{"vulnerability": "CVE-2023-4427", "sightings": [{"uuid": "c3e7d794-f9d2-4b3c-8dea-cd306ec4ae1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/138", "content": "Tools - Hackers Factory \n\nPoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers\n\nhttps://github.com/persistent-security/SMShell\n\nLinux anti-debugging and anti-analysis rust library\n\nhttps://github.com/0xor0ne/debugoff\n\nNuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)\n\nhttps://github.com/kaanatmacaa/CVE-2024-23897\n\nCVE-2023-4427\n\nhttps://github.com/tianstcht/CVE-2023-4427\n\nDisable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)\n\nhttps://github.com/EvilGreys/Disable-Windows-Defender-\n\nA repo for TPM sniffing greatness\n\nhttps://github.com/NoobieDog/TPM-Sniffing\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nSecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably.\n\nhttps://github.com/x011/SecretPixel\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nThe code that wasn\u2019t there: Reading memory on an Android device by accident\n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/\n\n#HackersFactory", "creation_timestamp": "2024-06-17T13:55:39.000000Z"}, {"uuid": "fb326e8a-83d7-476f-befe-e2e7bb95cf81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44270", "type": "seen", "source": "https://gist.github.com/ABartelt/3b53780c272d06c4063cad9330eb4f50", "content": "", "creation_timestamp": "2025-11-12T15:46:39.000000Z"}, {"uuid": "b8c7aed9-9f12-4987-837b-6b7757e8552b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44270", "type": "seen", "source": "https://t.me/arpsyndicate/274", "content": "#ExploitObserverAlert\n\nCVE-2023-44270\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-44270. An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.\n\nFIRST-EPSS: 0.000520000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-11-19T15:26:54.000000Z"}, {"uuid": "697b9927-45e0-4921-8bf1-5b422655f8af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/2354", "content": "Tools - Hackers Factory \n\nPoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers\n\nhttps://github.com/persistent-security/SMShell\n\nLinux anti-debugging and anti-analysis rust library\n\nhttps://github.com/0xor0ne/debugoff\n\nNuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)\n\nhttps://github.com/kaanatmacaa/CVE-2024-23897\n\nCVE-2023-4427\n\nhttps://github.com/tianstcht/CVE-2023-4427\n\nDisable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)\n\nhttps://github.com/EvilGreys/Disable-Windows-Defender-\n\nA repo for TPM sniffing greatness\n\nhttps://github.com/NoobieDog/TPM-Sniffing\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nSecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably.\n\nhttps://github.com/x011/SecretPixel\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nThe code that wasn\u2019t there: Reading memory on an Android device by accident\n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/\n\n#HackersFactory", "creation_timestamp": "2024-02-12T11:50:19.000000Z"}, {"uuid": "3dfabb96-0f73-4aa1-923b-f33f04f8cbfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3228", "content": "Tools - Hackers Factory \n\nPoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers\n\nhttps://github.com/persistent-security/SMShell\n\nLinux anti-debugging and anti-analysis rust library\n\nhttps://github.com/0xor0ne/debugoff\n\nNuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)\n\nhttps://github.com/kaanatmacaa/CVE-2024-23897\n\nCVE-2023-4427\n\nhttps://github.com/tianstcht/CVE-2023-4427\n\nDisable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)\n\nhttps://github.com/EvilGreys/Disable-Windows-Defender-\n\nA repo for TPM sniffing greatness\n\nhttps://github.com/NoobieDog/TPM-Sniffing\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nSecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably.\n\nhttps://github.com/x011/SecretPixel\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nThe code that wasn\u2019t there: Reading memory on an Android device by accident\n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/\n\n#HackersFactory", "creation_timestamp": "2024-02-28T03:46:02.000000Z"}, {"uuid": "501c7373-e0f1-414a-88cf-ca3d8639d306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/6627", "content": "Tools - Hackers Factory \n\nPoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers\n\nhttps://github.com/persistent-security/SMShell\n\nLinux anti-debugging and anti-analysis rust library\n\nhttps://github.com/0xor0ne/debugoff\n\nNuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)\n\nhttps://github.com/kaanatmacaa/CVE-2024-23897\n\nCVE-2023-4427\n\nhttps://github.com/tianstcht/CVE-2023-4427\n\nDisable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)\n\nhttps://github.com/EvilGreys/Disable-Windows-Defender-\n\nA repo for TPM sniffing greatness\n\nhttps://github.com/NoobieDog/TPM-Sniffing\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nSecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably.\n\nhttps://github.com/x011/SecretPixel\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nThe code that wasn\u2019t there: Reading memory on an Android device by accident\n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/\n\n#HackersFactory", "creation_timestamp": "2024-02-12T11:50:19.000000Z"}, {"uuid": "94ce955a-f990-46d6-8b29-cad55b956c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44272", "type": "seen", "source": "https://t.me/cibsecurity/71548", "content": "\u203c CVE-2023-44272 \u203c\n\nA cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T12:11:43.000000Z"}, {"uuid": "f5faae10-dad7-433b-9292-59f946afd93b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/24494", "content": "Tools - Hackers Factory \n\nPoC for a SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers\n\nhttps://github.com/persistent-security/SMShell\n\nLinux anti-debugging and anti-analysis rust library\n\nhttps://github.com/0xor0ne/debugoff\n\nNuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)\n\nhttps://github.com/kaanatmacaa/CVE-2024-23897\n\nCVE-2023-4427\n\nhttps://github.com/tianstcht/CVE-2023-4427\n\nDisable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)\n\nhttps://github.com/EvilGreys/Disable-Windows-Defender-\n\nA repo for TPM sniffing greatness\n\nhttps://github.com/NoobieDog/TPM-Sniffing\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nSecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the realm of digital steganography by combining advanced encryption, compression, and a seeded Least Significant Bit (LSB) technique to provide a robust solution for embedding data undetectably.\n\nhttps://github.com/x011/SecretPixel\n\nSmall toolkit for extracting information and dumping sensitive strings from Windows processes\n\nhttps://github.com/mlcsec/proctools\n\nThe code that wasn\u2019t there: Reading memory on an Android device by accident\n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/\n\n#HackersFactory", "creation_timestamp": "2024-02-08T09:31:36.000000Z"}, {"uuid": "039ea2fb-95d7-433f-8f0a-2f35cd8cd77a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44275", "type": "seen", "source": "https://t.me/cibsecurity/71179", "content": "\u203c CVE-2023-44275 \u203c\n\nOPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T12:46:38.000000Z"}, {"uuid": "bc406b70-d35e-485d-b779-5b4f5b4b9e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44273", "type": "seen", "source": "https://t.me/cibsecurity/71174", "content": "\u203c CVE-2023-44273 \u203c\n\nConsensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T07:49:41.000000Z"}, {"uuid": "9ab3ff9f-86e4-4b30-ac13-b3f6bf292c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44276", "type": "seen", "source": "https://t.me/cibsecurity/71181", "content": "\u203c CVE-2023-44276 \u203c\n\nOPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-28T12:49:40.000000Z"}, {"uuid": "3c950d76-53be-47de-ba81-8d087c2f0633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44278", "type": "seen", "source": "https://t.me/ctinow/166324", "content": "https://ift.tt/MAGSTPk\nCVE-2023-44278 | Dell PowerProtect DD path traversal (dsa-2023-412)", "creation_timestamp": "2024-01-11T07:21:50.000000Z"}, {"uuid": "9008d6a4-5ba1-47c7-8db8-fa98782fc618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44279", "type": "seen", "source": "https://t.me/ctinow/166325", "content": "https://ift.tt/f25X7dk\nCVE-2023-44279 | Dell PowerProtect DD Administrator CLI os command injection (dsa-2023-412)", "creation_timestamp": "2024-01-11T07:21:51.000000Z"}, {"uuid": "72165c4d-5acb-426c-845f-e2ce6b6172e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "seen", "source": "https://t.me/ctinow/179823", "content": "https://ift.tt/7ZNfc6G\nCVE-2023-4427 Exploit", "creation_timestamp": "2024-02-06T08:16:13.000000Z"}, {"uuid": "c705ebb9-6414-4419-93e9-3dc84d2d4fbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44275", "type": "seen", "source": "https://t.me/Rootsec_2/1716", "content": "#exploit\n#Threat_Research\n1. Cisco IOS XE system WebUI unauthorized command execution vulnerability analysis\nhttps://paper.seebug.org/3072\n\n2. CVE-2023-44275/CVE-2023-44276:\nVulnerabilities in OPNsense\n(FreeBSD-based firewall routing OS)\nhttps://x41-dsec.de/lab/advisories/x41-2023-001-opnsense", "creation_timestamp": "2024-08-16T08:45:54.000000Z"}, {"uuid": "40b70a9f-0a7a-4e69-830e-ff437dbf1adf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9167", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2023-10-09T10:58:01.000000Z"}, {"uuid": "cf6f99ad-7cd2-4b69-b843-7f6e59e9078c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44276", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/9389", "content": "#exploit\n#Threat_Research\n1. Cisco IOS XE system WebUI unauthorized command execution vulnerability analysis\nhttps://paper.seebug.org/3072\n\n2. CVE-2023-44275/CVE-2023-44276:\nVulnerabilities in OPNsense\n(FreeBSD-based firewall routing OS)\nhttps://x41-dsec.de/lab/advisories/x41-2023-001-opnsense", "creation_timestamp": "2023-11-13T19:21:30.000000Z"}, {"uuid": "e479b489-fd4f-4afd-b680-9b2d53adfa06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44275", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/9389", "content": "#exploit\n#Threat_Research\n1. Cisco IOS XE system WebUI unauthorized command execution vulnerability analysis\nhttps://paper.seebug.org/3072\n\n2. CVE-2023-44275/CVE-2023-44276:\nVulnerabilities in OPNsense\n(FreeBSD-based firewall routing OS)\nhttps://x41-dsec.de/lab/advisories/x41-2023-001-opnsense", "creation_timestamp": "2023-11-13T19:21:30.000000Z"}, {"uuid": "6598ac27-d892-42c9-a233-ceadb03f7286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9928", "content": "#exploit\n1. CVE-2023-4427:\nOut of bounds memory access in V8\nhttps://github.com/tianstcht/CVE-2023-4427\n]-> https://bugs.chromium.org/p/project-zero/issues/detail?id=2477\n\n2. CVE-2023-43261:\nMilesight IoT router UR5X, UR32L, UR32/35/41 Credential Leakage\nhttps://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html", "creation_timestamp": "2024-02-07T19:10:54.000000Z"}, {"uuid": "1c53505e-81ab-483b-9b22-97e9359dc8f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4427", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1305", "content": "#exploit\n1. CVE-2023-4427:\nChrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access\nhttps://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\n\n2. Unmasking Scudo's Defenses\nhttps://www.synacktiv.com/en/publications/behind-the-shield-unmasking-scudos-defenses\n\n3. CVE-2023-38501:\nXSS in copyparty package <1.8.7\nhttps://github.com/codeb0ss/CVE-2023-38501-Exploit", "creation_timestamp": "2024-08-16T08:32:35.000000Z"}, {"uuid": "a4425115-b14f-4d47-8cc4-413de7add418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44276", "type": "seen", "source": "https://t.me/Rootsec_2/1716", "content": "#exploit\n#Threat_Research\n1. Cisco IOS XE system WebUI unauthorized command execution vulnerability analysis\nhttps://paper.seebug.org/3072\n\n2. CVE-2023-44275/CVE-2023-44276:\nVulnerabilities in OPNsense\n(FreeBSD-based firewall routing OS)\nhttps://x41-dsec.de/lab/advisories/x41-2023-001-opnsense", "creation_timestamp": "2024-08-16T08:45:54.000000Z"}]}