{"vulnerability": "CVE-2023-3107", "sightings": [{"uuid": "709ef170-871b-4549-a4cc-5424d3d525be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31070", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3063", "content": "Cybersecurity News - Hackers Factory \n\n\n\u200aGitLab 'strongly recommends' patching max severity flaw ASAP\n\nhttps://www.bleepingcomputer.com/news/security/gitlab-strongly-recommends-patching-max-severity-flaw-asap/\n\n\u200aChinese hackers breach US critical infrastructure in stealthy attacks\n\nhttps://www.bleepingcomputer.com/news/security/chinese-hackers-breach-us-critical-infrastructure-in-stealthy-attacks/\n\n\u200aHackers target 1.5M WordPress sites with cookie consent plugin exploit\n\nhttps://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit/\n\n\u200aChinese-linked hackers target critical infrastructure in US and Guam\n\nhttps://cyberscoop.com/china-critical-infrastructure-volt-typhoon/\n\n\u200aMicrosoft: Windows issue causes file copying, saving failures\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-windows-issue-causes-file-copying-saving-failures/\n\n\u200aKimsuky \u2013 notorious North Korean\n\nhttps://security.packt.com/kimsuky-notorious-north-korean/\n\n\u200aThe US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea\n\nhttps://securityaffairs.com/146611/cyber-warfare-2/us-santioned-north-korea-entities.html\n\n\u200aAnnouncing the launch of GUAC v0.1\n\nhttp://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html\n\n\u200aWhat are the Common Security Challenges CISOs Face?\n\nhttps://gbhackers.com/security-challenges-cisos-face/\n\n\u200aFully Encrypted GuLoader Uses Google Drive to Download Payloads\n\nhttps://gbhackers.com/guloader-via-google-drive/\n\n\u200aApria Healthcare Hacked \u2013 Over 2M Users Data Exposed\n\nhttps://gbhackers.com/apria-healthcare-hacked/\n\nVSCode Security: Malicious Extensions - PII Exposed, and Backdoors Enabled\n\nhttps://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors\n\nThe Fuzzing Guide to the Galaxy: An Attempt with Android System Services\n\nhttps://blog.thalium.re/posts/fuzzing-samsung-system-services\n\nCVE-2023-31070: Broadcom BCM47xx SDK EMF slab-out-of-bounds write\n\nhttps://bugprove.com/knowledge-hub/cve-2023-31070-broadcom-bcm-47xx-sdk-emf-slab-out-of-bounds-write\n\nUpdates to Legion: A Cloud Credential Harvester and SMTP Hijacker\n\nhttps://www.cadosecurity.com/updates-to-legion-a-cloud-credential-harvester-and-smtp-hijacker\n\n\u200aBe Cyber-Vigilant on Your Cruise with These Cyber Security Tips\n\nhttps://latesthackingnews.com/2023/05/25/be-cyber-vigilant-on-your-cruise-with-these-cyber-security-tips/\n\n\u200aNew Buhti ransomware gang uses leaked Windows, Linux encryptors\n\nhttps://www.bleepingcomputer.com/news/security/new-buhti-ransomware-gang-uses-leaked-windows-linux-encryptors/\n\n\u200a\u2018Operation Magalenha\u2019 targets credentials of 30 Portuguese banks\n\nhttps://www.bleepingcomputer.com/news/security/operation-magalenha-targets-credentials-of-30-portuguese-banks/\n\n\u200aChatGPT is down worldwide - OpenAI confirms issues\n\nhttps://www.bleepingcomputer.com/news/technology/chatgpt-is-down-worldwide-openai-confirms-issues/\n\n\u200aABB Hack \u2013 Attackers Dropped Ransomware on IT Systems\n\nhttps://cybersecuritynews.com/abb-hack/\n\n\u200aWireshark 4.0.6 Released \u2013 Fix for 9 vulnerabilities\n\nhttps://gbhackers.com/wireshark-4-0-6/\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-25T16:15:42.000000Z"}, {"uuid": "50d471e4-96e6-4b95-8f3a-6e422263e686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31079", "type": "seen", "source": "https://t.me/cibsecurity/68756", "content": "\u203c CVE-2023-31079 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Roberts Tippy plugin <=\u00c2\u00a06.2.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T18:37:23.000000Z"}, {"uuid": "6a0c9bf8-4db6-4b2b-a310-25556de859fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31072", "type": "seen", "source": "https://t.me/cibsecurity/68760", "content": "\u203c CVE-2023-31072 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <=\u00c2\u00a00.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T18:37:27.000000Z"}, {"uuid": "4a26b27a-bfc2-4666-8ea2-ebde69b3b774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31074", "type": "seen", "source": "https://t.me/cibsecurity/68739", "content": "\u203c CVE-2023-31074 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <=\u00c2\u00a03.4.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T14:37:13.000000Z"}, {"uuid": "8aae149e-108f-4cf6-a26a-9fca4174249c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31071", "type": "seen", "source": "https://t.me/cibsecurity/68730", "content": "\u203c CVE-2023-31071 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <=\u00c2\u00a03.5.14 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T12:37:16.000000Z"}, {"uuid": "5b485cf9-299f-4d8c-bc9a-1e5592a3b257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31076", "type": "seen", "source": "https://t.me/cibsecurity/68723", "content": "\u203c CVE-2023-31076 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <=\u00c2\u00a08.0.6 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T12:37:09.000000Z"}, {"uuid": "55124f41-fcb0-46b1-8fea-cf67463b5ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31070", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8362", "content": "#exploit\n1. CVE-2023-2859:\nStored HTML injection in folderName affecting Admin in TeamPass <3.0.9\nhttps://github.com/mnqazi/CVE-2023-2859\n\n2. CVE-2023-20869/CVE-2023-20870:\nVMWare Stack-based Overflow/Uninitialized Variable Info Leak\nhttps://www.zerodayinitiative.com/blog/2023/5/17/cve-2023-2086920870-exploiting-vmware-workstation-at-pwn2own-vancouver\n\n3. CVE-2023-31070:\nBroadcom BCM47xx SDK EMF slab-out-of-bounds write\nhttps://bugprove.com/knowledge-hub/cve-2023-31070-broadcom-bcm-47xx-sdk-emf-slab-out-of-bounds-write", "creation_timestamp": "2023-05-25T12:49:50.000000Z"}]}