{"vulnerability": "CVE-2023-4520", "sightings": [{"uuid": "00d76b8b-701c-4405-a134-0d7d958ab673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45208", "type": "seen", "source": "https://t.me/ap_security/120", "content": "\ud83c\udf10\u0420\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u0435\u043b\u044c \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 Wi-Fi D-Link \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442 OS injection \u0438 DoS-\u0430\u0442\u0430\u043a\u0443\n\n\ud83d\udde3\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2023-45208\n\n\ud83d\udde3\u0411\u0430\u0433 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435: \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043f\u0430\u0440\u0441\u0438\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b SSID, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435  ` , \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u044f \u0438\u0445 \u0437\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u044b\n\n\ud83d\udde3\u0422\u0430\u043a\u0436\u0435 \u0434\u0430\u043d\u043d\u044b\u0439 \u0431\u0430\u0433 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 parsing_xml_stasurvey \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS-\u0430\u0442\u0430\u043a\u0443\n\n#cve #itnews #infosec", "creation_timestamp": "2023-10-11T11:27:07.000000Z"}, {"uuid": "69f4177d-f82f-4be9-bfb9-616491de9ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45206", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15424", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45206\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)\n\ud83d\udccf Published: 2024-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T21:12:51.053Z\n\ud83d\udd17 References:\n1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\n2. https://wiki.zimbra.com/wiki/Security_Center\n3. https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "creation_timestamp": "2025-05-07T21:22:37.000000Z"}, {"uuid": "7e9b1013-87e2-4ddd-b31f-b54d8a6a8dd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45207", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9174", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45207\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)\n\ud83d\udccf Published: 2024-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T19:21:44.415Z\n\ud83d\udd17 References:\n1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\n2. https://wiki.zimbra.com/wiki/Security_Center\n3. https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "creation_timestamp": "2025-03-27T19:26:45.000000Z"}, {"uuid": "1e1858f6-504d-4c54-bee4-b037fa80c479", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45208", "type": "seen", "source": "https://t.me/ap_security/180", "content": "\ud83c\udf10\u0420\u0430\u0441\u0448\u0438\u0440\u0438\u0442\u0435\u043b\u044c \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 Wi-Fi D-Link \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442 OS injection \u0438 DoS-\u0430\u0442\u0430\u043a\u0443\n\n\ud83d\udde3\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0443\u044e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2023-45208\n\n\ud83d\udde3\u0411\u0430\u0433 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u0441\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435: \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043f\u0430\u0440\u0441\u0438\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b SSID, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435  ` , \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u044f \u0438\u0445 \u0437\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u044b\n\n\ud83d\udde3\u0422\u0430\u043a\u0436\u0435 \u0434\u0430\u043d\u043d\u044b\u0439 \u0431\u0430\u0433 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 parsing_xml_stasurvey \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS-\u0430\u0442\u0430\u043a\u0443\n\n#cve #itnews #infosec", "creation_timestamp": "2023-10-11T11:27:07.000000Z"}, {"uuid": "4a32d3da-0fea-4739-9be9-d028992748d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45201", "type": "seen", "source": "https://t.me/cibsecurity/73394", "content": "\u203c CVE-2023-45201 \u203c\n\nOnline Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities.\u00c2\u00a0The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T01:22:06.000000Z"}, {"uuid": "e817003a-4885-4e73-b57d-874b7cd9114a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45203", "type": "seen", "source": "https://t.me/cibsecurity/73392", "content": "\u203c CVE-2023-45203 \u203c\n\nOnline Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T01:22:05.000000Z"}, {"uuid": "87bb1aec-4ae5-4e30-8c31-b9ebbe97e033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45202", "type": "seen", "source": "https://t.me/cibsecurity/73390", "content": "\u203c CVE-2023-45202 \u203c\n\nOnline Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T01:22:03.000000Z"}, {"uuid": "bfa4d88c-5f00-4299-9415-ae8c66a14159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45208", "type": "seen", "source": "https://t.me/cibsecurity/71895", "content": "\u203c CVE-2023-45208 \u203c\n\nA command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T12:29:58.000000Z"}, {"uuid": "2a8f26f4-13af-4f0e-b579-7a4238ee92d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45207", "type": "seen", "source": "https://t.me/ctinow/183970", "content": "https://ift.tt/f91S3Wb\nCVE-2023-45207", "creation_timestamp": "2024-02-13T17:22:01.000000Z"}, {"uuid": "3a0cc18f-9272-4ba1-abdd-a43639ca08e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45206", "type": "seen", "source": "https://t.me/ctinow/183969", "content": "https://ift.tt/8eh9XvG\nCVE-2023-45206", "creation_timestamp": "2024-02-13T17:22:00.000000Z"}, {"uuid": "b021bb61-0bcd-40c2-b255-cb3cd42c6fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45204", "type": "seen", "source": "https://t.me/cibsecurity/71907", "content": "\u203c CVE-2023-45204 \u203c\n\nA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions &lt; V2201.0009), Tecnomatix Plant Simulation V2302 (All versions &lt; V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T14:30:11.000000Z"}, {"uuid": "d209c947-1e28-4ae0-a77c-69046a4864e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45208", "type": "seen", "source": "https://t.me/sysodmins/19686", "content": "\u0423\u0441\u0438\u043b\u0438\u0442\u0435\u043b\u0438 Wi-Fi \u0441\u0438\u0433\u043d\u0430\u043b\u0430 D-Link \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043f\u0435\u0440\u0435\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-45208 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u0443\u0441\u0438\u043b\u0438\u0442\u0435\u043b\u0435 Wi-Fi \u0441\u0438\u0433\u043d\u0430\u043b\u0430 D-Link DAP-X1860 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c DoS-\u0430\u0442\u0430\u043a\u0438 (\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438) \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u0414\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u0432\u044b\u043d\u0443\u0434\u0438\u0442\u044c \u0446\u0435\u043b\u0435\u0432\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e  \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u043f\u0443\u0442\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0434\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0435\u043c\u0430\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043d\u0430 \u0443\u0441\u0438\u043b\u0438\u0442\u0435\u043b\u044c \u0441\u0438\u0433\u043d\u0430\u043b\u0430 deauth-\u043f\u0430\u043a\u0435\u0442\u044b, \u0432\u044b\u043d\u0443\u0436\u0434\u0430\u044f \u0435\u0433\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043e\u0442 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435.\n\n\ud83d\udcde \u0422\u0430\u043a \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u0432\u044f\u0437\u0430\u0442\u044c\u0441\u044f \u0441 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0430\u043c\u0438 D-Link, \u043e\u043d\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e DAP-X1860 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a, \u043f\u0440\u0438\u0447\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0440\u044f\u0434 \u043b\u0438 \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0437\u0432\u0430\u0442\u044c \u0441\u043b\u043e\u0436\u043d\u043e\u0439.\n\n\u0422\u0438\u043f\u0438\u0447\u043d\u044b\u0439 \ud83e\udd78 \u0421\u0438\u0441\u0430\u0434\u043c\u0438\u043d", "creation_timestamp": "2023-10-11T01:31:58.000000Z"}]}