{"vulnerability": "CVE-2023-3386", "sightings": [{"uuid": "0987cd90-6a2d-4dc9-954b-cb56d5b7cd39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33865", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/442", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33865\n\ud83d\udd39 Description: RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.\n\ud83d\udccf Published: 2023-06-07T00:00:00\n\ud83d\udccf Modified: 2025-01-07T15:05:46.616Z\n\ud83d\udd17 References:\n1. https://renderdoc.org/\n2. https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt\n3. http://seclists.org/fulldisclosure/2023/Jun/2\n4. http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html\n5. https://lists.debian.org/debian-lts-announce/2023/07/msg00023.html\n6. https://security.gentoo.org/glsa/202311-10", "creation_timestamp": "2025-01-07T15:38:58.000000Z"}, {"uuid": "fd87a3d1-cbdb-4b8a-891e-3eed86e4b8e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33860", "type": "seen", "source": "https://t.me/cvedetector/549", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-33860 - IBM Security QRadar EDR 3.12 does not set the secu\", \n  \"Content\": \"CVE ID : CVE-2023-33860 \nPublished : July 10, 2024, 4:15 p.m. | 34\u00a0minutes ago \nDescription : IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.  IBM X-Force ID:  257702. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T18:53:04.000000Z"}, {"uuid": "5a4a9e28-d1b8-46d9-8905-eb6acc899e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33866", "type": "seen", "source": "https://t.me/cibsecurity/67009", "content": "\u203c CVE-2023-33866 \u203c\n\nA use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u00e2\u20ac\u2122s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T18:21:51.000000Z"}, {"uuid": "3df826fa-09f9-465a-9c3e-a66d3172ba59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33867", "type": "seen", "source": "https://t.me/cibsecurity/68306", "content": "\u203c CVE-2023-33867 \u203c\n\nImproper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T07:32:21.000000Z"}, {"uuid": "0b434036-ff02-47fe-8580-15ad36186f74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3386", "type": "seen", "source": "https://t.me/cibsecurity/68019", "content": "\u203c CVE-2023-3386 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:35.000000Z"}, {"uuid": "48e4ecc4-a9a3-4ee9-8cf8-c4bcad9e88df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33868", "type": "seen", "source": "https://t.me/cibsecurity/66170", "content": "\u203c CVE-2023-33868 \u203c\n\nThe number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T03:11:44.000000Z"}, {"uuid": "c79e9c1f-7075-4032-9eed-781c28dabaa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33863", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8454", "content": "#exploit\n1. CVE-2023-33865, CVE-2023-33864, CVE-2023-33863:\nLPE and RCE in RenderDoc\nhttps://seclists.org/fulldisclosure/2023/Jun/2\n\n2. CVE-2023-33829:\nSCM Manager XSS\nhttps://github.com/CKevens/CVE-2023-33829-POC", "creation_timestamp": "2023-06-08T12:39:13.000000Z"}, {"uuid": "3dc6ce38-1bf5-4106-bc42-17db873c1b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33865", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8454", "content": "#exploit\n1. CVE-2023-33865, CVE-2023-33864, CVE-2023-33863:\nLPE and RCE in RenderDoc\nhttps://seclists.org/fulldisclosure/2023/Jun/2\n\n2. CVE-2023-33829:\nSCM Manager XSS\nhttps://github.com/CKevens/CVE-2023-33829-POC", "creation_timestamp": "2023-06-08T12:39:13.000000Z"}, {"uuid": "b0e73c35-b936-4816-ad6e-6f7b9c7d21c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33864", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8454", "content": "#exploit\n1. CVE-2023-33865, CVE-2023-33864, CVE-2023-33863:\nLPE and RCE in RenderDoc\nhttps://seclists.org/fulldisclosure/2023/Jun/2\n\n2. CVE-2023-33829:\nSCM Manager XSS\nhttps://github.com/CKevens/CVE-2023-33829-POC", "creation_timestamp": "2023-06-08T12:39:13.000000Z"}]}