{"vulnerability": "CVE-2023-3857", "sightings": [{"uuid": "ee902d3a-55cc-4506-8e58-6163be98fbf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38571", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5231", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploit for CVE-2023-38571\nURL\uff1ahttps://github.com/gergelykalman/CVE-2023-38571-a-macOS-TCC-bypass-in-Music-and-TV\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-09-28T02:24:07.000000Z"}, {"uuid": "0d2daa40-0daf-4269-93c2-39d834909980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38574", "type": "seen", "source": "https://t.me/cibsecurity/69824", "content": "\u203c CVE-2023-38574 \u203c\n\nOpen redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-05T12:16:58.000000Z"}, {"uuid": "c79dd432-ab73-4221-ac82-3990f1ca3d02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38579", "type": "seen", "source": "https://t.me/ctinow/186919", "content": "https://ift.tt/EVNQ9F5\nCVE-2023-38579 | Westermo Lynx 206-F2G 4.24 cross-site request forgery (icsa-24-023-04)", "creation_timestamp": "2024-02-17T13:41:30.000000Z"}, {"uuid": "4aa90694-f58f-4e36-972d-69511127d821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38575", "type": "seen", "source": "https://t.me/ctinow/208026", "content": "https://ift.tt/D5PJmSv\nCVE-2023-38575", "creation_timestamp": "2024-03-14T18:26:58.000000Z"}, {"uuid": "ab916fd0-1fbf-4046-bf44-dbe1ab3bd7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38575", "type": "seen", "source": "https://t.me/ctinow/208009", "content": "https://ift.tt/D5PJmSv\nCVE-2023-38575", "creation_timestamp": "2024-03-14T18:22:43.000000Z"}, {"uuid": "f3597e16-68d8-49c4-bf7c-77300b743d47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38579", "type": "seen", "source": "https://t.me/ctinow/180394", "content": "https://ift.tt/XHTeFmu\nCVE-2023-38579", "creation_timestamp": "2024-02-06T23:31:21.000000Z"}, {"uuid": "64fa5e9f-5631-4a86-9434-db80731b8a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38571", "type": "seen", "source": "https://t.me/cibsecurity/67374", "content": "\u203c CVE-2023-38571 \u203c\n\nThis issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T13:31:45.000000Z"}, {"uuid": "379d3636-9b7e-48b4-8a39-25a4ecc920a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38576", "type": "seen", "source": "https://t.me/cibsecurity/68823", "content": "\u203c CVE-2023-38576 \u203c\n\nHidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-18T14:38:24.000000Z"}, {"uuid": "dbf44988-34c9-4379-8342-e74a7f7d5d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38571", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9106", "content": "#exploit\n1. CVE-2023-27121:\nCredential Leak via XSS in Pleasant Password Manager\nhttps://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager\n]-> https://github.com/mdsecactivebreach/PleasantTools\n\n2. CVE-2023-38571:\nmacOS TCC bypass in Music and TV\nhttps://github.com/gergelykalman/CVE-2023-38571-a-macOS-TCC-bypass-in-Music-and-TV\n\n3. CVE-2023-20209:\nCisco Expressway Series/Cisco TelePresence Video Communication Server Command Injection\nhttps://github.com/0x41-Researcher/CVE-2023-20209", "creation_timestamp": "2023-09-28T12:08:15.000000Z"}, {"uuid": "8d8d9906-7c03-42a7-9641-0068cb729daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3857", "type": "seen", "source": "https://t.me/cibsecurity/67137", "content": "\u203c CVE-2023-3857 \u203c\n\nA vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-24T07:25:47.000000Z"}, {"uuid": "34df1228-9538-4bdf-846a-3e7ca91629be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38571", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1143", "content": "#exploit\n1. CVE-2023-27121:\nCredential Leak via XSS in Pleasant Password Manager\nhttps://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager\n]-> https://github.com/mdsecactivebreach/PleasantTools\n\n2. CVE-2023-38571:\nmacOS TCC bypass in Music and TV\nhttps://github.com/gergelykalman/CVE-2023-38571-a-macOS-TCC-bypass-in-Music-and-TV\n\n3. CVE-2023-20209:\nCisco Expressway Series/Cisco TelePresence Video Communication Server Command Injection\nhttps://github.com/0x41-Researcher/CVE-2023-20209", "creation_timestamp": "2024-08-16T08:30:20.000000Z"}]}