{"vulnerability": "CVE-2023-29298", "sightings": [{"uuid": "cd98062b-2e9f-4ebd-b9a2-f37e3a3f1bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-07-20T15:10:02.000000Z"}, {"uuid": "94515c7a-131b-4fe0-ba92-474207f3f4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971861", "content": "", "creation_timestamp": "2024-12-24T20:34:56.895716Z"}, {"uuid": "019f9db9-52e4-4b34-b53c-a398c30d694c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-25)", "content": "", "creation_timestamp": "2025-03-25T00:00:00.000000Z"}, {"uuid": "c0672042-c143-4bf4-8914-63bf8109dbcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-29)", "content": "", "creation_timestamp": "2024-11-29T00:00:00.000000Z"}, {"uuid": "835073f2-def7-42b2-aea5-266554258ccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-05)", "content": "", "creation_timestamp": "2025-02-05T00:00:00.000000Z"}, {"uuid": "8c01016e-7446-49c7-8396-07e300734d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-28)", "content": "", "creation_timestamp": "2025-02-28T00:00:00.000000Z"}, {"uuid": "e746a6ff-ccc5-4d3d-a34a-90cbf7b2ce11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-20)", "content": "", "creation_timestamp": "2025-03-20T00:00:00.000000Z"}, {"uuid": "bcbe32f0-1feb-4f2f-8f46-8d82c012ff82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-19)", "content": "", "creation_timestamp": "2025-03-19T00:00:00.000000Z"}, {"uuid": "661e95df-865f-4908-a82a-cb3d38e5a438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-31)", "content": "", "creation_timestamp": "2025-05-31T00:00:00.000000Z"}, {"uuid": "3dd1e507-9bc0-4a6b-ab61-5ba42ceecd71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-07)", "content": "", "creation_timestamp": "2025-07-07T00:00:00.000000Z"}, {"uuid": "ea24260f-44a0-4c15-8bba-37c72256fd45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:45.000000Z"}, {"uuid": "185807a7-9c3c-4e43-8d2f-613e658a615e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "33552896-9288-4f15-afd2-7574ed6ebbf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-29)", "content": "", "creation_timestamp": "2025-06-29T00:00:00.000000Z"}, {"uuid": "f3ea33e3-3e7e-4288-8c27-d945efb3a968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-16)", "content": "", "creation_timestamp": "2025-07-16T00:00:00.000000Z"}, {"uuid": "c91ff65b-6af9-4aaf-8094-8f9e1315aa2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-12)", "content": "", "creation_timestamp": "2025-09-12T00:00:00.000000Z"}, {"uuid": "46d22e2d-1282-42d7-9fa3-981b670d10e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-07)", "content": "", "creation_timestamp": "2025-11-07T00:00:00.000000Z"}, {"uuid": "6abadf98-e955-4ecc-b89f-7b608849c07b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "fc7234f5-f7cc-4dd6-9f58-e6d48a46065e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-15)", "content": "", "creation_timestamp": "2025-10-15T00:00:00.000000Z"}, {"uuid": "3c9a9b17-e71b-4c5d-94f2-bf3c26eb7008", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "58aab92c-c24e-4b64-aad8-2d78309e9022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-28)", "content": "", "creation_timestamp": "2025-07-28T00:00:00.000000Z"}, {"uuid": "904d152d-0f18-4d46-a2cf-76a1b4c217c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-17)", "content": "", "creation_timestamp": "2025-08-17T00:00:00.000000Z"}, {"uuid": "2c57dabd-4f37-4b4c-8021-8d24146fa914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-16)", "content": "", "creation_timestamp": "2025-09-16T00:00:00.000000Z"}, {"uuid": "63060fed-c754-48a1-9cbc-331595404033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-31)", "content": "", "creation_timestamp": "2025-07-31T00:00:00.000000Z"}, {"uuid": "4099cf2d-8ff2-4df8-be09-0ee8b0eb14ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-01)", "content": "", "creation_timestamp": "2025-08-01T00:00:00.000000Z"}, {"uuid": "2d746699-9a0c-4bab-b3b2-ce1f291483cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-01)", "content": "", "creation_timestamp": "2025-08-01T00:00:00.000000Z"}, {"uuid": "18cd71e9-6e75-4c64-a87b-42bcb38cc2ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-13)", "content": "", "creation_timestamp": "2025-09-13T00:00:00.000000Z"}, {"uuid": "66f63d9e-dcbe-41a4-80b7-d235568d1e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-11)", "content": "", "creation_timestamp": "2025-08-11T00:00:00.000000Z"}, {"uuid": "8ee8f486-c23c-465a-ab93-81beb085e733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-15)", "content": "", "creation_timestamp": "2025-08-15T00:00:00.000000Z"}, {"uuid": "a20442fd-3e49-4db8-a5d4-3c898bc1e015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-28)", "content": "", "creation_timestamp": "2025-10-28T00:00:00.000000Z"}, {"uuid": "0ad149d0-bbc6-4f3d-a6f8-a7c9641fef7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-22)", "content": "", "creation_timestamp": "2025-09-22T00:00:00.000000Z"}, {"uuid": "f7244693-d532-407c-a756-485801ef4ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-16)", "content": "", "creation_timestamp": "2025-10