{"vulnerability": "CVE-2023-2632", "sightings": [{"uuid": "f2321211-ce97-43f5-a62f-ee77e0a880b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ljitws43a52v", "content": "", "creation_timestamp": "2025-03-03T21:02:33.697490Z"}, {"uuid": "b73cb91b-2a51-45bd-b331-12832e2b8f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2632", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2647", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2632\n\ud83d\udd39 Description: Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.\n\ud83d\udccf Published: 2023-05-16T17:54:11.737Z\n\ud83d\udccf Modified: 2025-01-22T20:34:38.913Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146", "creation_timestamp": "2025-01-22T21:02:09.000000Z"}, {"uuid": "35252cd4-9cb5-4ac3-b9ca-9230fd8d9d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "published-proof-of-concept", "source": "https://t.me/YAH_Channel/806", "content": "CVE-2023-26326\n\u041c\u043e\u0449\u043d\u044e\u0447\u0438\u0439 \u0440\u0435\u0441\u0435\u0447 \u043d\u0430 RCE \u0447\u0435\u0440\u0435\u0437 \u043b\u044e\u0431\u043e\u0439 SSRF \u0432 PHP:\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "creation_timestamp": "2024-05-31T08:48:29.000000Z"}, {"uuid": "11989d24-3dad-4879-9e36-603c80db197a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7310", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26326\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.\n\ud83d\udccf Published: 2023-02-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T14:21:39.655Z\n\ud83d\udd17 References:\n1. https://www.tenable.com/security/research/tra-2023-7", "creation_timestamp": "2025-03-12T14:40:46.000000Z"}, {"uuid": "177df282-a3b4-4227-aa55-05e80d933458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26325", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26325\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.\n\ud83d\udccf Published: 2023-02-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T14:23:05.312Z\n\ud83d\udd17 References:\n1. https://www.tenable.com/security/research/tra-2023-2", "creation_timestamp": "2025-03-12T14:40:45.000000Z"}, {"uuid": "7a8fe5f6-6e00-49a4-b405-c29e9565f89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4313", "content": "RCE on Xiaomi 13 Pro (CVE-2023-26324)\n\ud83d\udc49Exploitation:\n1) Open URL in WebView\n2) Inject JavaScript\n3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload\n4) Get shell\n\n\ud83d\udc49Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf", "creation_timestamp": "2024-08-21T09:55:52.000000Z"}, {"uuid": "70ba7471-70f7-4e34-b1de-bd41690a713f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "seen", "source": "https://t.me/cyber_hsecurity/1615", "content": "\u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644:\n- \u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0627\u0644\u0625\u0635\u0644\u0627\u062d\u060c \u064a\u0645\u0643\u0646 \u0627\u0644\u0627\u0637\u0644\u0627\u0639 \u0639\u0644\u0649 [\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0641\u064a GitHub](https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210).\n\nALSED404:\nGG CISCO\n\u0627\u0633\u062a\u063a\u0644\u062a \u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u0635\u064a\u0646\u060c Velvet Ant\u060c \u200b\u200b\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 (CVE-2024-20399) \u0641\u064a \u0645\u0641\u0627\u062a\u064a\u062d Cisco \u0628\u0627\u0639\u062a\u0628\u0627\u0631\u0647\u0627 \u064a\u0648\u0645\u064b\u0627 \u0635\u0641\u0631\u064a\u064b\u0627 \u0644\u0644\u0633\u064a\u0637\u0631\u0629 \u0648\u0627\u0644\u062a\u0647\u0631\u0628 \u0645\u0646 \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html\n\nPayload:\nsite.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd\n============================\n#ALSED404\n\n\u0643\u0634\u0641\u062a \u0634\u0631\u0643\u0629 \u062c\u0648\u062c\u0644 \u0639\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0646\u0634\u0637 \u0644\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0645\u062a\u0635\u0641\u062d \u0643\u0631\u0648\u0645\u060c CVE-2024-7965\u060c \u0648\u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0635\u062d\u064a\u062d\u0647\u0627 \u0627\u0644\u0623\u0633\u0628\u0648\u0639 \u0627\u0644\u0645\u0627\u0636\u064a.\n\n\u0642\u062f \u064a\u0624\u062f\u064a \u0647\u0630\u0627 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a \u0645\u062d\u0631\u0643 V8 \u0627\u0644\u062e\u0627\u0635 \u0628\u0645\u062a\u0635\u0641\u062d Chrome \u0625\u0644\u0649 \u062a\u0645\u0643\u064a\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0646 \u0628\u0639\u062f.