{"vulnerability": "CVE-2022-33891", "sightings": [{"uuid": "7bedcf66-91f8-4a7f-b828-ab8334270fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "38f23d2d-f8f5-49a6-b10c-11e29a218b6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971773", "content": "", "creation_timestamp": "2024-12-24T20:33:53.477766Z"}, {"uuid": "48917322-b669-476d-86da-666fa0a65dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "863f315a-2d33-4e34-9627-aeabb2e9c8b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "Telegram/jnL18d3PegnC8FPQiJU_eGrU92uG_tStHPpH-7KpwY-uRtM", "content": "", "creation_timestamp": "2023-03-08T22:48:21.000000Z"}, {"uuid": "0d862192-dc4e-4c15-914e-d9e3f517cc53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-12)", "content": "", "creation_timestamp": "2025-01-12T00:00:00.000000Z"}, {"uuid": "cd575755-c9af-4c91-b55e-f4ae249b1461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:47.000000Z"}, {"uuid": "eeafcd72-7915-4881-bf01-f763bc93cd25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:38.000000Z"}, {"uuid": "6d32bb7f-e93e-4608-a2ab-45d0fed3094e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb", "content": "", "creation_timestamp": "2022-09-07T18:47:19.000000Z"}, {"uuid": "e18fec98-538b-46ee-ad86-13ae964c55da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-12-18)", "content": "", "creation_timestamp": "2025-12-18T00:00:00.000000Z"}, {"uuid": "e6bbbc1b-ed4c-4175-b781-3bf12d670bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a7d834dd-efbf-4d2d-ac58-7b8b6df8de68", "content": "", "creation_timestamp": "2026-02-02T12:27:04.264131Z"}, {"uuid": "2f18bc0a-d1ae-425e-b682-c503704d66ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "https://t.me/cKure/13279", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Hackers use PoC exploits in attacks 22 minutes after release.\n\nDuring the examined period, the most targeted flaws were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203 and CVE-2023-26360 in Coldfusion, and CVE-2023-35082 in MobileIron.\n\nA characteristic example of the rise in the speed of weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity.\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/\n\nhttps://blog.cloudflare.com/application-security-report-2024-update\n\nhttps://www.cloudflare.com/en-gb/2024-application-security-trends/", "creation_timestamp": "2024-07-13T20:21:42.000000Z"}, {"uuid": "d545127b-d9f8-4f9b-a9d4-233d3a1c1a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3564", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aFor CVE-2022-33891 Apache Spark: Emulation and Detection by West Shepherd\nURL\uff1ahttps://github.com/ps-interactive/lab_security_apache_spark_emulation_detection\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-06T23:52:54.000000Z"}, {"uuid": "7e7d4dc1-70ac-4c34-8328-fc3053466b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6659", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aA PoC exploit for CVE-2022-33891 - Apache Spark UI Remote Code Execution (RCE)\nURL\uff1ahttps://github.com/K3ysTr0K3R/CVE-2022-33891-EXPLOIT\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-02-22T16:32:55.000000Z"}, {"uuid": "5148e2cf-52bb-49a0-b227-9bffb729895b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/20", "content": "https://github.com/west-wind/CVE-2022-33891", "creation_timestamp": "2022-07-24T20:16:24.000000Z"}, {"uuid": "85f3489d-15c8-409e-a48a-ee0e010c8f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/19", "content": "Apache Spark Command Injection PoC Exploit for CVE-2022-33891", "creation_timestamp": "2022-07-24T20:16:05.000000Z"}, {"uuid": "527f6414-e9a1-4801-b240-00678f721f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3063", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aApache Spark RCE - CVE-2022-33891\nURL\uff1ahttps://github.com/Vulnmachines/Apache-spark-CVE-2022-33891\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-30T12:52:10.000000Z"}, {"uuid": "55d056d9-9310-4b3e-8a0f-9579c4e8f390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-06)", "content": "", "creation_timestamp": "2025-03-06T00:00:00.000000Z"}, {"uuid": "12fa6eca-38b3-4314-be70-6edea8e82a82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-10)", "content": "", "creation_timestamp": "2025-05-10T00:00:00.000000Z"}, {"uuid": "96f7a078-4d11-4724-b2f7-381dd191d60e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/apache_spark_cve_2022_33891", "content": "", "creation_timestamp": "2024-03-27T03:55:55.000000Z"}, {"uuid": "42dfa870-ebc5-4cdf-8648-eb4eb5336dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9995", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-33891: Apache Spark Shell Command Injection Vulnerability\n\nA Python POC for exploiting the Apache Spark Shell Command Injection vulnerability. I saw some other POCs out there but they looked mega sus. This one is clean and simple.\n\nhttps://github.com/HuskyHacks/cve-2022-33891", "creation_timestamp": "2022-07-21T20:27:56.000000Z"}, {"uuid": "4b435669-16c5-42c8-903e-d02e5e633c12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/AfroHax/864", "content": "https://github.com/AmoloHT/CVE-2022-33891", "creation_timestamp": "2022-10-26T19:56:47.000000Z"}, {"uuid": "a239e4ce-6ceb-4977-b46c-d20fdffd25a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2831", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1a\u300c\ud83d\udca5\u300dCVE-2022-33891 - Apache Spark Command Injection \nURL\uff1ahttps://github.com/XmasSnowISBACK/CVE-2022-33891\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-02T18:44:48.000000Z"}, {"uuid": "9cd14121-db2f-4094-8f1a-8f558ede5bf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2776", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1a\u547d\u4ee4\u6ce8\u5165\n\u63cf\u8ff0\uff1aCVE-2022-33891 Apache Spark shell\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\nURL\uff1ahttps://github.com/JonathanZhou348/CVE-2022-33891\n\n\u6807\u7b7e\uff1a#\u547d\u4ee4\u6ce8\u5165", "creation_timestamp": "2022-07-26T07:37:05.000000Z"}, {"uuid": "893dc29b-fa68-4c2d-82cc-ca4f978b2fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2812", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1a\u300c\ud83d\udca5\u300dCVE-2022-33891 - Apache Spark Shell Command Injection\nURL\uff1ahttps://github.com/AmoloHT/CVE-2022-33891\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-31T04:40:47.000000Z"}, {"uuid": "9bcd42c5-f3ca-4866-939f-5c68412d4bc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2741", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for CVE-2022-33891\nURL\uff1ahttps://github.com/west-wind/CVE-2022-33891\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-20T05:02:44.000000Z"}, {"uuid": "094af246-f50d-4c3e-ba92-6ae0e88cd84b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2740", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for CVE-2022-33891\nURL\uff1ahttps://github.com/west-wind/CVE-2022-33891-POC\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-19T21:54:38.000000Z"}, {"uuid": "6db8b105-63ea-4b03-921d-f02531a69dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2936", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-33891 Exploit For Apache Spark\nURL\uff1ahttps://github.com/DrLinuxOfficial/CVE-2022-33891\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-19T06:19:44.000000Z"}, {"uuid": "ddabd192-9dcd-497c-afc5-dabb8261e846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "Telegram/eXJ6uhsB4kT2KyMwIIgJLCK6BJUbaFQ2cqtfVl9phdXYTZg", "content": "", "creation_timestamp": "2023-03-06T19:04:24.000000Z"}, {"uuid": "9e516dd7-70c9-4a1c-a71e-1455cc5a225b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "https://t.me/KomunitiSiber/30", "content": "CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems\nhttps://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has\u00a0added\u00a0three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThe list of vulnerabilities is below -\n\nCVE-2022-35914\u00a0(CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability\nCVE-2022-33891\u00a0(CVSS score: 8.8) - Apache Spark Command Injection Vulnerability", "creation_timestamp": "2023-03-08T18:01:32.000000Z"}, {"uuid": "a02e6d1f-0f1d-4643-bc7b-7a98b2993f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/arpsyndicate/622", "content": "#ExploitObserverAlert\n\nCVE-2022-33891\n\nDESCRIPTION: Exploit Observer has 40 entries related to CVE-2022-33891. The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.