{"vulnerability": "cve-2023-2255", "sightings": [{"uuid": "598e437c-a2f0-46e2-b874-14127116b9db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2255", "type": "published-proof-of-concept", "source": "Telegram/pp3zaZuHAWmnA0kR0Tja0bjF9QWDV_Ck_mWcnSJpgSdDq38", "content": "", "creation_timestamp": "2025-04-08T23:00:05.000000Z"}, {"uuid": "e99338d1-4ab8-4d3e-8577-5ce12717f398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22551", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3900", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aReproduce CVE-2023-22551\nURL\uff1ahttps://github.com/viswagb/CVE-2023-22551\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-09T05:00:32.000000Z"}, {"uuid": "1602fc34-5511-445e-b484-80df5749b53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2255", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3121", "content": "25 Tools \ud83d\udd27 \ud83d\udd27 - Hackers Factory\n\n\u200b\u200bstratosphere\n\nA free and open source #OSINT platform that automatically collects every page you visit, building a private knowledge base you can analyze with Jupyter notebooks and an extensible suite of web apps including:\n\n\u2022 LinkedIn contacts and companies explorer: Explore previously browsed LinkedIn profiles and companies\n\u2022 Google search results: Review your past Google search results\n\u2022 vk.com contacts explorer: Explore previously seen vk.com contacts, highlighting their connections\n\u2022 Flows overview: Overview of web traffic intercepted in the last 10 minutes\n\nhttps://github.com/elehcimd/stratosphere\n\n#cybersecurity #infosec\n\n\u200b\u200bFreeroute\n\nA traffic router which can direct traffic to different gateways based on destination domain. It is designed to be used in conjunction with a VPN client such as OpenVPN, to allow traffic to be routed to the VPN or directly to the internet.\n\nhttps://github.com/admitrievsky/freeroute\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-2255\n\nRemote documents loaded without prompt via IFrame\n\nhttps://github.com/elweth-sec/CVE-2023-2255\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32235\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.\n\nhttps://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bEasyScan\n\nA Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.\n\nhttps://github.com/introvertmac/EasyScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCloudPrivs\n\nDetermine privileges from cloud credentials via brute-force testing.\n\nhttps://github.com/AbstractClass/CloudPrivs\n\n#infosec #pentesting #redteam\n\nBadZure\n\nBadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.\n\nhttps://github.com/mvelazc0/BadZure\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-3460\n\nUnauthorized admin access for Ultimate Member plugin POC.\n\nhttps://github.com/Fire-Null/CVE-2023-3460\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bNoSQL Injection\n\nThe Power of Secure Coding Practices: Safeguarding MongoDB Against Exploitation.\n\nhttps://github.com/kiliczsh/nosql-injection\n\n#cybersecurity #infosec\n\n\u200b\u200bFindmytakeover\n\nFind dangling domains in a multi cloud environment.\n\nhttps://github.com/anirudhbiyani/findmytakeover\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2023-35803\n\nPoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine.\n\nhttps://github.com/lachlan2k/CVE-2023-35803\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPerfExec Tooling PoC\n\nThe code is not super clean but project contains an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.\n\nhttps://github.com/0xthirteen/PerfExec\n\n#cybersecurity #infosec\n\n\u200b\u200bSharpDXWebcam \n\nUtilizing the DirectX and DShowNET assemblies to record video from the host's webcam.\n\nhttps://github.com/snovvcrash/SharpDXWebcam\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bDocumentSpark\n\nSimple secure document viewing server. Converts a document to a picture of its pages. Content disarm and reconstruction. CDR. Formerly p2. The CDR solution for BrowserBox Pro remote browser isolation.\n\nhttps://github.com/dosyago/documentspark\n\n#cybersecurity #infosec\n\n\u200b\u200bVenera Framework\n\nA tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits.\n\nhttps://github.com/farinap5/Venera\n\n#infosec #pentesting #redteam\n\n\u200b\u200bNavgix\n\nA multi-threaded golang tool that will check for nginx alias traversal vulnerabilities.\n\nhttps://github.com/hakaioffsec/navgix\n\n#infosec #pentesting #bugbounty\n\n1/2", "creation_timestamp": "2023-07-15T21:16:33.000000Z"}, {"uuid": "41a22301-0486-4562-a676-7a9d0d6c70bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2255", "type": "published-proof-of-concept", "source": "Telegram/MBo5r8zps0JS7_29sQ2y-EFz_1BTbbIfyJGAk2lYQ326dQ", "content": "", "creation_timestamp": "2023-07-13T14:42:25.000000Z"}, {"uuid": "6dead159-7912-4be1-848d-abe11aeee304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2255", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8650", "content": "#exploit\n1. CVE-2023-31998:\nVulnerability in EdgeRouters\u2019s and AirCube\u2019s\nhttps://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow\n\n2. CVE-2023-32235:\nGhost Path Traversal\nhttps://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-\n\n3. CVE-2023-2255:\nLibre Office -\u00a0Improper Access Control\nhttps://github.com/elweth-sec/CVE-2023-2255", "creation_timestamp": "2023-07-11T13:12:49.000000Z"}, {"uuid": "c5372eef-3b85-4ee5-ae00-48bd50525c85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2255", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3875", "content": "\ud83c\udf2a\ufe0f\u26a1250.8 Millions US Citizens Leak : https://system32.ink/250.8-millions-us-citizens-leak/\n\n\u2623\ufe0fMalcat (0.9.2 - 2023)  Download Free : https://system32.ink/malcat-0.9.2-2023-download-free/\n\n\ud83d\udca5\u26a1SatIntel - OSINT Tool For Satellites : https://system32.ink/satintel-osint-tool-for-satellites/\n\n\ud83d\udca9Pakistan Ministry of Finance Leak : https://system32.ink/pakistan-ministry-of-finance-leak-2022/\n\n\ud83d\udc7e\u26a1CVE-2023-2255 Exploit : https://system32.ink/%e2%80%8b%e2%80%8bcve-2023-2255-exploit/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fPoC Exploit for CVE-2023-35803 : https://system32.ink/poc-exploit-for-cve-2023-35803/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-13T14:40:41.000000Z"}, {"uuid": "805fd4f3-8dd5-40fb-903b-fe372dc63aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22551", "type": "seen", "source": "https://t.me/cibsecurity/55728", "content": "\u203c CVE-2023-22551 \u203c\n\nThe FTP (aka \"Implementation of a simple FTP client and server\") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-01T20:15:46.000000Z"}]}