{"vulnerability": "CVE-2023-2845", "sightings": [{"uuid": "3bf7ed5e-4373-44d2-bdd5-4018ff9886c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28450", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "c26a2d61-195a-4559-97b2-df295374e911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28458", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pretalx_rce_cve_2023_28458.rb", "content": "", "creation_timestamp": "2025-08-27T20:55:20.000000Z"}, {"uuid": "e69e2249-7f51-45bf-ac5e-f819fb1c665a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28458", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "b12ffe41-a30d-4e3a-8b9c-a732ae389b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28452", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8164", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28452\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.\n\ud83d\udccf Published: 2024-09-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T20:44:07.451Z\n\ud83d\udd17 References:\n1. https://coredns.io/\n2. https://gist.github.com/idealeer/e41c7fb3b661d4262d0b6f21e12168ba", "creation_timestamp": "2025-03-19T21:18:40.000000Z"}, {"uuid": "24137e67-d8f5-4828-8ff9-0ebfb8579c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2845", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2845\n\ud83d\udd39 Description: Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.\n\ud83d\udccf Published: 2023-05-23T00:00:00\n\ud83d\udccf Modified: 2025-01-16T19:47:02.832Z\n\ud83d\udd17 References:\n1. https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/d9f55a44e579d312977b02317b2020de758b763a\n2. https://huntr.dev/bounties/ac10e81c-998e-4425-9d74-b985d9b0254c", "creation_timestamp": "2025-01-16T19:55:51.000000Z"}, {"uuid": "9030f603-9e0f-4b80-8c4e-647af601577a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28454", "type": "seen", "source": "Telegram/jHCDPEpVRgq5D6l_aer-oTMtl5KFvgMyq4zL2NDeZWOt9_o", "content": "", "creation_timestamp": "2024-07-27T18:04:50.000000Z"}, {"uuid": "5007896b-81b7-4f83-9365-e89b8e93af14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28450", "type": "seen", "source": "Telegram/jHCDPEpVRgq5D6l_aer-oTMtl5KFvgMyq4zL2NDeZWOt9_o", "content": "", "creation_timestamp": "2024-07-27T18:04:50.000000Z"}, {"uuid": "9359ea02-72c3-45d9-bdb0-1a4858fa7385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28456", "type": "seen", "source": "Telegram/jHCDPEpVRgq5D6l_aer-oTMtl5KFvgMyq4zL2NDeZWOt9_o", "content": "", "creation_timestamp": "2024-07-27T18:04:50.000000Z"}, {"uuid": "5470f2ef-a7a7-4423-ad92-406a8366f515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28458", "type": "seen", "source": "https://t.me/cibsecurity/62560", "content": "\u203c CVE-2023-28458 \u203c\n\npretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-21T00:31:05.000000Z"}, {"uuid": "81cce007-8bba-4695-98c6-786007087a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28459", "type": "seen", "source": "https://t.me/cibsecurity/62559", "content": "\u203c CVE-2023-28459 \u203c\n\npretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-21T00:31:04.000000Z"}, {"uuid": "9abc5354-5192-4303-9b3f-a4f99d0b54df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28450", "type": "seen", "source": "https://t.me/cibsecurity/60097", "content": "\u203c CVE-2023-28450 \u203c\n\nAn issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T23:30:21.000000Z"}]}