{"vulnerability": "cve-2023-4387", "sightings": [{"uuid": "2ae7de3b-125a-4a82-9254-484de4618331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43874", "type": "seen", "source": "https://t.me/cibsecurity/71202", "content": "\u203c CVE-2023-43874 \u203c\n\nMultiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta &amp; Custom Tags Menu.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:57.000000Z"}, {"uuid": "c4fb15f9-e148-4c01-be48-47916f1c1aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43877", "type": "seen", "source": "https://t.me/cibsecurity/71650", "content": "\u203c CVE-2023-43877 \u203c\n\nRite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-05T02:12:11.000000Z"}, {"uuid": "c5bd5c4a-b88a-4509-9429-1dc404a3dea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43871", "type": "seen", "source": "https://t.me/cibsecurity/71199", "content": "\u203c CVE-2023-43871 \u203c\n\nA File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:54.000000Z"}, {"uuid": "d8a4c963-93a6-4282-bc39-50157de6f581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43873", "type": "seen", "source": "https://t.me/cibsecurity/71198", "content": "\u203c CVE-2023-43873 \u203c\n\nA Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:53.000000Z"}, {"uuid": "26df6471-53e9-44aa-966a-72af69e88af7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43879", "type": "seen", "source": "https://t.me/cibsecurity/71204", "content": "\u203c CVE-2023-43879 \u203c\n\nRite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:58.000000Z"}, {"uuid": "8bece5bc-58d4-4aa2-aa78-a9d215892c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43872", "type": "seen", "source": "https://t.me/cibsecurity/71201", "content": "\u203c CVE-2023-43872 \u203c\n\nA File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:56.000000Z"}, {"uuid": "30873b3e-9068-4e37-97f3-2b00086bcfb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43878", "type": "seen", "source": "https://t.me/cibsecurity/71194", "content": "\u203c CVE-2023-43878 \u203c\n\nRite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:48.000000Z"}, {"uuid": "6e58dbe9-8c53-497f-8c59-7e0e1f66a7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43876", "type": "seen", "source": "https://t.me/cibsecurity/71193", "content": "\u203c CVE-2023-43876 \u203c\n\nA Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T18:36:47.000000Z"}, {"uuid": "dc5325a3-c9bd-40e2-9879-42a7d5fb4296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43870", "type": "seen", "source": "https://t.me/ctinow/167473", "content": "https://ift.tt/AJdnWfo\nCVE-2023-43870 | Paxton Net2 up to 6.07 Root Certificate hard-coded credentials", "creation_timestamp": "2024-01-12T19:36:50.000000Z"}, {"uuid": "8b3f88ea-eed6-4753-840b-2ddfd8428856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4387", "type": "seen", "source": "https://t.me/cibsecurity/68682", "content": "\u203c CVE-2023-4387 \u203c\n\nA use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T22:50:12.000000Z"}, {"uuid": "709d4cb1-de7f-4981-ac32-d6514a44d220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43870", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10651", "content": "#exploit \n1. CVE-2023-6702:\nChrome Renderer 1day RCE via Type Confusion in Async Stack Trace\nhttps://github.com/kaist-hacking/CVE-2023-6702\n\n2. CVE-2023-43870:\nPaxton Net2 Root Certificate hard-coded credentials\nhttps://www.cryptic.red/post/shipping-your-private-key-cve-2023-43870-paxton-do-a-lenovo\n\n3. CVE-2024-5480:\nPyTorch Distributed RPC Framework RCE\nhttps://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3", "creation_timestamp": "2024-06-10T20:17:20.000000Z"}]}