{"vulnerability": "CVE-2023-2710", "sightings": [{"uuid": "f4f7742e-bd79-433f-84e2-b92de394958c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27100", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5395", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27100\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.\n\ud83d\udccf Published: 2023-03-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-25T21:10:13.968Z\n\ud83d\udd17 References:\n1. https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc\n2. https://redmine.pfsense.org/issues/13574\n3. http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html", "creation_timestamp": "2025-02-25T21:28:01.000000Z"}, {"uuid": "e6b6f158-8202-435b-9a76-0658c3065454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27107", "type": "seen", "source": "https://t.me/cibsecurity/62953", "content": "\u203c CVE-2023-27107 \u203c\n\nIncorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T02:26:08.000000Z"}, {"uuid": "6e96ee58-b920-488e-8625-a4b5fdd58fa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2710", "type": "seen", "source": "https://t.me/cibsecurity/64198", "content": "\u203c CVE-2023-2710 \u203c\n\nThe video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T13:20:47.000000Z"}, {"uuid": "5929dd49-4ae0-4c4e-bcdf-b29255c54b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27105", "type": "seen", "source": "https://t.me/cibsecurity/62809", "content": "\u203c CVE-2023-27105 \u203c\n\nA vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T18:25:04.000000Z"}, {"uuid": "1cc08ff5-d9e6-4cf3-8a80-03c2a1220988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27100", "type": "seen", "source": "https://t.me/cibsecurity/60539", "content": "\u203c CVE-2023-27100 \u203c\n\nImproper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T01:36:10.000000Z"}, {"uuid": "8b1a9bf2-22b7-4012-9d54-68eaa826a80d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27103", "type": "seen", "source": "https://t.me/cibsecurity/60054", "content": "\u203c CVE-2023-27103 \u203c\n\nLibde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T17:24:51.000000Z"}, {"uuid": "3b7a44b1-5c39-428e-9f87-01ee5b670714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27102", "type": "seen", "source": "https://t.me/cibsecurity/60059", "content": "\u203c CVE-2023-27102 \u203c\n\nLibde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T17:25:00.000000Z"}]}