\n\u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0632\u064a\u062f: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html\n\u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b \u0645\u062a\u0635\u0641\u062d\u0643 \u0625\u0644\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0623\u062d\u062f\u062b.\n\nThe Smart Shadow:\n\ud83c\udd98CVE -2024-41109\n\u062a\u0648\u0641\u0631 \u062d\u0632\u0645\u0629 Admin Classic Bundle \u0645\u0646 Pimcore \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u062e\u0644\u0641\u064a\u0629 \u0644\u0628\u0631\u0646\u0627\u0645\u062c Pimcore. \u064a\u0624\u062f\u064a \u0627\u0644\u0627\u0646\u062a\u0642\u0627\u0644 \u0625\u0644\u0649 /admin/index/statistics \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0633\u062a\u062e\u062f\u0645 Pimcore \u0645\u0633\u062c\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u062a\u062b\u0628\u064a\u062a Pimcore \u0648\u0625\u0635\u062f\u0627\u0631 PHP \u0648\u0625\u0635\u062f\u0627\u0631 MYSQL \u0648\u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u0645\u062b\u0628\u062a\u0629 \u0648\u062c\u0645\u064a\u0639 \u062c\u062f\u0627\u0648\u0644 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0639\u062f\u062f \u0635\u0641\u0648\u0641\u0647\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645. \u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a 1.5.2 \u06481.4.6 \u06481.3.10.\n\n\ud83c\udd98CVE -2024-4188\n\u0642\u062f \u062a\u0633\u0645\u062d \u062b\u063a\u0631\u0629 \u0627\u0644\u0646\u0642\u0644 \u063a\u064a\u0631 \u0627\u0644\u0645\u062d\u0645\u064a \u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0641\u064a OpenText\u2122 Documentum\u2122 Server \u0628\u062d\u0634\u0648 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0639\u0644\u0649 Documentum\u2122 Server: \u0645\u0646 16.7 \u0625\u0644\u0649 23.4.\n\n\ud83d\udea8CVE -2024-34149\n\u0641\u064a Bitcoin Core \u062d\u062a\u0649 27.0 \u0648Bitcoin Knots \u0642\u0628\u0644 25.1.knots20231115\u060c \u064a\u0641\u062a\u0642\u0631 tapscript \u0625\u0644\u0649 \u0641\u062d\u0635 \u062d\u062f \u062d\u062c\u0645 \u0627\u0644\u0633\u064a\u0627\u0633\u0629\u060c \u0648\u0647\u064a \u0645\u0634\u0643\u0644\u0629 \u0645\u062e\u062a\u0644\u0641\u0629 \u0639\u0646 CVE-2023-50428. \u0645\u0644\u0627\u062d\u0638\u0629: \u062a\u0639\u0627\u0631\u0636 \u0628\u0639\u0636 \u0627\u0644\u0623\u0637\u0631\u0627\u0641 \u0641\u062d\u0635 \u0627\u0644\u062d\u062f \u0627\u0644\u062c\u062f\u064a\u062f \u0647\u0630\u0627 (\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0644\u0623\u0646\u0647\u0645 \u064a\u062a\u0641\u0642\u0648\u0646 \u0645\u0639 \u0627\u0644\u0647\u062f\u0641 \u0644\u0643\u0646\u0647\u0645 \u064a\u062e\u062a\u0644\u0641\u0648\u0646 \u0645\u0639 \u0627\u0644\u0622\u0644\u064a\u0629 \u0627\u0644\u0641\u0646\u064a\u0629\u060c \u0623\u0648 \u0644\u0623\u0646 \u0644\u062f\u064a\u0647\u0645 \u0647\u062f\u0641\u064b\u0627 \u0645\u062e\u062a\u0644\u0641\u064b\u0627).\n\n\ud83d\udea8CVE -2024-6904\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \u062d\u0631\u062c\u0629 \u0641\u064a SourceCodester Record Management System 1.0. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u062c\u0632\u0621 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 sort2_user.php. \u064a\u0624\u062f\u064a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062a\u0623\u0647\u064a\u0644 \u0627\u0644\u0648\u0633\u064a\u0637\u0629 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL. \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0628\u062f\u0621 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0646 \u0628\u0639\u062f. \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0639\u0627\u0645\u0629 \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u062a\u0645 \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0641 VDB-271929 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629.\n\nALSED404:\n\u062a\u0633\u062a\u063a\u0644 \u0645\u062c\u0645\u0648\u0639\u0629 Mustang Panda APT \u0628\u0631\u0646\u0627\u0645\u062c VS Code \u0644\u0627\u0633\u062a\u0647\u062f\u0627\u0641 \u062d\u0643\u0648\u0645\u0627\u062a \u062c\u0646\u0648\u0628 \u0634\u0631\u0642 \u0622\u0633\u064a\u0627. \u0648\u064a\u0633\u0645\u062d \u0647\u0630\u0627 \u0644\u0644\u0645\u062a\u0633\u0644\u0644\u064a\u0646 \u0628\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0646\u0634\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0639\u0628\u0631 \u0648\u0627\u062c\u0647\u0629 VS Code \u0627\u0644\u0639\u0643\u0633\u064a\u0629.