\n\nFIRST-EPSS: 0.965350000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-11-28T00:38:10.000000Z"}, {"uuid": "cdeade8e-8ca7-43bb-bd2a-ef0665a88ded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/legendscrewch/2789", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:48.000000Z"}, {"uuid": "baf90ab4-f51b-4ba7-a734-3beb9717cfa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "Telegram/BnM5S5zNNeaAgZhmsQ5GC58SGsVwUigmzA5S5tsXcbsUcw", "content": "", "creation_timestamp": "2022-07-19T12:12:47.000000Z"}, {"uuid": "8861911d-7bc7-4ad3-8176-685ceb230286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/AnonCyberWarrior/329", "content": "\ud835\udc1a\ud835\udc29\ud835\udc1a\ud835\udc1c\ud835\udc21\ud835\udc1e \ud835\udc2c\ud835\udc29\ud835\udc1a\ud835\udc2b\ud835\udc24 \ud835\udc1c\ud835\udc28\ud835\udc26\ud835\udc26\ud835\udc1a\ud835\udc27\ud835\udc1d \ud835\udc22\ud835\udc27\ud835\udc23\ud835\udc1e\ud835\udc1c\ud835\udc2d\ud835\udc22\ud835\udc28\ud835\udc27\n[CVE-2022-33891]\n\n \ud835\udc03\ud835\udc28\ud835\udc30\ud835\udc27\ud835\udc25\ud835\udc28\ud835\udc1a\ud835\udc1d \ud835\udc1e\ud835\udc31\ud835\udc29\ud835\udc25\ud835\udc28\ud835\udc22\ud835\udc2d \ud83d\udc47\nhttps://github.com/AmoloHT/CVE-2022-33891\n\n\nPosted by : @ZeemiBhai\n\nJoin for more : t.me/AnonCyberWarrior", "creation_timestamp": "2022-10-20T06:27:40.000000Z"}, {"uuid": "54cb310d-72a1-4b52-b6a1-002927139494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/anonhamz/2690", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:49.000000Z"}, {"uuid": "0bf55d5b-a1ee-4e3f-a04e-b04a1123ddd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/freelearningtech/1443", "content": "\ud835\udc1a\ud835\udc29\ud835\udc1a\ud835\udc1c\ud835\udc21\ud835\udc1e \ud835\udc2c\ud835\udc29\ud835\udc1a\ud835\udc2b\ud835\udc24 \ud835\udc1c\ud835\udc28\ud835\udc26\ud835\udc26\ud835\udc1a\ud835\udc27\ud835\udc1d \ud835\udc22\ud835\udc27\ud835\udc23\ud835\udc1e\ud835\udc1c\ud835\udc2d\ud835\udc22\ud835\udc28\ud835\udc27\n[CVE-2022-33891]\n\n \ud835\udc03\ud835\udc28\ud835\udc30\ud835\udc27\ud835\udc25\ud835\udc28\ud835\udc1a\ud835\udc1d \ud835\udc1e\ud835\udc31\ud835\udc29\ud835\udc25\ud835\udc28\ud835\udc22\ud835\udc2d \ud83d\udc47\nhttps://github.com/AmoloHT/CVE-2022-33891\n\n\nPosted by : @ZeemiBhai\n\nJoin for more : t.me/AnonCyberWarrior", "creation_timestamp": "2022-10-20T06:27:52.000000Z"}, {"uuid": "4d3b3156-aa9c-4b46-902b-48c69e607199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/dilagrafie/2401", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-08T09:30:41.000000Z"}, {"uuid": "d32b0b63-77d4-4fe4-8504-c6b446d9a055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/921", "content": "CVE-2022-33891\nApache Spark RCE\n\n#exploit #rce", "creation_timestamp": "2022-07-19T10:27:13.000000Z"}, {"uuid": "cf5f4b33-52ad-405f-9c27-aa8e0555d90a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "Telegram/hEMvl6wZowuL_ndRJkiOCs9u4JNr-PydEG5GKGwyniBUuA", "content": "", "creation_timestamp": "2022-08-06T05:25:21.000000Z"}, {"uuid": "40754afc-e4ef-4226-94e8-cc7c84d5016c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/lcmysecteamch/4527", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:51.000000Z"}, {"uuid": "f723a6f5-1953-4624-849c-f7092bd2a33d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/lcmysecteamch/12978", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:51.000000Z"}, {"uuid": "24ead784-4161-495c-969c-b82ec9e26f29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/864", "content": "https://github.com/W01fh4cker/cve-2022-33891", "creation_timestamp": "2022-07-19T16:29:14.000000Z"}, {"uuid": "f375cd40-9d39-4962-b6fb-b958fc694a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/true_secator/5968", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Cloudflare \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0437\u0430 2024 \u0433\u043e\u0434, \u043e\u0442\u0440\u0430\u0436\u0430\u044e\u0449\u0438\u0439 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0442\u0440\u0435\u043d\u0434\u044b \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u044f\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e \u043f\u0440\u0438\u0437\u0430\u0434\u0443\u043c\u0430\u0442\u044c\u0441\u044f.