{"vulnerability": "CVE-2023-4900", "sightings": [{"uuid": "7ff367d5-4c0d-4640-b90e-a82ab15999b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49004", "type": "seen", "source": "https://t.me/ctinow/156986", "content": "https://ift.tt/3CRaHYJ\nCVE-2023-49004", "creation_timestamp": "2023-12-20T13:53:18.000000Z"}, {"uuid": "3a395368-5c4f-43d9-a468-de08e72802d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49000", "type": "seen", "source": "https://t.me/arpsyndicate/2246", "content": "#ExploitObserverAlert\n\nCVE-2023-49000\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49000. An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component.", "creation_timestamp": "2023-12-29T12:06:10.000000Z"}, {"uuid": "e3a1b478-c773-4c29-b420-a7c123097da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49002", "type": "seen", "source": "https://t.me/arpsyndicate/2228", "content": "#ExploitObserverAlert\n\nCVE-2023-49002\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49002. An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity.", "creation_timestamp": "2023-12-29T09:54:03.000000Z"}, {"uuid": "062d245c-9e78-48a7-8501-8e7f139cbc14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49003", "type": "seen", "source": "https://t.me/arpsyndicate/2214", "content": "#ExploitObserverAlert\n\nCVE-2023-49003\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49003. An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity.", "creation_timestamp": "2023-12-29T08:28:55.000000Z"}, {"uuid": "4c1e46d9-531b-4fd2-a536-0e2b692347f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49001", "type": "seen", "source": "https://t.me/arpsyndicate/2216", "content": "#ExploitObserverAlert\n\nCVE-2023-49001\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-49001. An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component.", "creation_timestamp": "2023-12-29T08:43:10.000000Z"}, {"uuid": "0515ca9a-c893-4eca-a015-fbfb7e604406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4900", "type": "seen", "source": "https://t.me/cibsecurity/70358", "content": "\u203c CVE-2023-4900 \u203c\n\nInappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-13T00:23:24.000000Z"}, {"uuid": "19726c70-fc43-4ace-9d14-9dd9ca6d04e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49000", "type": "seen", "source": "https://t.me/ctinow/170269", "content": "https://ift.tt/UY7dz0v\nCVE-2023-49000 | ArtistScope ArtisBrowser up to 34.1.5 com.artis.browser.IntentReceiverActivity code injection", "creation_timestamp": "2024-01-19T16:41:54.000000Z"}, {"uuid": "4e43e553-9265-4d56-903b-011ea6fd0e64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49002", "type": "seen", "source": "https://t.me/ctinow/170260", "content": "https://ift.tt/1aj5FxQ\nCVE-2023-49002 | Xenom Phone Dialer-voice Call Dialer 1.2.5 access control", "creation_timestamp": "2024-01-19T16:12:01.000000Z"}, {"uuid": "8619361b-f7ec-43b1-886e-d22f36173844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49004", "type": "seen", "source": "https://t.me/ctinow/167808", "content": "https://ift.tt/Cp1GEWM\nCVE-2023-49004 | D-Link DIR-850L B1_FW223WWb01 en code injection", "creation_timestamp": "2024-01-13T11:51:45.000000Z"}, {"uuid": "6238a752-bb91-44c4-b996-a6e1c25d833a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49006", "type": "seen", "source": "https://t.me/ctinow/161934", "content": "https://ift.tt/lBM5ybh\nCVE-2023-49006 Exploit", "creation_timestamp": "2024-01-02T18:16:22.000000Z"}, {"uuid": "1d35385c-f152-4b84-b058-f24053fd5722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49006", "type": "seen", "source": "https://t.me/ctinow/167305", "content": "https://ift.tt/kS9mpcz\nCVE-2023-49006 | Phpsysinfo 3.4.3 XML.php cross-site request forgery", "creation_timestamp": "2024-01-12T15:11:37.000000Z"}, {"uuid": "c43fd7c4-4ced-4153-ba9e-b10cb8784268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49007", "type": "seen", "source": "https://t.me/ctinow/161110", "content": "https://ift.tt/d5LqySz\nCVE-2023-49007 | Netgear Orbi RBR750 prior 7.2.6.21 /usr/sbin/httpd stack-based