{"vulnerability": "CVE-2023-4244", "sightings": [{"uuid": "edaac423-176f-4822-95c1-c3ea86227d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4244", "type": "published-proof-of-concept", "source": "Telegram/T0mAG3Soo5eKinmx5VGkOo9m0i0SoMyMNSfYFp3431DA87M", "content": "", "creation_timestamp": "2025-04-17T09:46:30.000000Z"}, {"uuid": "502a5e53-0569-46ac-9652-0450d8245006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5413", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aJumpServer \u5821\u5792\u673a\u7efc\u5408\u6f0f\u6d1e\u5229\u7528, CVE-2023-42442 / CVE-2023-42820\nURL\uff1ahttps://github.com/tarimoe/blackjump\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-14T09:36:21.000000Z"}, {"uuid": "b1e1d298-9d08-4060-bd51-9f8df87af8c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5501", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-42442\nURL\uff1ahttps://github.com/C1ph3rX13/CVE-2023-42442\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-20T08:37:52.000000Z"}, {"uuid": "9ebe46cd-9705-46fa-a225-5faa7d9cb396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lxjl2u6yhk2e", "content": "", "creation_timestamp": "2025-08-29T07:49:10.706127Z"}, {"uuid": "16c80d9c-e3ee-4d59-a2d0-4db9649b1d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7317", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u5229\u7528\n\u63cf\u8ff0\uff1aJumpServer \u5821\u5792\u673a\u672a\u6388\u6743\u7efc\u5408\u6f0f\u6d1e\u5229\u7528, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021\nURL\uff1ahttps://github.com/tarihub/blackjump\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u5229\u7528", "creation_timestamp": "2024-05-16T07:44:30.000000Z"}, {"uuid": "49e273cc-a5fd-4340-a048-772df93d892b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18476", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-42445\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H)\n\ud83d\udd39 Description: Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.\n\ud83d\udccf Published: 2023-10-06T13:52:02.982Z\n\ud83d\udccf Modified: 2025-06-16T17:08:05.678Z\n\ud83d\udd17 References:\n1. https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8\n2. https://github.com/gradle/gradle/releases/tag/v7.6.3\n3. https://github.com/gradle/gradle/releases/tag/v8.4.0\n4. https://security.netapp.com/advisory/ntap-20231110-0006/", "creation_timestamp": "2025-06-16T17:37:48.000000Z"}, {"uuid": "c86745b6-8ae7-4206-aa51-6da60a1e8fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42445", "type": "seen", "source": "https://t.me/cibsecurity/71733", "content": "\u203c CVE-2023-42445 \u203c\n\nGradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T18:13:47.000000Z"}, {"uuid": "bb0c8098-d32b-4cce-9d4f-6267f2dcbf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3213", "content": "Hackers Factory \n\nInstagram-py performs slick brute force attack on Instagram without any type of password limiting\n\nand also resumes your attack in ease.\n\n\u2014DeathSec\n\nhttps://github.com/deathsec/instagram-py\n\nAn open-source self-hosted purple team management web application.\n\nhttps://github.com/CyberCX-STA/PurpleOps?mibextid=Zxz2cZ\n\nJust some lists of Malware Configs\n\nhttps://github.com/Gi7w0rm/MalwareConfigLists\n\na unique vocabulary that is 90% generated with OpenAI ChatGPT.\n\nhttps://github.com/reewardius/bbFuzzing.txt\n\nCVE-2023-20209\n\nhttps://github.com/0x41-Researcher/CVE-2023-20209\n\nOfficial repo for GPTFUZZER : Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts\n\nhttps://github.com/sherdencooper/GPTFuzz\n\nAttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details\n\nhttps://github.com/mrwadams/attackgen\n\nA Proof-Of-Concept for the CVE-2023-43770 vulnerability.\n\nhttps://github.com/s3cb0y/CVE-2023-43770-POC\n\nreverse shell using curl\n\nhttps://github.com/irsl/curlshell\n\nCVE-2023-42820\n\nhttps://github.com/h4m5t/CVE-2023-42820\n\nGoCrack is a management frontend for password cracking tools written in Go\n\nhttps://github.com/mandiant/gocrack\n\nAsk a TGS on behalf of another user without password\n\nhttps://github.com/foxlox/GIUDA\n\nCVE-2023-42442\n\nhttps://github.com/HolyGu/CVE-2023-42442\n\nBypass the Event Trace Windows(ETW) and unhook ntdll.