{"vulnerability": "CVE-2023-34835", "sightings": [{"uuid": "dc03b93a-29c9-4009-bcdb-02d648e0e53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34835", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3093", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27  - Hackers Factory\n\n\u200b\u200bDao-Exploit\n\nCryptanalysis of the DAO exploit & Multi-Stage Attack.\n\nhttps://github.com/demining/Dao-Exploit\n\n#cybersecurity #infosec\n\n\u200b\u200bSLOOTH\n\nSlooth is an advanced vulnerability management system designed to help organizations stay ahead of security threats. By leveraging the Python NVD API wrapper and a REST API, Slooth fetches and organizes data about Common Vulnerabilities and Exposures (CVEs). It provides a unique identifier, the CVE ID, for stakeholders to discuss and research specific vulnerabilities.\n\nhttps://github.com/TheAxumite/SLOOTH-Security-Vulnerability-Search-and-Management\n\n#cve #cybersecurity #infosec\n\n\u200b\u200b\ud83d\udee1 VineShield\n\nObfuscation tool for all executing files and scripts written on python3\n\nhttps://github.com/Nick-Vinesmoke/VineShield\n\n#cybersecurity #infosec\n\n\u200b\u200bX-osint\n\nThis is an #OSINT tool which gathers useful and yet credible valid information about a phone number, user's email address and ip address and more to come in feature updates.\n\nhttps://github.com/TermuxHackz/X-osint\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34835\n\nCross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.\n\nhttps://github.com/sahiloj/CVE-2023-34835\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bThoth\n\nCairo/Starknet security toolkit (bytecode analyzer, disassembler, decompiler, symbolic execution, SBMC)\n\nhttps://github.com/FuzzingLabs/thoth\n\n#cybersecurity #infosec\n\n\u200b\u200bPROFILEGPT\n\nA tool for analyzing profiles and hashtags on Twitter. The application exploits various technologies and APIs to collect data and generate information for users.\n\nhttps://github.com/odiks/PROFILEGPT\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-34599\n\nMultiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n\nhttps://github.com/maddsec/CVE-2023-34599\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bDaProfiler\n\n#OSINT tool allowing you to collect certain information about yourself in order to rectify by rgpd requests the traces you may have left on the net. DaProfiler is indeed able to recover: Addresses, Social media accounts, e-mail addresses, mobile / landline number, jobs. On a specified subject in a limited time. \n\nhttps://github.com/daprofiler/DaProfiler\n\n#cybersecurity #infosec\n\n\u200b\u200bJormungandr \n\nA kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.\n\nhttps://github.com/Idov31/Jormungandr\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-06-26T23:00:10.000000Z"}, {"uuid": "bfce5004-4a9e-487a-ac12-34ce59deabf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34835", "type": "published-proof-of-concept", "source": "Telegram/kQobGEjTlcRIPa-4WOOdLQJ7F3hi6AgOON4V9wg9RgQ9Zg", "content": "", "creation_timestamp": "2023-06-26T16:20:38.000000Z"}, {"uuid": "a3b56a7f-ef93-4001-af7f-c01ffdc647fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34835", "type": "seen", "source": "https://t.me/cibsecurity/65585", "content": "\u203c CVE-2023-34835 \u203c\n\nA Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T22:12:13.000000Z"}, {"uuid": "fc0b664e-f498-45ad-a6c9-3c73c8a5d17a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34835", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3743", "content": "\ud83d\udda5Exploits:\n\n\ud83d\udd31Dao-Exploit : https://www.system32.ink/2023/06/dao-exploit.html\n\n\ud83d\udd31CVE-2023-34835 XSS Exploit - eScan Management Console 14.0.1400.2281 : https://www.system32.ink/2023/06/cve-2023-34835-xss-exploit-escan.html\n\n\ud83d\udda5DataLeaks:\n\n\ud83d\udd31Viva Air Columbia Data Leak : https://www.system32.ink/2023/06/viva-air-columbia-data-leak.html\n\n\ud83d\udd31CITI Bank Leaks : https://www.system32.ink/2023/06/citi-bank-leaks.html\n\n\ud83d\udda5Tools:\n\n\ud83d\udd31Acunetix v15.7 - 09 May 2023 : https://www.system32.ink/2023/06/acunetix-v157-09-may-2023-download.html\n\n\ud83d\udd31PROFILEGPT - Tool for analyzing profiles and hashtags on Twitter : https://www.system32.ink/2023/06/profilegpt.html\n\n\ud83d\udda5Keylogger:\n\n\ud83d\udd31AutoLOG V1 Keylogger : https://www.system32.ink/2023/06/autolog-v1.html\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-06-27T03:12:37.000000Z"}, {"uuid": "dbed9994-a35f-4d68-844a-5b153b6cb381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34835", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8550", "content": "#exploit\n1. FortiNAC - Just a few more RCEs\nhttps://frycos.github.io/vulns4free/2023/06/18/fortinac.html\n\n2. CVE-2023-34835, CVE-2023-34836:\neScan Management Console 14.0.14 - Reflected Cross Site Scripting\nhttps://github.com/sahiloj/CVE-2023-34836\nhttps://github.com/sahiloj/CVE-2023-34835\n\n3. Flickr Stored XSS in photos_user_map.gne\nhttps://keerok.github.io/2022/12/22/Flickr-Stored-XSS", "creation_timestamp": "2023-11-11T01:56:00.000000Z"}]}