{"vulnerability": "CVE-2023-3077", "sightings": [{"uuid": "b31ad99c-95f7-4195-9516-206fe538f001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30775", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30775\n\ud83d\udd39 Description: A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.\n\ud83d\udccf Published: 2023-05-19T00:00:00\n\ud83d\udccf Modified: 2025-01-21T17:30:59.637Z\n\ud83d\udd17 References:\n1. https://gitlab.com/libtiff/libtiff/-/issues/464\n2. https://access.redhat.com/security/cve/CVE-2023-30775\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2187141\n4. https://security.netapp.com/advisory/ntap-20230703-0002/", "creation_timestamp": "2025-01-21T18:00:55.000000Z"}, {"uuid": "0669df31-c0d1-4758-b890-1d7948bf6111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "seen", "source": "https://t.me/itsec_news/2562", "content": "\u200b\u2694\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u043c \u0431\u043e\u043b\u0435\u0435 2 \u043c\u043b\u043d. \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Patchstack, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0449\u0435\u0439\u0441\u044f \u043d\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b WordPress, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Advanced Custom Fields (ACF) \u0434\u043b\u044f WordPress, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 XSS-\u0430\u0442\u0430\u043a\u0443.\n\nXSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-30777 , \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u043c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u043e\u043c (Reflected XSS), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0441\u0430\u0439\u0442\u044b.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Patchstack, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 WordPress, \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0432 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 URL-\u0430\u0434\u0440\u0435\u0441.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e CVE-2023-30777 \u043c\u043e\u0436\u043d\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 Advanced Custom Fields, \u0445\u043e\u0442\u044f \u044d\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0432\u043e\u0448\u0435\u0434\u0448\u0438\u0445 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0443 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0435\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043b\u0430\u0433\u0438\u043d\u0443.\n\n\u041f\u043b\u0430\u0433\u0438\u043d Advanced Custom Fields \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0431\u043e\u043b\u0435\u0435 2 \u043c\u043b\u043d. \u0440\u0430\u0437 . \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438 \u0434\u043e\u0432\u0435\u0434\u0435\u043d\u0430 \u0434\u043e \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0449\u0438\u0445 2 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0435\u0440\u0441\u0438\u044e 6.1.6.\n\n\u041e\u0442\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0435 XSS-\u0430\u0442\u0430\u043a\u0438 \u043e\u0431\u044b\u0447\u043d\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u044f\u0442, \u043a\u043e\u0433\u0434\u0430 \u0436\u0435\u0440\u0442\u0432 \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0449\u0435\u043b\u043a\u043d\u0443\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0441\u0441\u044b\u043b\u043a\u0443, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u043f\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u0435 \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442, \u0447\u0442\u043e \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0443 \u043e\u0431\u0440\u0430\u0442\u043d\u043e \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-05-07T12:50:23.000000Z"}, {"uuid": "c2c7a779-03b4-4a21-989f-dedace53672f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30778", "type": "seen", "source": "https://t.me/cibsecurity/68534", "content": "\u203c CVE-2023-30778 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin &lt;=\u00c2\u00a010.0.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T16:30:31.000000Z"}, {"uuid": "eed669de-e678-46a4-a740-6816563a0335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "seen", "source": "https://t.me/KomunitiSiber/162", "content": "New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks\nhttps://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html\n\nUsers of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw.\nThe issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites.\nThe plugin, which is available both as a free and pro", "creation_timestamp": "2023-05-06T09:27:42.000000Z"}, {"uuid": "1c5b0ce5-e0e9-4990-84ae-926eb891b649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "published-proof-of-concept", "source": "Telegram/Z42dUL5SlpUKhzaB8z2JtVDGF4e8DZjU4NsnyrTR2CVbxw", "content": "", "creation_timestamp": "2023-06-27T08:09:48.000000Z"}, {"uuid": "b0eb9eee-31b6-4e10-a973-828b209717d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "exploited", "source": "https://t.me/true_secator/4378", "content": "\u041d\u0435 \u043f\u0440\u043e\u0448\u043b\u043e \u0438 \u0441\u0443\u0442\u043e\u043a \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u0432\u044b\u0445\u043e\u0434\u0430 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0434\u043b\u044f \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress Advanced Custom Fields, \u043a\u0430\u043a \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043a \u043c\u0430\u0441\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c \u043d\u0430 \u0441\u0430\u0439\u0442\u044b WordPress.\n\nCVE-2023-30777 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043a\u0440\u0430\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438 \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0430\u0439\u0442\u0430\u0445 WordPress.\n\n\u041e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 Patchstack 2 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 PoC \u0443\u0436\u0435\u00a05 \u043c\u0430\u044f, \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 6.1.6.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Akamai Security Intelligence Group (SIG) \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0431\u0430\u0433\u0438, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 6 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u0434\u0430 Patchstack \u043f\u0440\u044f\u043c\u043e \u0438\u0437 \u0441\u0442\u0430\u0442\u044c\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u0447\u0442\u043e \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u0442 \u0448\u0430\u043d\u0441\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u043d\u0430 \u0443\u0441\u043f\u0435\u0445 \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0438\u043b\u0438\u0439.\n\n\u041d\u043e \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u0435\u0435 \u0432\u0441\u0435\u0433\u043e \u0442\u043e, \u0447\u0442\u043e \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435 \u0431\u043e\u043b\u0435\u0435 1,4 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d WordPress, \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432  \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 WordPress \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u043c\u0438 \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043d\u0430\u0447\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a.", "creation_timestamp": "2023-05-15T12:50:58.000000Z"}, {"uuid": "c8893954-9125-4f66-8b44-68a4f5e237ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3710", "content": "\ud83d\udda5Dataleak:\n\n\ud83d\udd31DataLeak uprint_id : https://www.system32.ink/2023/06/DataLeak-uprint.id.html\n\n\ud83d\udd31Leak RaidForums  : https://www.system32.ink/2023/06/leak-raidforums-database-by-exposedvc.html\n\n\ud83d\udd31Leak Santander bank Mexico : https://www.system32.ink/2023/06/leak-santander-bank-mexico.html\n\n\ud83d\udd31Leak Tour Partner Group (tourpartnergroup.com) : https://www.system32.ink/2023/06/leak-tour-partner-group.html\n\n\ud83d\udda5Exploits:\n\n\ud83d\udd31MiniDLNA &lt;=1.3.2 (CVE-2023-33476) Exploits : https://www.system32.ink/2023/06/minidlna-132-cve-2023-33476-exploits.html\n\n\ud83d\udd31CVE-2023-20178 PoC for Arbitrary File Delete vulnerability in Cisco Secure Client : https://www.system32.ink/2023/06/cve-2023-20178-poc-for-arbitrary-file.html\n\n\ud83d\udd31CVE-2023-25610  RCE vulnerability in FortiOS : https://www.system32.ink/2023/06/cve-2023-25610-rce-vulnerability-in.html\n\n\ud83d\udd31CVE-2023-30777 Exploit Reflected XSS vulnerability in the Advanced Custom Fields WordPress plugin : https://www.system32.ink/2023/06/cve-2023-30777-exploit-reflected-xss.html\n\n\ud83d\udda5Rat:\n\n\ud83d\udd31GCR-Google-Calendar-RAT : https://www.system32.ink/2023/06/gcr-google-calendar-rat.html\n\n\ud83d\udda5Tools:\n\n\ud83d\udd31Mantra - A tool used to hunt down API key leaks in JS files and pages : https://www.system32.ink/2023/06/mantra-tool-used-to-hunt-down-api-key.html\n\n\ud83d\udd31IIS Short Name Scanner - 2012-2023 : https://www.system32.ink/2023/06/iis-short-name-scanner-2012-2023.html\n\n@crackcodes | crackcodes.in | system32.ink", "creation_timestamp": "2023-06-21T14:59:33.000000Z"}, {"uuid": "d2871f1a-a673-4c12-ba93-5cd360341d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "published-proof-of-concept", "source": "Telegram/5J0K3ktTRnE5OXtm_HSZQB0ByP_7s3NltK4ljZroPrT30A", "content": "", "creation_timestamp": "2023-05-06T09:17:35.000000Z"}, {"uuid": "258aa960-2490-4dc9-b0e0-874e57ee6e4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30779", "type": "seen", "source": "https://t.me/cibsecurity/68627", "content": "\u203c CVE-2023-30779 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin &lt;=\u00c2\u00a01.5.51 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T14:47:17.000000Z"}, {"uuid": "c4d5b94a-a9f6-4fb4-a2ba-ef80930fd4ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "seen", "source": "https://t.me/cibsecurity/63720", "content": "\u203c CVE-2023-30777 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins &lt;=\u00c2\u00a06.1.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T12:20:18.000000Z"}, {"uuid": "15c238a9-5abe-4ce8-84fe-0fb687d39e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30771", "type": "seen", "source": "https://t.me/cibsecurity/62265", "content": "\u203c CVE-2023-30771 \u203c\n\nIncorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-17T12:28:13.000000Z"}, {"uuid": "8a4e2455-9e05-4857-810e-1bdab78df703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30776", "type": "seen", "source": "https://t.me/cibsecurity/62734", "content": "\u203c CVE-2023-30776 \u203c\n\nAn authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API.\u00c2\u00a0This issue affects Apache Superset version 1.3.0 up to 2.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T20:19:35.000000Z"}, {"uuid": "2e4c90f7-f54c-4d62-8390-9c80f21acefa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "seen", "source": "https://t.me/thehackernews/3323", "content": "If you're using the Advanced Custom Fields plugin for WordPress, make sure to update to version 6.1.6 as soon as possible! \n \nA security flaw (CVE-2023-30777) has been discovered that could allow for reflected cross-site scripting attacks. \n \nhttps://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html", "creation_timestamp": "2023-05-06T07:50:16.000000Z"}, {"uuid": "3795edb7-2a92-4040-8a38-6b7afcfd0d17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30770", "type": "seen", "source": "https://t.me/cibsecurity/62266", "content": "\u203c CVE-2023-30770 \u203c\n\nA stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-17T12:28:14.000000Z"}, {"uuid": "fe33ac45-b5df-45a7-bf8e-853113e5e651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30772", "type": "seen", "source": "https://t.me/cibsecurity/62257", "content": "\u203c CVE-2023-30772 \u203c\n\nThe Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:26.000000Z"}, {"uuid": "375e7716-f294-475d-b50a-d7ca8ee1c8b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "exploited", "source": "https://t.me/xakep_ru/14044", "content": "\u0411\u0430\u0433 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 \u0434\u043b\u044f WordPress \u0441\u0442\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0447\u0435\u0440\u0435\u0437 24 \u0447\u0430\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430\n\n\u0425\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 WordPress-\u043f\u043b\u0430\u0433\u0438\u043d\u0435 Advanced Custom Fields (CVE-2023-30777) \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 24 \u0447\u0430\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0434\u043b\u044f \u043d\u0435\u0435 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442.\n\nhttps://xakep.ru/2023/05/16/advanced-custom-fields/", "creation_timestamp": "2023-05-16T16:05:44.000000Z"}, {"uuid": "14c346a4-2c15-41bf-b4b2-b4883e21103e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30777", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8508", "content": "#exploit\n1. CVE-2023-25610:\nRCE vulnerability in FortiOS\nhttps://github.com/qi4L/CVE-2023-25610\n\n2. CVE-2023-30777:\nXSS in the Advanced Custom Fields WordPress plugin\nhttps://github.com/Alucard0x1/CVE-2023-30777\n\n3. CVE-2023-24078:\nRCE in FuguHub/BarracudaDrive\nhttps://github.com/rio128128/CVE-2023-24078", "creation_timestamp": "2023-06-18T12:50:26.000000Z"}]}