{"vulnerability": "cve-2023-34840", "sightings": [{"uuid": "5dde393a-1509-440f-a59a-401de2ef2c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34840", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3099", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27 \ud83d\udd28  - Hackers Factory \n\n\u200b\u200bosquery-defense-kit\n\nODK (osquery-defense-kit) is unique in that the queries are designed to be used as part of a production detection & response pipeline. The detection queries are formulated to return zero rows during normal expected behavior, so that they may be configured to generate alerts when rows are returned.\n\nhttps://github.com/chainguard-dev/osquery-defense-kit\n\n#cybersecurity #infosec\n\n\u200b\u200bSAFIREFUZZ\n\nA throughput-optimized rehosting and fuzzing framework for ARM Cortex-M firmware. It takes monolithic binary-only firmware images and uses high-level emulation (HLE) and dynamic binary rewriting to run them on far more powerful hardware with low overhead.\n\nhttps://github.com/pr0me/SAFIREFUZZ\n\n#cybersecurity #infosec\n\n\u200b\u200bGoogle CTF\n\nThis repository lists most of the challenges used in the Google CTF since 2017, as well as most of the infrastructure that can be used to run them.\n\nhttps://github.com/google/google-ctf\n\n#CTF #cybersecurity #infosec\n\n\u200b\u200breveng_rtkit\n\nLinux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.\n\nhttps://github.com/reveng007/reveng_rtkit\n\n#infosec #pentesting #redteam\n\n\u200b\u200bPwnDoc-ng\n\nA pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. \n\nhttps://github.com/pwndoc-ng/pwndoc-ng\n\n#cybersecurity #infosec #pentesting\n\nPwnDoc-Vulns\n\nA collection of vuln templates you can import and use together with PwnDoc or PwnDoc-NG.\n\nhttps://github.com/LuemmelSec/PwnDoc-Vulns\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bVulnx\n\nAn intelligent bot auto shell injector that detects vulnerabilities in multiple types of cms.\n\nhttps://github.com/anouarbensaad/vulnx\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bReview Analyzer\n\nA #Chrome Extension for #extracting valuable insights from reviews, generating concise summaries, sentiment analysis, and keyword extraction.\n\nhttps://github.com/serpapi/review-analyzer\n\n\u200b\u200bCVE-2023-34840\n\nAll versions in angular-ui-notification are vulnerable to XSS due to the library not sanitizing the input provided by the user.\n\nhttps://github.com/Xh4H/CVE-2023-34840\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34598\n\nGibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n\nhttps://github.com/maddsec/CVE-2023-34598\n\n#cve #cybersecurity #infosec\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-28T15:25:39.000000Z"}, {"uuid": "20e91836-109c-459b-8293-c5aeced7d889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34840", "type": "published-proof-of-concept", "source": "Telegram/6PZKKGQl03Vi6ZEkQInhbXHc7Cdk1szybYRTzghfbAVd-Q", "content": "", "creation_timestamp": "2023-07-02T10:21:51.000000Z"}, {"uuid": "dcc83f4d-680e-4e1d-8567-a8e2ca4c4671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34840", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3787", "content": "\ud83d\udcdfDataLeak:\n\n\ud83d\udcccAsia Vital Components Leak : https://www.system32.ink/2023/06/asia-vital-components-leak.html\n\n\ud83d\udcccposkok_info Data Leak : https://www.system32.ink/2023/06/poskokinfo-data-leak.html\n\n\ud83d\udcccGeotecsacr Digital Marketing Agency Leak : https://www.system32.ink/2023/06/geotecsacr-digital-marketing-agency-leak.html\n\n\ud83d\udcccDarkForum Leak : https://www.system32.ink/2023/06/darkforums-data-leak.html\n\n\ud83d\udcccRussian Champion Tennis Club in Tomsk Leak : https://www.system32.ink/2023/06/russian-champion-tennis-club-in-tomsk.html\n\n\ud83e\uddeeExploits:\n\n\ud83d\udcccLightdash Exploit (CVE-2023-35844) : https://www.system32.ink/2023/06/lightdash-exploit-cve-2023-35844.html\n\n\ud83d\udcccCVE-2023-33140 OneNote Exploit : https://www.system32.ink/2023/06/cve-2023-33140-onenote-exploit.html\n\n\ud83d\udcccCVE-2023-34840 XSS POC OF angular-ui-notification : https://www.system32.ink/2023/06/cve-2023-34840-xss-poc-of-angular-ui.html\n\n\u2699\ufe0fTools:\n\n\ud83d\udcccCrackMapExec : https://www.system32.ink/2023/06/crackmapexec.html\n\n\ud83d\udcccSAFIREFUZZ - Same-Architecture Firmware Rehosting and Fuzzing : https://www.system32.ink/2023/06/safirefuzz-same-architecture-firmware.html\n\n\ud83d\udcccPwnDoc-ng - Pentest Report Generator : https://www.system32.ink/2023/06/pwndoc-ng-pentest-report-generator.html\n\n\ud83d\udcccVulnX - An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms : https://www.system32.ink/2023/06/vulnx-intelligent-bot-auto-shell.html\n\n\ud83d\udcccNetwork Signal Guru APK : https://www.system32.ink/2023/06/network-signal-guru-apk.html\n\n\ud83d\udcccGoogle CTF : https://www.system32.ink/2023/06/google-ctf.html\n\n\ud83e\udda0Rootkit ANd RAT:\n\n\ud83d\udccc888 RAT New Version 2023 ( 1.2.6 Full Setup ) For Lifetime : https://www.system32.ink/2023/06/888-rat-new-version-2023-126-full-setup.html\n\n\ud83d\udcccreveng_rtkit Rootkit : https://www.system32.ink/2023/06/revengrtkit-rootkit.html", "creation_timestamp": "2023-07-02T12:30:36.000000Z"}, {"uuid": "8039b251-6b04-405d-b206-5f5db72bfb63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34840", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3767", "content": "\ud83d\udcdfDataLeak:\n\n\ud83d\udcccAsia Vital Components Leak : https://www.system32.ink/2023/06/asia-vital-components-leak.html\n\n\ud83d\udcccposkok_info Data Leak : https://www.system32.ink/2023/06/poskokinfo-data-leak.html\n\n\ud83d\udcccGeotecsacr Digital Marketing Agency Leak : https://www.system32.ink/2023/06/geotecsacr-digital-marketing-agency-leak.html\n\n\ud83d\udcccDarkForum Leak : https://www.system32.ink/2023/06/darkforums-data-leak.html\n\n\ud83d\udcccRussian Champion Tennis Club in Tomsk Leak : https://www.system32.ink/2023/06/russian-champion-tennis-club-in-tomsk.html\n\n\ud83e\uddeeExploits:\n\n\ud83d\udcccLightdash Exploit (CVE-2023-35844) : https://www.system32.ink/2023/06/lightdash-exploit-cve-2023-35844.html\n\n\ud83d\udcccCVE-2023-33140 OneNote Exploit : https://www.system32.ink/2023/06/cve-2023-33140-onenote-exploit.html\n\n\ud83d\udcccCVE-2023-34840 XSS POC OF angular-ui-notification : https://www.system32.ink/2023/06/cve-2023-34840-xss-poc-of-angular-ui.html\n\n\u2699\ufe0fTools:\n\n\ud83d\udcccCrackMapExec : https://www.system32.ink/2023/06/crackmapexec.html\n\n\ud83d\udcccSAFIREFUZZ - Same-Architecture Firmware Rehosting and Fuzzing : https://www.system32.ink/2023/06/safirefuzz-same-architecture-firmware.html\n\n\ud83d\udcccPwnDoc-ng - Pentest Report Generator : https://www.system32.ink/2023/06/pwndoc-ng-pentest-report-generator.html\n\n\ud83d\udcccVulnX - An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms : https://www.system32.ink/2023/06/vulnx-intelligent-bot-auto-shell.html\n\n\ud83d\udcccNetwork Signal Guru APK : https://www.system32.ink/2023/06/network-signal-guru-apk.html\n\n\ud83d\udcccGoogle CTF : https://www.system32.ink/2023/06/google-ctf.html\n\n\ud83e\udda0Rootkit ANd RAT:\n\n\ud83d\udccc888 RAT New Version 2023 ( 1.2.6 Full Setup ) For Lifetime : https://www.system32.ink/2023/06/888-rat-new-version-2023-126-full-setup.html\n\n\ud83d\udcccreveng_rtkit Rootkit : https://www.system32.ink/2023/06/revengrtkit-rootkit.html", "creation_timestamp": "2023-06-28T21:51:53.000000Z"}, {"uuid": "779bf0bc-e964-4611-8638-e30f40e7749d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34840", "type": "seen", "source": "https://t.me/cibsecurity/65812", "content": "\u203c CVE-2023-34840 \u203c\n\nangular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-01T06:08:49.000000Z"}, {"uuid": "111ffe49-5b1c-4c71-a66e-9ba7b22d11f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34840", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8570", "content": "#exploit\n1. CVE-2023-35844:\nLightdash routers path traversal\nhttps://github.com/Szlein/CVE-2023-35844\n\n2. CVE-2023-34840:\nXSS in angular-ui-notification\nhttps://github.com/Xh4H/CVE-2023-34840\n\n3. Office Suite Premium 10.9.1 - Cross Site Scripting\nhttps://packetstormsecurity.com/files/173143", "creation_timestamp": "2023-06-28T18:46:56.000000Z"}]}