\n\n\u041f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430 \u043f\u043e \u043c\u0430\u0440\u0442 2024 \u0433\u043e\u0434\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u0432\u044b\u0432\u043e\u0434\u0443, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u0436\u0435 \u0447\u0435\u0440\u0435\u0437 22 \u043c\u0438\u043d\u0443\u0442\u044b \u043f\u043e\u0441\u043b\u0435 \u0438\u0445 \u0440\u0435\u043b\u0438\u0437\u0430.\n\n\u041e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044f \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c 57 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0443, Cloudflare \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0445 CVE, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 PoC \u0434\u043b\u044f \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u0441\u043a\u043e\u0432\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c CVE-2023-50164 \u0438 CVE-2022-33891 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Apache, CVE-2023-29298, CVE-2023-38203 \u0438 CVE-2023-26360 \u0432 Coldfusion \u0438 CVE-2023-35082 \u0432 MobileIron.\n\n\u0425\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u0440\u043e\u0441\u0442\u0430 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2024-27198, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 JetBrains TeamCity.\n\nCloudflare \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u043b\u0443\u0447\u0430\u0439, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PoC \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 22 \u043c\u0438\u043d\u0443\u0442\u044b \u043f\u043e\u0441\u043b\u0435 \u0435\u0433\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438.\n\nCloudflare \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u043e \u043e\u0442\u0447\u0430\u0441\u0442\u0438 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u0445 CVE, \u0438\u043c\u0435\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u044b\u0441\u0442\u0440\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u043d\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0442\u0430\u043a\u043e\u0439 \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 - \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0418\u0418 \u0434\u043b\u044f \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0430\u0432\u0438\u043b WAF \u0441 \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0431\u0430\u043b\u0430\u043d\u0441\u0430 \u043c\u0435\u0436\u0434\u0443 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043b\u043e\u0436\u043d\u044b\u0445 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u0438 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0438\u043c \u043e\u0448\u0435\u043b\u043e\u043c\u043b\u044f\u044e\u0449\u0438\u043c \u0432\u044b\u0432\u043e\u0434\u043e\u043c \u0438\u0437 \u043e\u0442\u0447\u0435\u0442\u0430 Cloudflare \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e, \u0447\u0442\u043e 6,8% \u0432\u0441\u0435\u0433\u043e \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u043e\u0433\u043e \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u2014 \u044d\u0442\u043e \u0442\u0440\u0430\u0444\u0438\u043a \u0442\u0438\u043f\u0430 DDoS, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u043e\u043d\u043b\u0430\u0439\u043d-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b.\n\n\u042d\u0442\u043e \u0437\u0430\u043c\u0435\u0442\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 6%, \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043f\u0435\u0440\u0438\u043e\u0434 (2022\u20132023 \u0433\u0433.), \u0447\u0442\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e\u0431 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u043e\u0431\u044a\u0435\u043c\u0430 DDoS-\u0430\u0442\u0430\u043a.