{"vulnerability": "CVE-2023-3667", "sightings": [{"uuid": "134fe6c8-1aeb-4ec9-99a9-5b8b3e249e8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36679", "type": "seen", "source": "Telegram/1UvIFO3w_AXuXcZNSyTx5uNMMkcsAysJsxJsUFXDfIepplf6", "content": "", "creation_timestamp": "2025-03-06T02:17:23.000000Z"}, {"uuid": "c174f91f-2a7a-480b-8262-d7d40e06ee49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36672", "type": "seen", "source": "https://t.me/kasperskyb2b/793", "content": "\ud83d\udd35 \u0410 \u0438\u0437 \u0432\u0430\u0448\u0435\u0433\u043e VPN \u0443\u0442\u0435\u043a\u0430\u0435\u0442 \u0442\u0440\u0430\u0444\u0438\u043a?\n\n\u0414\u0432\u0430 \u0441\u0432\u0435\u0436\u0438\u0445 \u043f\u0430\u0442\u0447\u0430 Cisco AnyConnect \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0441\u0442\u044c \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 VPN, \u043a\u0430\u043a \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445, \u0442\u0430\u043a \u0438 \u0431\u044b\u0442\u043e\u0432\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2023-36672, -35838, -36673 \u0438 -36671) \u0438\u043c\u0435\u044e\u0442 \u043e\u0431\u0449\u0435\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 TunnelCrack \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0443 \u0440\u043e\u0443\u0442\u0435\u0440\u0430 Wi-Fi \u0438\u043b\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0443 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0430\u0431\u043b\u0438\u0446\u0430\u043c\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u0432\u0435\u0442\u0430\u043c\u0438 DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u0442\u0440\u0430\u0444\u0438\u043a \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0443\u0445\u043e\u0434\u0438\u043b \u043c\u0438\u043c\u043e \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u044f \u043f\u0440\u044f\u043c\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443, \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435.\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0434\u0432\u0430 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u2014 \u043c\u0438\u043c\u043e VPN \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u0440\u0430\u0444\u0438\u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u0442\u0440\u0430\u0444\u0438\u043a \u043d\u0430 \u0441\u0430\u043c VPN-\u0441\u0435\u0440\u0432\u0435\u0440.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0430\u0432\u0442\u043e\u0440\u043e\u0432, \u0432\u0441\u0435 VPN-\u043a\u043b\u0438\u0435\u043d\u0442\u044b \u0434\u043b\u044f iOS \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0430\u0442\u0430\u043a\u0435. \u0414\u043b\u044f Windows, Linux \u0438 macOS \u0443\u044f\u0437\u0432\u0438\u043c\u043e \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0430 \u043d\u0430 Android \u2014 \u00ab\u0432\u0441\u0435\u0433\u043e\u00bb 25% \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.   \u041a\u0440\u043e\u043c\u0435 Cisco, \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u0434\u044b\u0440\u0443, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0430\u0432\u0442\u043e\u0440\u043e\u0432 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438  Cloudflare, Mozilla VPN, Surfshark \u0438 \u043f\u0440\u043e\u0447. \u0422\u0435\u043c, \u0447\u0435\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0451\u043d, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 VPN-\u043a\u043b\u0438\u0435\u043d\u0442\u0430.   \n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-08-09T12:30:33.000000Z"}, {"uuid": "0b6f22cc-5eae-4954-9d76-6cb1f5a037f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3667", "type": "seen", "source": "https://t.me/cibsecurity/68890", "content": "\u203c CVE-2023-3667 \u203c\n\nThe Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T20:41:05.000000Z"}, {"uuid": "5c092990-dc6b-4fdb-b3c4-fc9b8e2b9b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36677", "type": "seen", "source": "https://t.me/cibsecurity/73550", "content": "\u203c CVE-2023-36677 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-04T01:23:38.000000Z"}, {"uuid": "7a6a908d-d875-49d2-b7a6-c9694725fab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36670", "type": "seen", "source": "https://t.me/cibsecurity/66934", "content": "\u203c CVE-2023-36670 \u203c\n\nA remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T22:31:08.000000Z"}, {"uuid": "f2127282-9096-4cc3-9996-83eac7ef35f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36674", "type": "seen", "source": "https://t.me/cibsecurity/68866", "content": "\u203c CVE-2023-36674 \u203c\n\nAn issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-20T22:41:28.000000Z"}, {"uuid": "8d17af8d-df2d-4e84-a035-a45150aadc6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36678", "type": "seen", "source": "https://t.me/cibsecurity/67818", "content": "\u203c CVE-2023-36678 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <=\u00c2\u00a03.5.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-06T02:11:56.000000Z"}, {"uuid": "656ed8c1-2e1e-42bf-82c4-6b2f10e31680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-36675", "type": "seen", "source": "https://t.me/cibsecurity/65500", "content": "\u203c CVE-2023-36675 \u203c\n\nAn issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-26T12:20:46.000000Z"}]}