{"vulnerability": "CVE-2023-3775", "sightings": [{"uuid": "02b1f0bc-fcc7-486c-8d11-c4d51638d362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37755", "type": "seen", "source": "https://t.me/cibsecurity/70563", "content": "\u203c CVE-2023-37755 \u203c\n\ni-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:24:50.000000Z"}, {"uuid": "08ad9375-69ea-4ca4-8c20-3a5bbd5868cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37756", "type": "seen", "source": "https://t.me/cibsecurity/70573", "content": "\u203c CVE-2023-37756 \u203c\n\nI-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:25:03.000000Z"}, {"uuid": "20504079-c22b-442c-ba33-dccbc1d1f4e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37759", "type": "seen", "source": "https://t.me/cibsecurity/70132", "content": "\u203c CVE-2023-37759 \u203c\n\nIncorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T07:19:27.000000Z"}, {"uuid": "819531ba-2e79-4d48-8ad5-65c691b16116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37758", "type": "seen", "source": "https://t.me/cibsecurity/66951", "content": "\u203c CVE-2023-37758 \u203c\n\nD-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T22:31:31.000000Z"}, {"uuid": "d0652d8e-7fa5-4ddc-8059-bcedbe73c410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37754", "type": "seen", "source": "https://t.me/cibsecurity/67380", "content": "\u203c CVE-2023-37754 \u203c\n\nPowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T18:36:00.000000Z"}, {"uuid": "ecbc231d-1f64-47ce-8098-559bab909085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37756", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9005", "content": "#exploit\n1. CVE-2023-37756:\nWeak Password Requirement in admin-center lead to malicious plugin upload in the i-doit Pro <=25\nhttps://github.com/leekenghwa/CVE-2023-37756-CWE-521-lead-to-malicious-plugin-upload-in-the-i-doit-Pro-25-and-below\n\n2. CVE-2023-1698:\nUnauthenticated RCE in WAGO PFC100, PFC200, CC100, Edge Controller, Touch Panel 600 Standard, Advanced/Marine Line with firmware >=16 and <=23\nhttps://github.com/codeb0ss/CVE-2023-1698-PoC", "creation_timestamp": "2023-09-11T10:59:01.000000Z"}]}