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Cloudflare, \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0442\u044c \u0434\u043e 12% \u0432\u0441\u0435\u0433\u043e HTTP-\u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u041e\u0442\u0447\u0435\u0442 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 PDF \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0438.", "creation_timestamp": "2024-07-15T14:33:14.000000Z"}, {"uuid": "71f9cf32-3eee-4462-ab88-6c1435c5fa92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/15883", "content": "https://github.com/HuskyHacks/cve-2022-33891", "creation_timestamp": "2022-07-27T14:10:42.000000Z"}, {"uuid": "2fb5bff3-04b9-46e2-9c94-46b12cf9cad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/intelexch/15794", "content": "https://github.com/HuskyHacks/cve-2022-33891", "creation_timestamp": "2022-07-25T22:58:38.000000Z"}, {"uuid": "22550a48-cb6b-4917-81da-3b8978e951a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/true_secator/3877", "content": "\u0415\u0449\u0435 \u0440\u0430\u0437 \u0432\u0435\u0440\u043d\u0435\u043c\u0441\u044f \u043a Zerobot, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 Fortinet \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434.\n\n\u0411\u043e\u0442\u043d\u0435\u0442 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0432\u0435\u0449\u0435\u0439 (IoT) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0430\u043c\u043e\u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u044f\u0449\u0435\u0435\u0441\u044f \u0438 \u0441\u0430\u043c\u043e\u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0435\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0435 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Golang (Go) \u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0435 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u043d\u0430 \u0434\u0432\u0435\u043d\u0430\u0434\u0446\u0430\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440, \u0441 \u0448\u0438\u0440\u043e\u043a\u0438\u043c \u0441\u043f\u0435\u043a\u0442\u0440\u043e\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 DDoS.\n \nMicrosoft \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439\u00a0\u0430\u043d\u0430\u043b\u0438\u0437 Zerobot, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043e \u0441 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Apache \u0438 Apache Spark, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043a\u0430\u043a CVE-2021-42013 \u0438 CVE-2022-33891 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n\n\u0418\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF), \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430, CVE-2021-42013, \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0431\u043e\u0442\u043d\u0435\u0442\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f\u00a0Enemybot\u00a0DDoS.\n\n\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c, \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 Microsoft \u043e\u0431\u0440\u0430\u0437\u0435\u0446 Zerobot \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f CVE-2017-17105 (Zivif PR115-204-P-RS), CVE-2019-10655 (Grandstream), CVE-2020-25223\u00a0(Sophos SG UTM), CVE-2022-31137 (Roxy-WI) \u0438 ZSL-2022-5717 (MiniDVBLinux).\n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 Zerobot 1.1 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u043b\u0438 CVE-2018-12613, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c phpMyAdmin, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u044b.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e Zerobot \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f, \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a CVE-2022-30023, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Tenda GPON AC1200.