{"vulnerability": "CVE-2023-27327", "sightings": [{"uuid": "bd84a50c-a57f-4ae8-8fd6-815042c375d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27327", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4326", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploits for CVE-2023-27327 and CVE-2023-27328\nURL\uff1ahttps://github.com/kn32/parallels-plist-escape\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-05-09T20:26:33.000000Z"}, {"uuid": "fafd7525-1b66-403d-a2c9-6734a5838c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27327", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8270", "content": "#exploit\n1.CVE-2023-20052:\nInformation leak vulnerability in the DMG file parser of ClamAV\nhttps://github.com/nokn0wthing/CVE-2023-25002\n\n2. Exploits for CVE-2023-27327, CVE-2023-27328\n(Parallels Desktop VM)\nhttps://github.com/kn32/parallels-plist-escape\n\n3. CVE-2023-28231:\nDHCP Server RCE (2008 R2 SP1 - Server 2019)\nhttps://github.com/glavstroy/CVE-2023-28231", "creation_timestamp": "2023-05-10T11:03:01.000000Z"}, {"uuid": "30e3693e-d146-4e77-9825-ff850c130987", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27327", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2976", "content": "Tools - Hackers Factory \n\nGetLAPSPassword\n\nA feeble attempt at writing a LAPS dumping tool that supports both NTLM and Kerberos auth using the impacket library.\n\nhttps://github.com/dru1d-foofus/GetLAPSPassword\n\n#infosec #pentesting #redteam\n\nAwesome Google VRP Writeups\n\nA list of writeups from the Google VRP Bug Bounty program.\n\nhttps://github.com/xdavidhu/awesome-google-vrp-writeups\n\n#cybersecurity #infosec #bugbounty\n\nJava Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)\n\nGet a working portable Python/Git/Java environment on Windows in SECONDS without having local administrator, regardless of your broken Python environment. Our open-source script downloads directly from proper sources without any binaries. While the code may not be perfect, it includes many useful PowerShell tricks.\n\nhttps://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy\n\n#cybersecurity #infosec\n\nPPEnum\n\nSimple BOF to read the protection level of a process.\n\nhttps://github.com/rasta-mouse/PPEnum\n\n#infosec #pentesting #redteam\n\nAwesome Symbolic Execution\n\nA curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.\n\nhttps://github.com/ksluckow/awesome-symbolic-execution\n\n#cybersecurity #infosec\n\nHPHardwareDiagnostics-PoC\n\nPoC exploit for HP Hardware Diagnostic's EtdSupp driver\n\nhttps://github.com/alfarom256/HPHardwareDiagnostics-PoC\n\n#cve #poc #exploit\n\nBuffer-Overflow-Stack-Smash\n\nExample of buffer overflow exploit from Aleph1's article \"Smashing the Stack for Fun and Profit\"\n\nhttps://github.com/CYoshioB/Buffer-Overflow-Stack-Smash\n\n#infosec #pentesting #redteam\n\nKraken\n\nGenerate a report with charts and statistics about cracked passwords in XLSX format.\n\nhttps://github.com/hnsecurity/kraken\n\nDetails:\nhttps://security.humanativaspa.it/cracked-password-analytics-with-kraken\n\n#cybersecurity #infosec\n\nparallels-plist-escape\n\nThis repository contains exploits for CVE-2023-27327 and CVE-2023-27328, which can be used together to escape a Parallels Desktop virtual machine, prior to Parallels Desktop 18.1.1.\n\nhttps://github.com/kn32/parallels-plist-escape\n\n#cve #cybersecurity #infosec\n\nPPLFault\n\nExploits a TOCTOU in Windows Code Integrity to achieve arbitrary code execution as WinTcb-Light then dump a specified process. For more details on the exploit, see my slides and/or talk.\n\nhttps://github.com/gabriellandau/PPLFault\n\n#cybersecurity #infosec\n\nExploit Notes\n\nSearch hacking techniques and tools for penetration testings, bug bounty, CTF.\n\nhttps://github.com/hideckies/exploit-notes\n\nWeb:\nhttps://exploit-notes.hdks.org/\n\n#infosec #pentesting #redteam\n\nThe SSH library!\n\nlibssh is a multiplatform C library implementing the SSHv2 protocol on client and server side. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel, manage public keys and much more ...\n\nhttps://gitlab.com/libssh/libssh-mirror\n\nWebsite:\nhttps://www.libssh.org/\n\n#cybersecurity #infosec #privacy\n\nApkHack-BackDoor\n\nA shell script that simplifies the process of adding a backdoor to any Android APK file.\n\nhttps://github.com/BitWalls-ops/ApkHack-BackDoor\n\n#infosec #pentesting #redteam\n\nTh3Inspector  \n\nBest Tool For Information Gathering \ud83d\udd0e\n\nhttps://github.com/Moham3dRiahi/Th3inspector\n\n#OSINT #recon #infosec\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-05-12T18:37:54.000000Z"}]}