\n\nhttps://github.com/unkvolism/Fuck-Etw\n\nMicrosoft SharePoint Server Elevation of Privilege Vulnerability\n\nhttps://github.com/Chocapikk/CVE-2023-29357\n\nDorks-collections-list/onion.txt at main \u00b7 cipher387/Dorks-collections-list\n\nhttps://github.com/cipher387/Dorks-collections-list/blob/main/onion.txt\n\n#infosec #cybersecurity #hackersfactory\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-10-10T20:32:25.000000Z"}, {"uuid": "5e4cbe16-2fad-43e7-a009-30972c33f403", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42448", "type": "seen", "source": "https://t.me/cibsecurity/71620", "content": "\u203c CVE-2023-42448 \u203c\n\nHydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to be performed in the `checkClose` function of the head validator. This would allow a malicious participant to modify the contestation deadline of the head to either allow them to fanout the head without giving another participant the chance to contest, or prevent any participant from ever redistributing the funds locked in the head via a fan-out. Version 0.13.0 contains a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T22:12:09.000000Z"}, {"uuid": "15ab5255-3758-4776-aa0f-21329b8c9020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42449", "type": "seen", "source": "https://t.me/cibsecurity/71646", "content": "\u203c CVE-2023-42449 \u203c\n\nHydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`.During the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom).The malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT.Version 0.13.0 fixes this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-05T00:13:41.000000Z"}, {"uuid": "8caad698-68e0-45ba-b533-435888593f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42447", "type": "seen", "source": "https://t.me/cibsecurity/70723", "content": "\u203c CVE-2023-42447 \u203c\n\nblurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T18:29:24.000000Z"}, {"uuid": "73a249b3-0373-42f2-a960-8a09e0da8539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42446", "type": "seen", "source": "https://t.me/cibsecurity/70691", "content": "\u203c CVE-2023-42446 \u203c\n\nPow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T02:28:50.000000Z"}, {"uuid": "bf59a4b9-c024-4c03-bdde-66e300a07793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42444", "type": "seen", "source": "https://t.me/cibsecurity/70726", "content": "\u203c CVE-2023-42444 \u203c\n\nphonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T18:29:27.000000Z"}, {"uuid": "c1fb5e36-b5de-4c82-8adf-db3763ffe57e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42443", "type": "seen", "source": "https://t.me/cibsecurity/70680", "content": "\u203c CVE-2023-42443 \u203c\n\nVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T00:28:50.000000Z"}, {"uuid": "4220b82d-0c31-44b9-8620-1b10eb05b530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9109", "content": "#exploit\n1. CVE-2023-42442:\nJumpServer unauthorized access vulnerability\nhttps://github.com/HolyGu/CVE-2023-42442\n\n2. CVE-2023-43770:\nRoundcube allows XSS via text/plain e-mail messages\nhttps://github.com/s3cb0y/CVE-2023-43770-POC", "creation_timestamp": "2024-02-03T03:56:47.000000Z"}, {"uuid": "fce90084-e5d8-4322-b870-041211a7290b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42441", "type": "seen", "source": "https://t.me/cibsecurity/70677", "content": "\u203c CVE-2023-42441 \u203c\n\nVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant(\"\")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T00:28:47.000000Z"}, {"uuid": "4e479f9e-e343-4578-93a9-ef423cb0f702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-42442", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1153", "content": "#exploit\n1. CVE-2023-42442:\nJumpServer unauthorized access vulnerability\nhttps://github.com/HolyGu/CVE-2023-42442\n\n2. CVE-2023-43770:\nRoundcube allows XSS via text/plain e-mail messages\nhttps://github.com/s3cb0y/CVE-2023-43770-POC\n\n3. CVE-2023-42820:\nJumpServer - Random seed leakage results in the user password being reset\nhttps://github.com/h4m5t/CVE-2023-42820", "creation_timestamp": "2024-08-16T08:30:20.000000Z"}]}