{"vulnerability": "cve-2023-34599", "sightings": [{"uuid": "f3e6e370-9a88-4ca0-9476-0ab84f363f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34599", "type": "published-proof-of-concept", "source": "Telegram/UPOEOvXabxzuXPkJBAtH1OWP71MuzCeSWEouGFgNI1I0gw", "content": "", "creation_timestamp": "2023-06-24T16:36:58.000000Z"}, {"uuid": "40ae6d47-3394-4f68-af79-deffcc78f215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34599", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3726", "content": "\ud83d\udda5Instagram DOS Exploit: \n\n\ud83d\udd31Instagram App 287.0.0.22.85 - Denial of Service : https://www.system32.ink/2023/06/exploit-instagram-app-287002285-denial.html\n\n\ud83d\udda5Dataleaks:\n\n\ud83d\udd31Leland Campbell LLP Leak : https://www.system32.ink/2023/06/leland-campbell-llp-leak.html\n\n\ud83d\udd31Ulyanovsk Instrumentation and Repair Plant (uprz.ru) Data Leak : https://www.system32.ink/2023/06/ulyanovsk-instrumentation-and-repair.html\n\n\ud83d\udd31Yayasan Tifa (Tifa Foundation tifafoundation.id) Data Leak : https://www.system32.ink/2023/06/yayasan-tifa-tifa-foundation.html\n\n\ud83d\udd31National Institute of Cardiovascular Diseases, Bangladesh Data Leak : https://www.system32.ink/2023/06/national-institute-of-cardiovascular.html\n\n\ud83d\udd31{azadijobs_com} Bangladesh AzadiJob Company Data Leak : https://www.system32.ink/2023/06/azadijobscom-bangladesh-azadijob.html\n\n\ud83d\udda5Exploit & POC:\n\n\ud83d\udd31CVE-2023-35840 elFinder < 2.1.62 - Path Traversal vulnerability POC : https://www.system32.ink/2023/06/cve-2023-35840-elfinder-2162-path.html\n\n\ud83d\udd31CVE-2023-34599 POC - Multiple Cross-Site Scripting (XSS) in Gibbon v25.0.0 : https://www.system32.ink/2023/06/cve-2023-34599-poc-multiple-cross-site.html\n\n\ud83d\udda5Tools:\n\n\ud83d\udd31NimExec - Fileless Command Execution for Lateral Movement in Nim : https://www.system32.ink/2023/06/nimexec-fileless-command-execution-for.html\n\n\ud83d\udd31PrimusC2 - A C2 framework : https://www.system32.ink/2023/06/primusc2-c2-framework.html\n\n\ud83d\udda5Rat:\n\n\ud83d\udd31S500 Rat : https://www.system32.ink/2023/06/s500-rat-crack.html\n\n@crackcodes | crackcodes.in | system32.ink", "creation_timestamp": "2023-06-24T16:36:08.000000Z"}, {"uuid": "d195f6d8-e3e4-4cfc-b6af-c010bacff27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34599", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3093", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27  - Hackers Factory\n\n\u200b\u200bDao-Exploit\n\nCryptanalysis of the DAO exploit & Multi-Stage Attack.\n\nhttps://github.com/demining/Dao-Exploit\n\n#cybersecurity #infosec\n\n\u200b\u200bSLOOTH\n\nSlooth is an advanced vulnerability management system designed to help organizations stay ahead of security threats. By leveraging the Python NVD API wrapper and a REST API, Slooth fetches and organizes data about Common Vulnerabilities and Exposures (CVEs). It provides a unique identifier, the CVE ID, for stakeholders to discuss and research specific vulnerabilities.\n\nhttps://github.com/TheAxumite/SLOOTH-Security-Vulnerability-Search-and-Management\n\n#cve #cybersecurity #infosec\n\n\u200b\u200b\ud83d\udee1 VineShield\n\nObfuscation tool for all executing files and scripts written on python3\n\nhttps://github.com/Nick-Vinesmoke/VineShield\n\n#cybersecurity #infosec\n\n\u200b\u200bX-osint\n\nThis is an #OSINT tool which gathers useful and yet credible valid information about a phone number, user's email address and ip address and more to come in feature updates.\n\nhttps://github.com/TermuxHackz/X-osint\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34835\n\nCross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.\n\nhttps://github.com/sahiloj/CVE-2023-34835\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bThoth\n\nCairo/Starknet security toolkit (bytecode analyzer, disassembler, decompiler, symbolic execution, SBMC)\n\nhttps://github.com/FuzzingLabs/thoth\n\n#cybersecurity #infosec\n\n\u200b\u200bPROFILEGPT\n\nA tool for analyzing profiles and hashtags on Twitter. The application exploits various technologies and APIs to collect data and generate information for users.\n\nhttps://github.com/odiks/PROFILEGPT\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34599\n\nMultiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n\nhttps://github.com/maddsec/CVE-2023-34599\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bDaProfiler\n\n#OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to recover: Addresses, Social media accounts, e-mail addresses, mobile / landline number, jobs. On a specified subject in a limited time. \n\nhttps://github.com/daprofiler/DaProfiler\n\n#cybersecurity #infosec\n\n\u200b\u200bJormungandr \n\nA kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.\n\nhttps://github.com/Idov31/Jormungandr\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-26T23:00:10.000000Z"}, {"uuid": "54549073-d151-4b7d-956e-9ff16ad171a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34599", "type": "seen", "source": "https://t.me/cibsecurity/65727", "content": "\u203c CVE-2023-34599 \u203c\n\nMultiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T18:14:35.000000Z"}, {"uuid": "62615ccf-f039-497a-8180-3844b38f9007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34599", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8546", "content": "#exploit\n1. CVE-2023-34599:\nMultiple XSS vulnerabilities in Gibbon v25.0\nhttps://github.com/maddsec/CVE-2023-34599\n\n2. Cryptanalysis of the DAO exploit & Multi-Stage Attack\nhttps://github.com/demining/Dao-Exploit\n\n3. CVE-2022-31696:\nVMWare ESXI TCP Socket Keepalive Type Confusion LPE\nhttps://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe", "creation_timestamp": "2023-06-24T20:40:48.000000Z"}]}