\n\n\u041f\u043e\u0441\u043b\u0435 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Zerobot \u0432\u043d\u0435\u0434\u0440\u044f\u0435\u0442 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0431\u043e\u0442\u043d\u0435\u0442\u0430 (\u0438\u043b\u0438 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430), \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u044c.\n\n\u0423\u0433\u0440\u043e\u0437\u0430 \u043d\u0435 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b \u0441 Windows, \u043d\u043e Microsoft \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043e\u0431\u0440\u0430\u0437\u0446\u044b Zerobot, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432 \u0441\u0440\u0435\u0434\u0435 Windows.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 Zerobot \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u043e\u0432\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 DDoS-\u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 UDP, ICMP, TCP, SYN, ACK \u0438 SYN-ACK.\n\nZerobot \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0434\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f.\u00a0\u042d\u0442\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0435\u043c\u0443 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u0430\u0431\u043e\u0440\u044b \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u043f\u044b\u0442\u0430\u044f\u0441\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438.\n\nMicrosoft \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u043b\u0430 \u043e\u0431\u0440\u0430\u0437\u0435\u0446, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432 Windows \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0433\u043e (Linux, Windows, macOS) \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c (RAT) \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438, \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438, \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0441\u043d\u0438\u043c\u043a\u043e\u0432 \u044d\u043a\u0440\u0430\u043d\u0430 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434.", "creation_timestamp": "2022-12-26T15:30:06.000000Z"}, {"uuid": "08497836-ad16-41c4-b487-589570e8bd1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "Telegram/-2hP8k8bnPx6xBLVj0syXCE7QsTDcjV4SvrwKLtFSsguQQ", "content": "", "creation_timestamp": "2022-07-22T06:57:44.000000Z"}, {"uuid": "e74c96d5-2c10-40b1-9ff0-a2b0ce66f45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "Telegram/vYvzg2YckmVNYqjKYmtur4_2I1YISxNWC7glrnnthWvT3g", "content": "", "creation_timestamp": "2022-07-19T23:38:05.000000Z"}, {"uuid": "2651be22-f302-4fec-abff-cf1521692d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/340", "content": "CVE-2022-33891: Apache spark command injection \n\nhttps://github.com/W01fh4cker/cve-2022-33891", "creation_timestamp": "2022-07-19T12:06:25.000000Z"}, {"uuid": "c5278c40-8b6b-416d-b2fb-117cffe53149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/862", "content": "Updates On Hackbyte Forum:-\n\n\ud83d\udcccSmbpentest: Test Samba Servers which may have been configured improperly for anonymous access to vulnerable shares\n\n\ud83d\udcccLBOZO: A hybrid Windows Ransomware\n\n\ud83d\udcccHoaxshell: An unconventional Windows reverse shell, currently undetected by Microsoft Defender and other AV solutions, solely based on http(s) traffic\n\n\ud83d\udcccPing Castle Cloud\n\n\ud83d\udcccCoffeeLdr\n\n\ud83d\udcccZimbra #Exploit CVE-2022-30333\n\n\ud83d\udcccCVE-2022-24086 RCE POC\n\n\ud83d\udcccdata.gov.uk \u2013 UK Government Backups\n\n\ud83d\udccctelefonica Ecuador CRM Files Leaks\n\n\ud83d\udcccSvetlogorsk39.ru leak\n\n\ud83d\udcccrbcd-attack\n\n\ud83d\udcccRustyTokenManipulation\n\n\ud83d\udcccOralyzer - Open Redirection Analyzer\n\n\ud83d\udcccSalus \u2013 SBOM Tool\n\n\ud83d\udcccSliver GUI client.\n\n\ud83d\udcccCVE-2022-32119 - Arox-Unrestricted-File-Upload\n\n\ud83d\udcccNodeJS Ransomware\n\n\ud83d\udcccDirble - Fast directory scanning and scraping tool\n\n\ud83d\udcccWebView2-Cookie-Stealer\n\n\ud83d\udcccZombieThread - Another meterpreter injection technique using C# that attempts to bypass WD.