overflow", "creation_timestamp": "2023-12-31T15:16:44.000000Z"}, {"uuid": "ca35ff90-4b8e-47b7-bbf3-1cf5a4e40ddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49003", "type": "seen", "source": "https://t.me/ctinow/159837", "content": "https://ift.tt/kjnegYl\nCVE-2023-49003", "creation_timestamp": "2023-12-27T23:26:10.000000Z"}, {"uuid": "51fa504a-6d53-406f-964f-cfc426c2be96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49002", "type": "seen", "source": "https://t.me/ctinow/159836", "content": "https://ift.tt/39yZkgE\nCVE-2023-49002", "creation_timestamp": "2023-12-27T23:26:09.000000Z"}, {"uuid": "146ca9fb-5b00-4155-916a-c590719b6f34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49001", "type": "seen", "source": "https://t.me/ctinow/159835", "content": "https://ift.tt/DpiTLVO\nCVE-2023-49001", "creation_timestamp": "2023-12-27T23:26:08.000000Z"}, {"uuid": "48c4ebc5-35b8-4483-8d6d-72286b2014ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49000", "type": "seen", "source": "https://t.me/ctinow/159834", "content": "https://ift.tt/8BrLAcK\nCVE-2023-49000", "creation_timestamp": "2023-12-27T23:26:07.000000Z"}, {"uuid": "3ac2dd0b-f21a-48ee-bb05-40df14d5e1eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49003", "type": "seen", "source": "https://t.me/ctinow/163227", "content": "https://ift.tt/C6VHZFO\nCVE-2023-49003 Exploit", "creation_timestamp": "2024-01-04T21:22:00.000000Z"}, {"uuid": "f5283804-d4fb-4e6f-a45a-261662028fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49002", "type": "seen", "source": "https://t.me/ctinow/163667", "content": "https://ift.tt/Ly8MKCQ\nCVE-2023-49002 Exploit", "creation_timestamp": "2024-01-05T19:17:24.000000Z"}, {"uuid": "e9153bc6-2d43-4778-8a76-537d1f7557c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49006", "type": "seen", "source": "https://t.me/kasraone_com/633", "content": "\ud83d\udd34 CVE-2023-49006\n\n\n\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc Cross Site Request Forgery (CSRF) \u062f\u0631 Phpsysinfo \u0646\u0633\u062e\u0647 3.4.3 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0635\u0641\u062d\u0647 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u0634\u062f\u0647 \u062f\u0631 \u0641\u0627\u06cc\u0644 XML.php \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f.\n\nphpsysinfo v3.4.3\n\u062f\u0627\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc JSONP \u0627\u0633\u062a. \u0641\u0627\u06cc\u0644 XML.php \u062f\u0627\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc JSONP hijacking \u0627\u0633\u062a. \u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631 \u0627\u0632 \u0635\u0641\u062d\u0647 \u0627\u06cc \u0628\u0627\u0632\u062f\u06cc\u062f \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0628\u0627 \u062f\u0642\u062a \u062a\u0648\u0633\u0637 \u0645\u0647\u0627\u062c\u0645 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc JSON \u0628\u0647 \u062f\u0633\u062a \u0645\u06cc \u0622\u06cc\u062f \u0648 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc \u0634\u0648\u062f.\n\u062d\u0627\u0644\u0627 \u0641\u0631\u0622\u06cc\u0646\u062f\u0647 \u0627\u06cc\u0646 \u062d\u0645\u0644\u0647 \u0686\u0637\u0648\u0631\u06cc \u0627\u0633\u062a \u061f\n\u0628\u0647 \u0633\u0627\u062f\u06af\u06cc \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 PHP \u0628\u0631\u0627\u06cc \u0627\u0631\u0633\u0627\u0644 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc JSON \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u0634\u062f\u0647 \u0628\u0647 \u0633\u0631\u0648\u0631 \u062e\u0648\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 XMLHttpRequest \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f.\n\n\u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u06a9\u062f HTML \u0628\u0631\u0627\u06cc \u0627\u062b\u0628\u0627\u062a \u0641\u0627\u06cc\u0644 \u0645\u0641\u0647\u0648\u0645\u06cc \u0622\u0645\u062f\u0647 \u0627\u0633\u062a:\n\n \n \n \n \n \n \n \n \n \nfunction dezsbrxdio(data){ alert(JSON.stringify(data)); } \n \n\n \n\n\n\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2661 \u2800\u2800 \u3007\u2800\u00a0 \u2800 \u2399\u2800\u200c \u200c \u2332\u2063 \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u02e1\u2071\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 K1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kasraone", "creation_timestamp": "2024-01-04T10:30:25.000000Z"}]}