https://vulnerability.circl.lu/sightings/feed 2026-05-07T04:34:14.616087+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f31033b6-5063-4f93-82fb-3a027667e41b/export 2026-05-07T04:34:14.931015+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "f31033b6-5063-4f93-82fb-3a027667e41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35719", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3796", "content": "Searpy - Search Engine Tookit: https://www.system32.ink/2023/07/searpy-search-engine-tookit.html\n\nTelegram Desktop Session Stealer : https://www.system32.ink/2023/07/telegram-desktop-session-stealer.html\n\nContinental Tires Middle East (continental-me.com) data leak : https://www.system32.ink/2023/07/continental-tires-middle-east.html\n\nCVE-2023-35719 Exploit : https://www.system32.ink/2023/07/cve-2023-35719-exploit.html\n\nTURKEY REFUGEE database Leak : https://www.system32.ink/2023/07/turkey-refugee-database-leak.html\n\nTBCommunity (British fitness website) data leak : https://www.system32.ink/2023/07/tbcommunity-british-fitness-website.html\n\nwebmarketpoint_it data Leak : https://www.system32.ink/2023/07/webmarketpointit-data-leak.html\n\nZxCDDoS layer 4 and 7 ddos with cloudflare bypass : https://www.system32.ink/2023/07/zxcddos-layer-4-and-7-with-cloudflare.html\n\nSMShell - SMS-based shell : https://www.system32.ink/2023/07/smshell-sms-based-shell.html\n\nSheikh Hazza Bin Zayed Al Nahyan office data leak : https://www.system32.ink/2023/07/sheikh-hazza-bin-zayed-al-nahyan-office.html\n\nOffice Of Industrial Economics data leak : https://www.system32.ink/2023/07/office-of-industrial-economics-data-leak.html", "creation_timestamp": "2023-07-03T18:17:36.000000Z"} 2023-07-03T18:17:36+00:00 https://vulnerability.circl.lu/sighting/dc502b18-6939-4d67-8c49-5346164d9b01/export 2026-05-07T04:34:14.930926+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "dc502b18-6939-4d67-8c49-5346164d9b01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35719", "type": "published-proof-of-concept", "source": "Telegram/vvnkVVd6iAAlIYaGgGaJPmBHzufBXAbvPJbpjwHfpMqYPw", "content": "", "creation_timestamp": "2023-07-03T18:18:52.000000Z"} 2023-07-03T18:18:52+00:00 https://vulnerability.circl.lu/sighting/780dc255-3911-40bf-b5d5-9dfd85ca3fa1/export 2026-05-07T04:34:14.930837+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "780dc255-3911-40bf-b5d5-9dfd85ca3fa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35719", "type": "published-proof-of-concept", "source": "https://t.me/kasraone_com/350", "content": "\u0633\u0631\u0648\u0631 HTTP \u067e\u0627\u06cc\u062a\u0648\u0646 \u0628\u0631\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 CVE-2023-35719 / ZDI-23-891 (\u0639\u0628\u0648\u0631 \u0627\u0632 \u062a\u0623\u06cc\u06cc\u062f \u0647\u0648\u06cc\u062a \u062a\u0627 \u0634\u0644 SYSTEM \u062f\u0631 \u0645\u0634\u062a\u0631\u06cc Windows GINA ManageEngine ADSelfService Plus) \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0633\u0631\u0648\u0631 HTTP \u067e\u0627\u06cc\u062a\u0648\u0646 \u0631\u0648\u06cc \u0622\u062f\u0631\u0633 IP 13.33.37.1 \u0648 \u067e\u0648\u0631\u062a TCP 8888 \u06af\u0648\u0634 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u062f\u0631\u062e\u0648\u0627\u0633\u062a GET HTTP \u0631\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u062f \u0648 \u0628\u0627\u0631 HTML \u0645\u0634\u062e\u0635 \u0634\u062f\u0647 \u0631\u0627 \u0628\u0627\u0632\u06af\u0631\u062f\u0627\u0646\u062f. \u0622\u062f\u0631\u0633 IP 13.33.37.1 \u0631\u0627 \u0628\u0627 \u0647\u0631 \u0622\u062f\u0631\u0633 IP \u06a9\u0647 \u0646\u06cc\u0627\u0632 \u0628\u0647 \u062c\u0639\u0644 \u062f\u0627\u0631\u06cc\u062f (\u0622\u062f\u0631\u0633 \u0633\u0631\u0648\u0631 ADSelfService Plus) \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u06a9\u0646\u06cc\u062f \u0648 \u06cc\u06a9 \u0648\u0631\u0648\u062f\u06cc DNS \u0628\u0631\u0627\u06cc \u0646\u0627\u0645 \u062f\u0627\u0645\u0646\u0647 YOUR_DOMAIN_NAME \u0627\u0636\u0627\u0641\u0647 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0622\u062f\u0631\u0633 13.33.37.1 \u0627\u0634\u0627\u0631\u0647 \u06a9\u0646\u062f.", "creation_timestamp": "2023-07-05T19:32:18.000000Z"} 2023-07-05T19:32:18+00:00 https://vulnerability.circl.lu/sighting/d9cfbd82-cdf9-43cc-a4d2-af5c830d37d4/export 2026-05-07T04:34:14.930722+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "d9cfbd82-cdf9-43cc-a4d2-af5c830d37d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35719", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/821", "content": "CVE-2023-35719 : ManageEngine ADSelfService Plus GINA Client 4.2.9 >=\u00a06.3 Build 6301 - Authentication Bypass\u00a0To SYSTEM\u00a0shell\nPOC : https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/adselfpwnplus/adselfpwnplus.md", "creation_timestamp": "2023-08-14T16:30:50.000000Z"} 2023-08-14T16:30:50+00:00 https://vulnerability.circl.lu/sighting/9683b257-696e-478c-8f40-c271559ccd3f/export 2026-05-07T04:34:14.926980+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "9683b257-696e-478c-8f40-c271559ccd3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35719", "type": "seen", "source": "https://t.me/cibsecurity/69977", "content": "\u203c CVE-2023-35719 \u203c\n\nManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T12:18:02.000000Z"} 2023-09-06T12:18:02+00:00