\n\u0627\u0642\u0631\u0623 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2024/09/chinese-hackers-exploit-visual-studio.html\n\u0642\u0645 \u0628\u062a\u0639\u0632\u064a\u0632 \u0627\u0644\u062f\u0641\u0627\u0639\u0627\u062a \u0627\u0644\u0622\u0646 - \u0631\u0627\u0642\u0628 \u0647\u0630\u0647 \u0627\u0644\u062a\u0643\u062a\u064a\u0643\u0627\u062a!\n\nThe Smart Shadow:\n\ud83d\udea8CVE -2024-6904\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \u062d\u0631\u062c\u0629 \u0641\u064a SourceCodester Record Management System 1.0. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u062c\u0632\u0621 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 sort2_user.php. \u064a\u0624\u062f\u064a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062a\u0623\u0647\u064a\u0644 \u0627\u0644\u0648\u0633\u064a\u0637\u0629 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL. \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0628\u062f\u0621 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0646 \u0628\u0639\u062f. \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0639\u0627\u0645\u0629 \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u062a\u0645 \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0641 VDB-271929 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629.\n\n\u062a\u0640\u0640\u0634\u0640\u0640\u0627\u0631\u0648\u0646\u1d9c\u02b0\u1d43\u02b3\u1d52\u207f\ud81a\udd54\u0f04:\n- CVE-2024-46049 - Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.\n\n- CVE-2024-46049 - \u064a\u062d\u062a\u0648\u064a \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u062b\u0627\u0628\u062a Tenda O6 V3.0 V1.0.0.7(2054) \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u062c\u0627\u0648\u0632 \u0633\u0639\u0629 \u0627\u0644\u0645\u0643\u062f\u0633 \u0641\u064a \u0648\u0638\u064a\u0641\u0629 formexeCommand.\n\nALSED404:\nCVE-2023-26324: \u062b\u063a\u0631\u0629 \u062a\u0646\u0641\u064a\u0630 \u0643\u0648\u062f \u0641\u064a \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps\n\u0645\u0627 \u0647\u064a \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n\u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps\u060c \u0648\u0647\u0648 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0631\u0633\u0645\u064a \u0644\u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0639\u0644\u0649 \u0647\u0648\u0627\u062a\u0641 \u0634\u0627\u0648\u0645\u064a. \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0646\u0641\u064a\u0630 \u0623\u064a \u0643\u0648\u062f \u062e\u0628\u064a\u062b \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0637\u064a\u0647\u0645 \u0633\u064a\u0637\u0631\u0629 \u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u064a\u0647.\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n\u062a\u062d\u062f\u062b \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0633\u0628\u0628 \u0648\u062c\u0648\u062f \u062e\u0644\u0644 \u0641\u064a \u0622\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u062d\u0645\u064a\u0644\u0647\u0627 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642. \u0647\u0630\u0627 \u0627\u0644\u062e\u0644\u0644 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0636\u0645\u064a\u0646 \u0643\u0648\u062f \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u062d\u0632\u0645\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u0648\u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0647\u0630\u0627 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631.\n\u0645\u0627 \u0647\u064a \u0627\u0644\u0645\u062e\u0627\u0637\u0631 \u0627\u0644\u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n * \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632\u060c \u0645\u062b\u0644 \u0627\u0644\u0635\u0648\u0631 \u0648\u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0648\u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0634\u062e\u0635\u064a\u0629.\n * \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0639\u0646 \u0628\u0639\u062f\u060c \u0648\u062a\u062b\u0628\u064a\u062a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0623\u062e\u0631\u0649\u060c \u0648\u062a\u063a\u064a\u064a\u0631 \u0627\u0644\u0625\u0639\u062f\u0627\u062f\u0627\u062a\u060c \u0648\u062d\u062a\u0649 \u062d\u0630\u0641 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.", "creation_timestamp": "2024-12-13T19:00:23.000000Z"}, {"uuid": "4dc28efe-558b-48d4-bfa1-146ba20c84b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "seen", "source": "https://t.me/cvedetector/4317", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26324 - Xiaomi GetApps Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-26324 \nPublished : Aug. 28, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T10:57:15.000000Z"}, {"uuid": "6e728e38-bdd6-44bc-8714-6ba25b5520f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26323", "type": "seen", "source": "https://t.me/cvedetector/4316", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26323 - Xiaomi App Market Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-26323 \nPublished : Aug. 28, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T10:57:14.000000Z"}, {"uuid": "64eddfd4-15dd-40fe-8ff9-1be7bc5578b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "Telegram/XiItlvY0oVXwwVbVROaejN_6bJzNbhXMTTrms8JbUQxHJ90", "content": "", "creation_timestamp": "2024-08-23T05:00:07.000000Z"}, {"uuid": "4f852d9d-80a7-4370-865a-12ec9fbdb05d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26321", "type": "seen", "source": "https://t.me/cvedetector/4319", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26321 - Xiaomi File Manager Code Execution Through Path Traversal\", \n  \"Content\": \"CVE ID : CVE-2023-26321 \nPublished : Aug. 28, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T10:57:16.000000Z"}, {"uuid": "c4f4d88d-ec00-4641-a41f-47186c8681c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26322", "type": "seen", "source": "https://t.me/cvedetector/4318", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-26322 - XiaomiGetApps Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-26322 \nPublished : Aug. 28, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-28T10:57:16.000000Z"}, {"uuid": "4797092a-9c0c-4dac-b616-3ce996ec646a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "https://t.me/BlackHat0Hackers/2985", "content": "RCE on Xiaomi 13 Pro (CVE-2023-26324)\n\ud83d\udc49Exploitation:\n1) Open URL in WebView\n2) Inject JavaScript\n3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload\n4) Get shell\n\n\ud83d\udc49Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf", "creation_timestamp": "2024-08-21T15:24:08.000000Z"}, {"uuid": "c34f263b-4862-4c09-8b36-21af3d43060a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "seen", "source": "Telegram/w1CP5hLphUG1cl5XR8NgQun8MIjBvUJJmqCt4nuRy5Sjcg3n", "content": "", "creation_timestamp": "2024-10-30T20:14:08.000000Z"}, {"uuid": "877599dc-c3a4-4573-9b4e-67dd2f98c6d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2632", "type": "seen", "source": "https://t.me/cibsecurity/64260", "content": "\u203c CVE-2023-2632 \u203c\n\nJenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T22:30:53.000000Z"}, {"uuid": "a3b83d2d-25fc-4406-8ad1-4815b84d7ab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26320", "type": "seen", "source": "https://t.me/cibsecurity/72061", "content": "\u203c CVE-2023-26320 \u203c\n\nImproper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T12:17:15.000000Z"}, {"uuid": "a31be273-f11a-4d03-af4b-8505dfdc3582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "published-proof-of-concept", "source": "Telegram/Jcz8p22MvmwAhBG5Fy50RK8-sXwLhyt48n06uP5R6U-giBw", "content": "", "creation_timestamp": "2025-02-02T10:00:06.000000Z"}, {"uuid": "830b0539-bc4a-45c0-9588-85e670aaabfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26327", "type": "seen", "source": "https://t.me/cibsecurity/60936", "content": "\u203c CVE-2023-26327 \u203c\n\nAdobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:39:58.000000Z"}, {"uuid": "b3126505-bcc6-49de-9491-ddafc24f8330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "seen", "source": "https://t.me/cibsecurity/58821", "content": "\u203c CVE-2023-26326 \u203c\n\nThe BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T22:18:47.000000Z"}, {"uuid": "a6f2ec29-8aa9-4025-9e75-8140e9d03630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26325", "type": "seen", "source": "https://t.me/cibsecurity/58817", "content": "\u203c CVE-2023-26325 \u203c\n\nThe 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T22:18:40.000000Z"}, {"uuid": "3927e06d-34fb-4de4-b1d8-47e71880c885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2313", "content": "RCE on Xiaomi 13 Pro (CVE-2023-26324)\n\ud83d\udc49Exploitation:\n1) Open URL in WebView\n2) Inject JavaScript\n3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload\n4) Get shell\n\n\ud83d\udc49Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf", "creation_timestamp": "2024-10-01T16:51:06.000000Z"}, {"uuid": "554c7acb-aa5a-4dba-ba06-31a20289432f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9048", "content": "RCE on Xiaomi 13 Pro (CVE-2023-26324)\n\ud83d\udc49Exploitation:\n1) Open URL in WebView\n2) Inject JavaScript\n3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload\n4) Get shell\n\n\ud83d\udc49Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf", "creation_timestamp": "2024-08-21T11:45:33.000000Z"}]}