{"vulnerability": "CVE-2023-3420", "sightings": [{"uuid": "2ef05588-ca47-4e66-8be4-8ac0b94562bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34207", "type": "seen", "source": "https://t.me/cibsecurity/72400", "content": "\u203c CVE-2023-34207 \u203c\n\nUnrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with \u00e2\u20ac\u02dcNT Authority\\SYSTEM\u00e2\u20ac\u02dc privilege via a crafted ZIP archive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T07:32:38.000000Z"}, {"uuid": "4cceaf3a-7c45-4790-97ad-acd1120b6cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34204", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1231", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34204\n\ud83d\udd39 Description: imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it.\n\ud83d\udccf Published: 2023-05-30T00:00:00\n\ud83d\udccf Modified: 2025-01-10T20:46:24.049Z\n\ud83d\udd17 References:\n1. https://github.com/imapsync/imapsync/issues/399", "creation_timestamp": "2025-01-10T21:04:02.000000Z"}, {"uuid": "f1d2b2be-a939-4df4-9efc-0d03c16a58c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34208", "type": "seen", "source": "https://t.me/cibsecurity/72393", "content": "\u203c CVE-2023-34208 \u203c\n\nPath Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T07:32:30.000000Z"}]}