\n\n\ud83d\udcccEvil Clippy\n\n\ud83d\udcccEvtx Log (xml) Browser\n\n\ud83d\udcccCVE-2022-30333\n\n\ud83d\udcccCVE-2022-23614: PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)\n\n\ud83d\udcccCVE-2022-33891 - Apache Spark shell command injection\n\n\ud83d\udcccEJS, Server side template injection RCE (CVE-2022-29078)\n\n\ud83d\udcccBinary Ninja Commercial 3.1.3469 (2022-05-31)\n\n\ud83d\udccccitycollege.edu Health University Leak\n\n\ud83d\udcccFull HHIDE.ORG forum dump\n\n\ud83d\udcccdanish.my Leak\n\n\ud83d\udcccstripchat.com Leak\n\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb Updates:- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-19T13:38:52.000000Z"}, {"uuid": "2305e72c-9220-45d8-8a33-5518c478efe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/cibsecurity/46426", "content": "\u203c CVE-2022-33891 \u203c\n\nThe Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T12:34:21.000000Z"}, {"uuid": "9a7b9d3f-d8d5-4c09-85b5-51871dcbe16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2021", "content": "https://github.com/K3ysTr0K3R/CVE-2022-33891-EXPLOIT\n\nCVE-2022-33891 - Apache Spark UI Remote Code Execution (RCE) \ud83d\udd10\n#github #exploit", "creation_timestamp": "2024-02-24T03:14:52.000000Z"}, {"uuid": "7dec0753-5969-4701-9392-0ae6f3e94928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "seen", "source": "https://t.me/legendscrewmy/2772", "content": "Hacker News:\n\n\ud83d\udea8 ALERT! If you're using MeetsApp or MeetUp on your Android device, you need to be aware of this!\n\nPakistani hackers are using these apps to target political and military personalities in India with CapraRAT backdoor.\n\nLearn more: https://thehackernews.com/2023/03/transparent-tribe-hackers-distribute.html\n\nCybersecurity researchers have discovered a new information stealer, dubbed \"SYS01stealer,\" targeting critical government infrastructure employees, manufacturing companies, and other sectors.\n\nLearn more about it here: https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html\n\nChinese cyberespionage hackers are targeting high-profile government entities in Southeast Asia with a new version of the Soul modular framework.\n\nLearn more: https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html\n\nCISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-09T04:45:50.000000Z"}, {"uuid": "07e5346d-6128-40ac-88cb-4e5fee193c42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "Telegram/RPKukW197r-SjjatzMXHK6m-GGbVHDEWq2qC6lfca_QymM4", "content": "", "creation_timestamp": "2022-07-20T16:53:41.000000Z"}, {"uuid": "dcf96a9e-2827-4cc7-a632-21d876fce681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "exploited", "source": "https://t.me/thehackernews/3125", "content": "CISA has added 3 more flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation:\n\nCVE-2022-35914 - Teclib GLPI RCE\nCVE-2022-33891 - Apache Spark Command Injection\nCVE-2022-28810 - Zoho ADSelfService Plus RCE\n\nRead: https://thehackernews.com/2023/03/cisas-kev-catalog-updated-with-3-new.html", "creation_timestamp": "2023-03-08T09:01:39.000000Z"}, {"uuid": "c1317c5c-2ae6-4e45-86b2-66953d05fe08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2540", "content": "#CVE-2022\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\nFor CVE-2022-33891 Apache Spark: Emulation and Detection by West Shepherd\nhttps://github.com/ps-interactive/lab_security_apache_spark_emulation_detection\n\nCVE-2022-46169\n\nhttps://github.com/imjdl/CVE-2022-46169\n\n@BlueRedTeam", "creation_timestamp": "2022-12-27T19:38:43.000000Z"}, {"uuid": "7cad3fd9-eb35-4334-8b76-595c767b38ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-33891", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6436", "content": "#exploit\n1. CVE-2022-33891:\nApache Spark Shell Command Injection Vulnerability\nhttps://github.com/HuskyHacks/cve-2022-33891\n\n2. Riding the InfoRail to Exploit Ivanti Avalanche\nhttps://www.zerodayinitiative.com/blog/2022/7/19/riding-the-inforail-to-exploit-ivanti-avalanche", "creation_timestamp": "2022-07-21T11:03:01.000000Z"}]}