonamecoder/CVE-2023-22906\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bShellGhost\n\nA memory-based evasion technique which makes shellcode invisible from process start to end.\n\nhttps://github.com/lem0nSec/ShellGhost\n\n#infosec #pentesting #redteam\n\n\u200b\u200bOSCE3-Complete-Guide\n\nOSWE, OSEP, OSED, and OSEE Study Guide.\n\nhttps://github.com/CyberSecurityUP/OSCE3-Complete-Guide\n\n#infosec #pentesting #redteam\n\n\u200b\u200bRedCloud-OS\n\nA Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs).\n\nhttps://github.com/RedTeamOperations/RedCloud-OS\n\n#infosec #pentesting #redteam\n\n\u200b\u200b\ud83e\udd16 superman\n\nKill The Protected Process\n\nhttps://github.com/b1-team/superman\n\n#cybersecurity #infosec\n\n\u200b\u200bSatIntel\n\nSatIntel is an #OSINT tool for Satellites \ud83d\udef0. Extract satellite telemetry, receive orbital predictions, and parse T7LEs \ud83d\udd2d\n\nhttps://github.com/ANG13T/SatIntel\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-07-15T21:15:43.000000Z"}, {"uuid": "be690d60-678b-46be-a429-be36a164f8aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22906", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3864", "content": "\ud83d\udd30Hamer Candy Malaysian leak : https://system32.ink/hamer-candy-malaysian-leak/\n\n\ud83d\udd30Mituo China Leak : https://system32.ink/mituo-china-leak/\n\n\ud83d\udd30AdultFilmStarContent_com Leak : https://system32.ink/adultfilmstarcontent.com-leak/\n\n\ud83d\udd30CVE-2023-2133 Poc : https://system32.ink/cve-2023-2133-poc/\n\n\ud83d\udd30CVE-2023-36167 Poc : https://system32.ink/cve-2023-36167-poc/\n\n\ud83d\udd30CVE-2023-22906 Qubo Smart Doorbell device Exploit : https://system32.ink/cve-2023-22906-qubo-smart-doorbell-device-exploit/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-13T21:29:03.000000Z"}, {"uuid": "1875e28e-7553-4fd2-b6ca-fc026e89a37d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22906", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/700", "content": "https://github.com/nonamecoder/CVE-2023-22906\n#github", "creation_timestamp": "2023-07-09T14:13:16.000000Z"}, {"uuid": "99741e5a-7676-4388-832d-a30640e94865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22900", "type": "seen", "source": "https://t.me/cibsecurity/57211", "content": "\u203c CVE-2023-22900 \u203c\n\nEfence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T12:38:00.000000Z"}, {"uuid": "0a76a7ac-bcf9-4952-bde2-e7587901b838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22906", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8637", "content": "#exploit\n\"Report on Qubo IoT Device Vulnerability\", 2023.\n]-> https://github.com/nonamecoder/CVE-2023-22906", "creation_timestamp": "2023-07-09T13:03:01.000000Z"}]}