{"vulnerability": "CVE-2023-3435", "sightings": [{"uuid": "03ab9f4a-d804-4171-a21a-bf2cd9805f1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34354", "type": "seen", "source": "https://t.me/cibsecurity/72125", "content": "\u203c CVE-2023-34354 \u203c\n\nA stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T20:17:55.000000Z"}, {"uuid": "a6920ee7-a9c6-4dee-90f0-30d67cb2e49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34356", "type": "seen", "source": "https://t.me/cibsecurity/72123", "content": "\u203c CVE-2023-34356 \u203c\n\nAn OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T20:17:53.000000Z"}, {"uuid": "272a954f-cecf-407c-8263-4e7645480aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34351", "type": "seen", "source": "https://t.me/ctinow/201362", "content": "https://ift.tt/ZudNP8W\nCVE-2023-34351 | Intel PCM Software denial of service (intel-sa-00954)", "creation_timestamp": "2024-03-06T14:11:51.000000Z"}, {"uuid": "eb530241-3571-43f5-b52f-0a0a6e899397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34357", "type": "seen", "source": "https://t.me/cibsecurity/70047", "content": "\u203c CVE-2023-34357 \u203c\n\nSoar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T07:18:21.000000Z"}, {"uuid": "23286be0-89c8-4b65-8bcd-9af470472b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34355", "type": "seen", "source": "https://t.me/cibsecurity/68319", "content": "\u203c CVE-2023-34355 \u203c\n\nUncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:32:37.000000Z"}, {"uuid": "b66d268c-4d75-470e-bf67-990268adf2f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34353", "type": "seen", "source": "https://t.me/cibsecurity/69865", "content": "\u203c CVE-2023-34353 \u203c\n\nAn authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-05T20:17:13.000000Z"}, {"uuid": "432a8e2e-386f-4b91-8b7b-e66603a5511b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3435", "type": "seen", "source": "https://t.me/cibsecurity/68498", "content": "\u203c CVE-2023-3435 \u203c\n\nThe User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:20:05.000000Z"}, {"uuid": "9c026c27-50c2-4080-91c8-2f66417c7491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34359", "type": "seen", "source": "https://t.me/cibsecurity/67438", "content": "\u203c CVE-2023-34359 \u203c\n\nASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the \"do_json_decode()\" function of ej.c, resulting in a DoS condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T12:42:32.000000Z"}, {"uuid": "b3522914-5164-43e2-9adb-7a92b4403ffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34358", "type": "seen", "source": "https://t.me/cibsecurity/67437", "content": "\u203c CVE-2023-34358 \u203c\n\nASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T12:42:31.000000Z"}]}