{"vulnerability": "cve-2023-2595", "sightings": [{"uuid": "aad87591-5771-4649-a7dd-c74d949c7b9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-25951", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "951ae9c7-c2a4-449a-bef6-8eba3299057d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25950", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4908", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aHTTP3ONSTEROIDS - A research on CVE-2023-25950 where HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name.\nURL\uff1ahttps://github.com/dhmosfunk/HTTP3ONSTEROIDS\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-12T13:50:18.000000Z"}, {"uuid": "251f5652-c81c-4e49-a4dd-08282cea25e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25953", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2219", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25953\n\ud83d\udd39 Description: Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.\n\ud83d\udccf Published: 2023-05-23T00:00:00\n\ud83d\udccf Modified: 2025-01-17T21:47:04.078Z\n\ud83d\udd17 References:\n1. https://line.worksmobile.com/jp/release-notes/20230216/\n2. https://jvn.jp/en/jp/JVN01937209/", "creation_timestamp": "2025-01-17T21:56:52.000000Z"}, {"uuid": "8a6bf3a3-39cb-485f-a4b2-22305a1f35dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25957", "type": "seen", "source": "https://t.me/ics_cert/726", "content": "\u06a9\u0634\u0641 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0627\u0698\u0648\u0644 \u06cc\u06a9 \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 (SAML) \u062f\u0631 \u067e\u0644\u062a\u200c\u0641\u0631\u0645 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u0648 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 Mendix \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u062e\u0637\u0627\u0647\u0627\u06cc\u06cc \u062f\u0631 \u0627\u062c\u0631\u0627\u06cc \u0627\u0644\u06af\u0648\u0631\u06cc\u062a\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0627\u0633\u062a.  \n\n\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u062f\u0633\u062a\u0631\u0633\u06cc \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0628\u0647 \u06cc\u06a9 \u0628\u0631\u0646\u0627\u0645\u0647 \u06a9\u0627\u0631\u0628\u0631\u062f\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\n BDU: 2023-01260\n CVE-2023-25957\n\n \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0647\u0627 \u0631\u0627 \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n \u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0634\u0631\u0627\u06cc\u0637 \u0641\u0639\u0644\u06cc \u0648 \u062a\u062d\u0631\u06cc\u0645 \u0647\u0627\u06cc \u0627\u0639\u0645\u0627\u0644 \u0634\u062f\u0647\u060c \u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0647\u0627\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u06cc \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f.\n\n \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n - \u062a\u0646\u0638\u06cc\u0645 \"\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc\" \u0628\u0627\u06cc\u062f \u062f\u0631 \u062a\u0646\u0638\u06cc\u0645\u0627\u062a \u0645\u0627\u0698\u0648\u0644 SAML \u0641\u0639\u0627\u0644 \u0628\u0627\u0634\u062f.\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 \u0634\u062e\u0635 \u062b\u0627\u0644\u062b \u0628\u0631\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0631\u0628\u0631 (VPN \u0648 \u063a\u06cc\u0631\u0647) \u0628\u0647 \u0645\u062d\u0635\u0648\u0644 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u06cc \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u0639\u0645\u0648\u0645\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a).\n - \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc \u062a\u0634\u062e\u06cc\u0635 \u0646\u0641\u0648\u0630 \u0648 \u067e\u06cc\u0634\u06af\u06cc\u0631\u06cc.\n\n \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647:\n https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2023-03-30T20:00:06.000000Z"}, {"uuid": "4e4d5c85-6630-410f-8824-ffa00beb1470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25956", "type": "seen", "source": "Telegram/Lw7u-Xk6xSteuBiwyNzWX2LNGzfySroFN8WyCw6GBv2i6to", "content": "", "creation_timestamp": "2023-02-24T21:27:53.000000Z"}, {"uuid": "5b2dfad6-eca3-44fd-ace8-eae20e772eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25950", "type": "seen", "source": "Telegram/yHU1OxJhpQpr_Zc36Hmmz5LvNQXVaqQIpP2SOA6pRjfooSGp", "content": "", "creation_timestamp": "2025-02-14T10:03:09.000000Z"}, {"uuid": "9fcac149-701d-4533-8091-6f9511dbd0fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25955", "type": "seen", "source": "Telegram/R8-KR8G7DsglNzb08KPPvz8N2uLJSIkjLqINqDUtE3kqR69y", "content": "", "creation_timestamp": "2025-02-14T09:47:01.000000Z"}, {"uuid": "92c71c9c-dc45-4577-92a7-9aad3fe931f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25951", "type": "seen", "source": "https://t.me/ctinow/201179", "content": "https://ift.tt/mqnY9rp\nCVE-2023-25951 | Intel PROSet/Wireless WiFi/Killer WiFi prior 22.240 input validation (intel-sa-00947)", "creation_timestamp": "2024-03-06T10:11:38.000000Z"}, {"uuid": "fb33717a-784a-446e-90fe-99f690978d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25958", "type": "seen", "source": "https://t.me/cibsecurity/64039", "content": "\u203c CVE-2023-25958 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <=\u00c2\u00a02.1.4 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-12T20:26:59.000000Z"}, {"uuid": "003cb65c-1d39-47b5-a2fb-d50bb10e7988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25953", "type": "seen", "source": "https://t.me/cibsecurity/64596", "content": "\u203c CVE-2023-25953 \u203c\n\nCode injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-23T07:25:16.000000Z"}, {"uuid": "d2e714d5-6a18-426c-ad81-3238f969b4f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25954", "type": "seen", "source": "https://t.me/cibsecurity/62053", "content": "\u203c CVE-2023-25954 \u203c\n\nKYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-13T12:43:20.000000Z"}, {"uuid": "d110a1c8-17e8-4265-a05f-cd11d82e035c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2595", "type": "seen", "source": "https://t.me/cibsecurity/63610", "content": "\u203c CVE-2023-2595 \u203c\n\nA vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of the argument drop_services leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228397 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T16:38:51.000000Z"}, {"uuid": "a69cbb4b-588a-47e2-b477-63e67b7dd6a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25956", "type": "seen", "source": "https://t.me/cibsecurity/58868", "content": "\u203c CVE-2023-25956 \u203c\n\nGeneration of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-24T14:49:21.000000Z"}, {"uuid": "e62b7fb6-bfdc-47cd-8737-c7dd4f41912a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25954", "type": "seen", "source": "https://t.me/androidMalware/1848", "content": "Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware (CVE-2023-25954) \nhttps://www.kyoceradocumentsolutions.com/en/our-business/security/information/2023-04-11.html", "creation_timestamp": "2023-04-18T06:47:22.000000Z"}]}