{"vulnerability": "CVE-2023-41362", "sightings": [{"uuid": "dd942959-78f4-434a-801f-9c2adb53787d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "Telegram/UG6oSddx2bwhG_QTebEnBYG2SK7WVcpFXH_OXoX525gYMA", "content": "", "creation_timestamp": "2023-09-16T11:17:24.000000Z"}, {"uuid": "254da0f3-9087-40ec-86b7-afd72402d87a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "Telegram/Ro8t_vwt7AQYmnMRxlCmXGb8FIuOnTPoeQgd1Ea_p3ddcg", "content": "", "creation_timestamp": "2023-09-15T03:38:09.000000Z"}, {"uuid": "0a861d90-d95e-4c9b-9581-8f40871385f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "Telegram/kU8an4Go1huFShTvCbdEWGzr-EU9qubcfsgo6U8YbLfS-g", "content": "", "creation_timestamp": "2023-12-20T08:06:02.000000Z"}, {"uuid": "de5f1df0-6c5f-4022-af79-884e57711b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4830", "content": "\ud83d\udcccRCE in Juniper JunOS CVE-2023-36844-47 Exploit : Download\n\n\ud83e\ude85Pocket Access \u2013 Telegram Bot For Remote Access To Computer Files : Download\n\n\ud83d\udc38International Civil Defense Organization Data Leak : Download\n\n\ud83e\udd16CVE-2023-40930 POC: Skyworth 3.0 (Android) \u2013 Directory Traversal : Explore\n\n\ud83d\udd78Invicti Standard v23.9.0.42095 Crack : Download\n\n\ud83d\udcefSartrouville Company France Data Leak : Download\n\n\ud83c\udf1aAranui Cruises Data Leak : Download\n\n\ud83d\udc00Craxs Rat V6.7 : DOwnload\n\n\ud83e\udeacURL Infection: Exploit Silent Java Drive By Downloads Chrome : Explore\n\n\ud83e\uddeeCVE-2023-41362 \u2013 MyBB ACP RCE Exploit : Explore\n  \n\ud83d\udc7eCVE-2023-3244 POC: WordPress Missing Authorization: Explore\n\n\ud83d\udccdOpenText EnCase Forensic Tool : Download\n\n\ud83d\udc32Telegram Get remote IP: Get IP Address on Other Side Audio Call In Telegram : Check", "creation_timestamp": "2023-12-20T08:05:32.000000Z"}, {"uuid": "c1690196-04a4-45eb-99f2-77708cb7e245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4294", "content": "\ud83d\udcccRCE in Juniper JunOS CVE-2023-36844-47 Exploit : Download\n\n\ud83e\ude85Pocket Access \u2013 Telegram Bot For Remote Access To Computer Files : Download\n\n\ud83d\udc38International Civil Defense Organization Data Leak : Download\n\n\ud83e\udd16CVE-2023-40930 POC: Skyworth 3.0 (Android) \u2013 Directory Traversal : Explore\n\n\ud83d\udd78Invicti Standard v23.9.0.42095 Crack : Download\n\n\ud83d\udcefSartrouville Company France Data Leak : Download\n\n\ud83c\udf1aAranui Cruises Data Leak : Download\n\n\ud83d\udc00Craxs Rat V6.7 : DOwnload\n\n\ud83e\udeacURL Infection: Exploit Silent Java Drive By Downloads Chrome : Explore\n\n\ud83e\uddeeCVE-2023-41362 \u2013 MyBB ACP RCE Exploit : Explore\n  \n\ud83d\udc7eCVE-2023-3244 POC: WordPress Missing Authorization: Explore\n\n\ud83d\udccdOpenText EnCase Forensic Tool : Download\n\n\ud83d\udc32Telegram Get remote IP: Get IP Address on Other Side Audio Call In Telegram : Check", "creation_timestamp": "2023-09-15T03:37:09.000000Z"}, {"uuid": "5158ee19-d609-4a26-a5c1-5a20084ca7d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4299", "content": "\ud83d\udcccRCE in Juniper JunOS CVE-2023-36844-47 Exploit : Download\n\n\ud83e\ude85Pocket Access \u2013 Telegram Bot For Remote Access To Computer Files : Download\n\n\ud83d\udc38International Civil Defense Organization Data Leak : Download\n\n\ud83e\udd16CVE-2023-40930 POC: Skyworth 3.0 (Android) \u2013 Directory Traversal : Explore\n\n\ud83d\udd78Invicti Standard v23.9.0.42095 Crack : Download\n\n\ud83d\udcefSartrouville Company France Data Leak : Download\n\n\ud83c\udf1aAranui Cruises Data Leak : Download\n\n\ud83d\udc00Craxs Rat V6.7 : DOwnload\n\n\ud83e\udeacURL Infection: Exploit Silent Java Drive By Downloads Chrome : Explore\n\n\ud83e\uddeeCVE-2023-41362 \u2013 MyBB ACP RCE Exploit : Explore\n  \n\ud83d\udc7eCVE-2023-3244 POC: WordPress Missing Authorization: Explore\n\n\ud83d\udccdOpenText EnCase Forensic Tool : Download\n\n\ud83d\udc32Telegram Get remote IP: Get IP Address on Other Side Audio Call In Telegram : Check", "creation_timestamp": "2023-09-16T11:16:40.000000Z"}, {"uuid": "101ec70e-5e9f-4173-b32c-cbb34e096b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "seen", "source": "https://t.me/cibsecurity/69367", "content": "\u203c CVE-2023-41362 \u203c\n\nMyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-29T20:17:43.000000Z"}, {"uuid": "ce669c55-19e1-4e52-93ed-cfa76696907a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "seen", "source": "https://t.me/S_E_Reborn/4443", "content": "\ud83c\udf0d Top 10 web hacking techniques of 2023..