{"vulnerability": "cve-2023-3166", "sightings": [{"uuid": "f7fafb77-d9db-4410-937b-efdeecda8c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31664", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3038", "content": "Tools - Hackers Factory \n\n\u200b\u200bPuredns\n\nA fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.\n\nhttps://github.com/d3mondev/puredns\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2021-41091\n\nThis exploit offers an in-depth look at the CVE-2021-41091 security vulnerability and provides a step-by-step guide on how to utilize the exploit script to achieve privilege escalation on a host.\n\nhttps://github.com/UncleJ4ck/CVE-2021-41091\n\n#cve #infosec #exploit\n\n\u200b\u200bSSH-Harvester\n\nHarvest passwords automatically from OpenSSH server.\n\nhttps://github.com/jm33-m0/SSH-Harvester\n\n#infosec #pentesting #redteam\n\n\u200b\u200bEATGuard\n\nImplementation of an export address table protection mitigation, like Export Address Filtering (EAF)\n\nhttps://github.com/connormcgarr/EATGuard\n\n#cybersecurity #infosec\n\n\u200b\u200bMS17-010 Exploit Code\n\nThis is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010.\n\nhttps://github.com/3ndG4me/AutoBlue-MS17-010\n\n#exploit #cybersecurity #infosec\n\n\u200b\u200bWSLHostPatcher\n\nDynamic patch WSL2 to listen port on any interfaces.\n\nhttps://github.com/CzBiX/WSLHostPatcher\n\n#cybersecurity #infosec\n\n\u200b\u200bIvySyn\n\nA fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.\n\nhttps://gitlab.com/brown-ssl/ivysyn\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-31664\n\nA reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 Api Manager below v4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.\n\nhttps://github.com/adilkhan7/CVE-2023-31664\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPowerLessShell\n\nPowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.\n\nhttps://github.com/Mr-Un1k0d3r/PowerLessShell\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSAP_Cloud_Connector_SSFS_Decryption\n\nThis repository offers a Proof of Concept (PoC) for decrypting SAP Cloud Connector SSFS. The core feature of this PoC is the exploitation of an exported function - getRecord, present in the libsapscc20jni.so file. The advantage is that you can decrypt the SSFS properties values WITHOUT REVERSING THE ECRYPTION ALGORITHM.\n\nhttps://github.com/redrays-io/SAP_Cloud_Connector_SSFS_Decryption\n\n#cybersecurity #infosec #poc\n\n\u200b\u200bFuzzing Templates\n\nCommunity curated list of fuzzing templates for the nuclei engine to find unknown security vulnerabilities.\n\nhttps://github.com/projectdiscovery/fuzzing-templates\n\n#pentesting #infosec #bugbounty\n\n\u200b\u200brebuff\n\nRebuff is designed to protect AI applications from prompt injection (PI) attacks through a multi-layered defense.\n\nhttps://github.com/woop/rebuff\n\n#cybersecurity #infosec\n\n\u200b\u200bDetection-Validation\n\nThe tool automates the process of simulating malicious process events without need to go through setup of real processes.\n\nhttps://github.com/alwashali/Detection-Validation\n\n#cybersecurity #infosec #malware\n\n\u200b\u200bMinefield\n\nThis is the PoC implementation for the USENIX 2022 paper Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks\n\nhttps://github.com/iaik/minefield\n\n#cybersecurity #infosec\n\n\u200b\u200bAfuzz \n\nAutomated web path fuzzing tool for the Bug Bounty projects.\n\nhttps://github.com/RapidDNS/Afuzz\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bdumpulator\n\nAn easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).\n\nhttps://github.com/mrexodia/dumpulator\n\n#malware #cybersecurity #infosec\n\n\u200b\u200bAtomicSyscall\n\nTools and PoCs for Windows syscall investigation.\n\nhttps://github.com/daem0nc0re/AtomicSyscall\n\n#infosec #pentesting #redteam\n\n\u200b\u200bezXSS\n\nezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.\n\nhttps://github.com/ssl/ezXSS\n\n#infosec #redteam #bugbounty\n\n\u200b\u200bhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-22T14:01:04.000000Z"}, {"uuid": "031e3e54-b771-47fa-bb6d-8c73257a1c0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31669", "type": "seen", "source": "Telegram/IG39RiGrW7gJiyLMBgeOT95luIkKjh2LnddMjfWryf7pf123", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}, {"uuid": "212007bd-6553-4ecf-bd60-c5e92d20646b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31664", "type": "seen", "source": "Telegram/zRWIAueIFVbIiy9IpUQnxPKFP58apDCXh8eej9wEV81qbl5o", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}, {"uuid": "8532134d-4d87-4558-9e9c-0a5f81d72352", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31664", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4380", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-31664 WSO2\nURL\uff1ahttps://github.com/adilkhan7/CVE-2023-31664\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-19T05:57:43.000000Z"}, {"uuid": "1122c204-b67c-454c-9515-77bf788846ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31669", "type": "seen", "source": "https://t.me/cibsecurity/64617", "content": "\u203c CVE-2023-31669 \u203c\n\nWebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (\").\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-23T16:25:14.000000Z"}, {"uuid": "bb3ef0ba-a24d-4e2c-9a5c-d66e2d9f79f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3166", "type": "seen", "source": "https://t.me/cibsecurity/66465", "content": "\u203c CVE-2023-3166 \u203c\n\nThe Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:35:24.000000Z"}, {"uuid": "f49b170a-633b-41f7-9b99-16faa2d1a256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31664", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8333", "content": "#exploit\n1. CVE-2023-31664:\nXSS in WSO2 API Manager\nhttps://github.com/adilkhan7/CVE-2023-31664\n\n2. CVE-2023-29919:\nArbitrary read file vulnerability in SolarView Compact <6.0\nhttps://github.com/xiaosed/CVE-2023-29919", "creation_timestamp": "2023-05-20T21:32:30.000000Z"}]}