{"vulnerability": "CVE-2023-2747", "sightings": [{"uuid": "88a10d27-7542-44b3-b2cf-9fbc755c1134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27470", "type": "seen", "source": "Telegram/urKfUIs75lRjZXAmlkHLP_plyGovn1ctGnqAMZdpi6gYWA", "content": "", "creation_timestamp": "2023-09-14T13:06:36.000000Z"}, {"uuid": "7aa64b83-78af-4b2c-b3b3-1d3a588136db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27470", "type": "seen", "source": "https://t.me/KomunitiSiber/789", "content": "N-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation\nhttps://thehackernews.com/2023/09/n-ables-take-control-agent.html\n\nA high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges.\nTracked as\u00a0CVE-2023-27470\u00a0(CVSS score: 8.8), the\u00a0issue\u00a0relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows", "creation_timestamp": "2023-09-14T12:39:53.000000Z"}, {"uuid": "96ea13c0-af2c-4c8d-9cc5-38f2a2b3b602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27470", "type": "published-proof-of-concept", "source": "Telegram/pCOoOvc6doS4DGWYGuKS-n_PHh0PEu-K6t1IortmCksSsHw", "content": "", "creation_timestamp": "2023-09-17T15:09:46.000000Z"}, {"uuid": "c0696d27-1e5f-41bc-8457-e963de3e919b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27471", "type": "seen", "source": "https://t.me/cibsecurity/68842", "content": "\u203c CVE-2023-27471 \u203c\n\nAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-18T22:38:25.000000Z"}, {"uuid": "4c304efe-5d7a-480e-95b8-69b25c0303f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27474", "type": "seen", "source": "https://t.me/cibsecurity/59498", "content": "\u203c CVE-2023-27474 \u203c\n\nDirectus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T20:12:56.000000Z"}, {"uuid": "a33cbc87-8ad9-4c4c-ac5b-87cd7f664d97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27478", "type": "seen", "source": "https://t.me/cibsecurity/59595", "content": "\u203c CVE-2023-27478 \u203c\n\nlibmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:34.000000Z"}, {"uuid": "13f7c6ac-111b-4898-bb68-5cd07f794564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27472", "type": "seen", "source": "https://t.me/cibsecurity/59505", "content": "\u203c CVE-2023-27472 \u203c\n\nquickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T22:13:07.000000Z"}, {"uuid": "b05ecc5d-aae7-4ff7-9b52-e9534b4b99dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27477", "type": "seen", "source": "https://t.me/cibsecurity/59702", "content": "\u203c CVE-2023-27477 \u203c\n\nwasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-09T00:23:16.000000Z"}, {"uuid": "8d1b1695-981a-4a24-9814-2d0d41cd97a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27479", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/59614", "content": "\u203c CVE-2023-27479 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"Hello \" + \"from groovy!\"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T22:23:18.000000Z"}, {"uuid": "2bfc3683-42af-4bf8-8933-5ab4f18686b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27475", "type": "seen", "source": "https://t.me/cibsecurity/59601", "content": "\u203c CVE-2023-27475 \u203c\n\nGoutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-07T20:23:43.000000Z"}, {"uuid": "0da1a3b5-9fa7-4788-ac70-c3c2ac64a637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27470", "type": "seen", "source": "https://t.me/thehackernews/3869", "content": "A high-severity Time-of-Check to Time-of-Use (TOCTOU) (CVE-2023-27470) in N-Able's Take Control Agent could give hackers SYSTEM privileges. \n \nFind out how it works: https://thehackernews.com/2023/09/n-ables-take-control-agent.html", "creation_timestamp": "2023-09-14T11:55:02.000000Z"}, {"uuid": "b4fc6327-67a4-46b3-b8bd-d0515d9c8186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27470", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1118", "content": "https://github.com/3lp4tr0n/CVE-2023-27470_Exercise\n\u6743\u9650\u63d0\u5347\n#github #\u63d0\u6743", "creation_timestamp": "2024-10-21T13:25:20.000000Z"}]}