\n\n\u2022  \u041d\u043e\u043c\u0438\u043d\u0430\u0446\u0438\u044f - top 10 \u043b\u0443\u0447\u0448\u0438\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0432\u0435\u0431-\u0432\u0437\u043b\u043e\u043c\u0430 \u0432 2023 \u0433\u043e\u0434\u0443. \u041a\u0430\u0436\u0434\u0430\u044f \u0441\u0442\u0430\u0442\u044c\u044f \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f:\n\n - Ransacking your password reset tokens;\n - mTLS: When certificate authentication is done wrong;\n - Smashing the state machine: the true potential of web race conditions;\n - Bypass firewalls with of-CORs and typo-squatting;\n - RCE via LDAP truncation on hg.mozilla.org;\n - Cookie Bugs - Smuggling & Injection;\n - OAuth 2.0 Redirect URI Validation Falls Short, Literally;\n - Prototype Pollution in Python;\n - Pretalx Vulnerabilities: How to get accepted at every conference;\n - From Akamai to F5 to NTLM... with love;\n - can I speak to your manager? hacking root EPP servers to take control of zones;\n - Blind CSS Exfiltration: exfiltrate unknown web pages;\n - Server-side prototype pollution: Black-box detection without the DoS;\n - Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari;\n - HTML Over the Wire;\n - SMTP Smuggling - Spoofing E-Mails Worldwide;\n - DOM-based race condition: racing in the browser for fun;\n - You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities;\n - CVE-2022-4908: SOP bypass in Chrome using Navigation API;\n - SSO Gadgets: Escalate (Self-)XSS to ATO;\n - Three New Attacks Against JSON Web Tokens;\n - Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix;\n - PHP filter chains: file read from error-based oracle;\n - SSRF Cross Protocol Redirect Bypass;\n - A New Vector For \u201cDirty\u201d Arbitrary File Write to RCE;\n - How I Hacked Microsoft Teams and got $150,000 in Pwn2Own;\n - AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice;\n - BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover;\n - MyBB Admin Panel RCE CVE-2023-41362;\n - Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity;\n - Code Vulnerabilities Put Skiff Emails at Riskr;\n - How to break SAML if I have paws?\n - JMX Exploitation Revisited;\n - Java Exploitation Restrictions in Modern JDK Times;\n - Exploiting Hardened .NET Deserialization;\n - Unserializable, but unreachable: Remote code execution on vBulletin;\n - Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework;\n - Hunting for Nginx Alias Traversals in the wild;\n - DNS Analyzer - Finding DNS vulnerabilities with Burp Suite;\n - Oh-Auth - Abusing OAuth to take over millions of accounts;\n - nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover;\n - One Scheme to Rule Them All: OAuth Account Takeover;\n - Exploiting HTTP Parsers Inconsistencies;\n - New ways of breaking app-integrated LLMs;\n - State of DNS Rebinding in 2023;\n - Fileless Remote Code Execution on Juniper Firewalls;\n - Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure!\n - Metamask Snaps: Playing in the Sand;\n - Uncovering a crazy privilege escalation from Chrome extensions;\n - Code Vulnerabilities Put Proton Mails at Risk;\n - Hacking into gRPC-Web;\n - Yelp ATO via XSS + Cookie Bridge;\n - HTTP Request Splitting vulnerabilities exploitation;\n - XSS in GMAIL Dynamic Email;\n - Azure B2C Crypto Misuse and Account Compromise;\n - Compromising F5 BIGIP with Request Smuggling;\n - One Supply Chain Attack to Rule Them All;\n - Cookie Crumbles: Breaking and Fixing Web Session Integrity;\n - tRPC Security Research: Hunting for Vulnerabilities in Modern APIs;\n - From an Innocent Client-Side Path Traversal to Account Takeover.\n\n#web #hack", "creation_timestamp": "2024-01-25T19:25:42.000000Z"}, {"uuid": "2fcb17ce-64a2-4dd7-ac61-3cfeafe69795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9010", "content": "#exploit\n1. CVE-2023-41362:\nMyBB Admin Panel RCE\nhttps://github.com/SorceryIE/CVE-2023-41362_MyBB_ACP_RCE\n\n2. CVE-2020-12077:\nMapPress Maps Pro RCE\nhttps://github.com/RandomRobbieBF/CVE-2020-12077", "creation_timestamp": "2023-09-12T11:00:38.000000Z"}, {"uuid": "133c8100-97de-4ebb-b122-890b465fe053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41362", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/948", "content": "#exploit\n1. CVE-2023-41362:\nMyBB Admin Panel RCE\nhttps://github.com/SorceryIE/CVE-2023-41362_MyBB_ACP_RCE\n\n2. CVE-2020-12077:\nMapPress Maps Pro RCE\nhttps://github.com/RandomRobbieBF/CVE-2020-12077", "creation_timestamp": "2024-08-16T08:24:28.000000Z"}]}