-16T00:00:00.000000Z"}, {"uuid": "2bd06f7f-0230-4e83-9db9-292f7d720936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-14)", "content": "", "creation_timestamp": "2025-10-14T00:00:00.000000Z"}, {"uuid": "8ed2bebd-b4c8-4157-9949-93bcc2f57ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-29)", "content": "", "creation_timestamp": "2025-09-29T00:00:00.000000Z"}, {"uuid": "bd962677-d4c5-4089-b2a5-13e149bb239f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-14)", "content": "", "creation_timestamp": "2025-10-14T00:00:00.000000Z"}, {"uuid": "97ff0f59-dbbd-4a05-98d9-40ac0fa74d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-22)", "content": "", "creation_timestamp": "2025-09-22T00:00:00.000000Z"}, {"uuid": "a2dee743-2ba0-470a-849b-2989c3b1ae27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-15)", "content": "", "creation_timestamp": "2025-09-15T00:00:00.000000Z"}, {"uuid": "2ef6912b-456d-4dae-9dd1-c414c96231f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-08)", "content": "", "creation_timestamp": "2025-09-08T00:00:00.000000Z"}, {"uuid": "96adab46-46f3-4dd3-87fa-b3d003fda001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "80bf5d7f-6f5b-4198-a13f-434cf61e8f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-24)", "content": "", "creation_timestamp": "2025-09-24T00:00:00.000000Z"}, {"uuid": "151dbd3f-ec0c-4c1b-b2a7-e35aa19e4fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e63b5407-ac6e-407c-a839-adc664112c86", "content": "", "creation_timestamp": "2026-02-02T12:26:54.463943Z"}, {"uuid": "a778ffec-20de-4a22-a0f5-a5cda4d6cd4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-26)", "content": "", "creation_timestamp": "2026-01-26T00:00:00.000000Z"}, {"uuid": "7448f1a2-e2c1-44ae-9b9a-671dd9b08d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-24)", "content": "", "creation_timestamp": "2026-03-24T00:00:00.000000Z"}, {"uuid": "d5ad6475-ed59-4fee-9d1f-5c22e781f60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-30)", "content": "", "creation_timestamp": "2026-03-30T00:00:00.000000Z"}, {"uuid": "680485cc-f2c7-42ae-bfb4-12a6137f4773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-18)", "content": "", "creation_timestamp": "2026-04-18T00:00:00.000000Z"}, {"uuid": "c0ec2ca9-8dcc-4c81-86d8-04cf13e4865a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://t.me/ctinow/124535", "content": "https://ift.tt/VW5qJ1T\nAdobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)", "creation_timestamp": "2023-07-18T16:47:06.000000Z"}, {"uuid": "82ab9c9b-ac46-4fda-bcdf-9921212480c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "https://t.me/cKure/13279", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Hackers use PoC exploits in attacks 22 minutes after release.\n\nDuring the examined period, the most targeted flaws were CVE-2023-50164 and CVE-2022-33891 in Apache products, CVE-2023-29298, CVE-2023-38203 and CVE-2023-26360 in Coldfusion, and CVE-2023-35082 in MobileIron.\n\nA characteristic example of the rise in the speed of weaponization is CVE-2024-27198, an authentication bypass flaw in JetBrains TeamCity.\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/\n\nhttps://blog.cloudflare.com/application-security-report-2024-update\n\nhttps://www.cloudflare.com/en-gb/2024-application-security-trends/", "creation_timestamp": "2024-07-13T20:21:42.000000Z"}, {"uuid": "3daf6544-e316-4fbf-807c-abf19d1d4910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "https://t.me/BleepingComputer/17472", "content": "Latest news and stories from BleepingComputer.com\nAdobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw\n\nAdobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. [...]", "creation_timestamp": "2023-07-20T16:16:05.000000Z"}, {"uuid": "acfa770c-e1d1-42a8-a447-f3c005908fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "https://t.me/Cyber_Watch_insider/22", "content": "https://www.bleepingcomputer.com/news/security/adobe-fixes-patch-bypass-for-exploited-coldfusion-cve-2023-29298-flaw/", "creation_timestamp": "2023-08-13T05:26:00.000000Z"}, {"uuid": "2cd0342d-92f9-472e-b93a-d5a6d2f084f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://t.me/ctinow/125164", "content": "https://ift.tt/huTMdml\nAdobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw", "creation_timestamp": "2023-07-20T18:21:11.000000Z"}, {"uuid": "9dfa38d8-dfa8-44e9-8a8b-13466109e1d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "Telegram/_LnxBMeCnuVAE5QweLhPpKzZNVyj_Ktx8yCZ6zDmYsY1VA", "content": "", "creation_timestamp": "2023-07-12T12:20:15.000000Z"}, {"uuid": "318e0637-1cfd-4258-a0fb-bc719fed58cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "https://t.me/Programmer_Tech/7305", "content": "\u0638\u0647\u0631\u062a. \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062c\u062f\u064a\u062f\u0629 \u0639\u0644\u064a Adobe ColdFusion \n\n\u0627\u0644\u062b\u063a\u0631\u0629 \u0645\u0646 \u0646\u0648\u0639 Access control Bypass \u0648 #cve \u0627\u0644\u062e\u0627\u0635 \u0628\u0647 \u0647\u0648 CVE-2023-29298   \n\n\u0628\u0627\u062e\u062a\u0635\u0627\u0631 \u0643\u062f\u0627 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0642\u0648\u0645 \u0628\u0639\u0645\u0644 \u062a\u062c\u0627\u0648\u0632 \u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0639\u062a\u0645\u062f\u0629 \u0639\u0644\u064a\u0629 #Adobe_ColdFusion  \n\u062f\u0627 \u0645\u0642\u0627\u0644 \u064a\u062a\u062d\u062f\u062b \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648 \u0627\u0644\u062e\u0637\u0648\u0631\u0629 \u0648\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0648\u0637\u0631\u064a\u0642\u0629 \u062a\u0646\u0641\u064a\u0630 exploit \u0639\u0644\u064a \u0627\u0644\u062b\u063a\u0631\u0629  https://programmer-tech.com/adobe-coldfusion-access-control-bypass-cve-2023-29298/", "creation_timestamp": "2023-07-12T17:15:14.000000Z"}, {"uuid": "9e35aaaf-5bff-4255-bcc1-eb3f03555cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3871", "content": "\ud83d\udd30\u2b50Sunrise CBD Leak: https://system32.ink/sunrise-cbd-data-leak/\n \n\u26a1\ud83d\udca5CVE-2023-29298 Adobe Poc: https://system32.ink/cve-2023-29298-adobe-poc/\n\n\ud83c\udf2a\ufe0f\u26a1PS5 Kernel Exploit: https://system32.ink/ps5-kernel-exploit/\n\n\u2623\ufe0fAnti-kill PHP Trojan Generator : https://system32.ink/anti-kill-php-trojan-generator/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-12T17:19:41.000000Z"}, {"uuid": "3447498b-445b-4a69-a741-5f486d1a6f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "https://t.me/true_secator/4637", "content": "Adobe \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f ColdFusion, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 0-day, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e RCE CVE-2023-38204 (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9,8), \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e CVE-2023-38205 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 7,8) \u0438 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0443\u044e CVE-2023-38206 (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 5,3).\n\n\u0421\u0430\u043c\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u044f CVE-2023-38204 \u0435\u0449\u0435 \u043d\u0435 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a CVE-2023-38205 \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 Adobe \u0432 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 ColdFusion.\n\n\u041e\u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CVE-2023-29298, \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 ColdFusion, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Rapid7 11 \u0438\u044e\u043b\u044f.\n\n13 \u0438\u044e\u043b\u044f\u00a0Rapid7 \u0443\u0432\u0438\u0434\u0435\u043b\u0438, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044e\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b\u00a0\u0434\u043b\u044f CVE-2023-29298 \u0438, \u043a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 CVE-2023-29300/CVE-2023-38203 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b ColdFusion \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c.\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-29298 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043e\u0439\u0442\u0438, \u043e \u0447\u0435\u043c Rapid7 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0432 Adobe. \u0422\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432\u0441\u0435 \u0435\u0449\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u043b \u043d\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 ColdFusion (\u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 14 \u0438\u044e\u043b\u044f).\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Adobe \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 CVE-2023-29298 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043e \u0432 APSB23-47 \u043a\u0430\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 CVE-2023-38205.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 ColdFusion, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.", "creation_timestamp": "2023-07-20T11:14:46.000000Z"}, {"uuid": "96571849-138a-4ba9-ac0f-3d60de2a3ec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "https://t.me/true_secator/4626", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 ColdFusion \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0435\u0431-\u0448\u0435\u043b\u043b\u043e\u0432 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b.\n\n\u0412\u043e\u043b\u043d\u0443 \u0430\u0442\u0430\u043a \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Rapid7, \u043f\u043e\u043b\u0430\u0433\u0430\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044e\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2023-29298 \u0438 CVE-2023-38203.\n\n11 \u0438\u044e\u043b\u044f\u00a0Adobe \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430\u00a0\u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2023-29298) \u0432 ColdFusion, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 Rapid7, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431 RCE-\u0431\u0430\u0433\u0435 CVE-2023-29300, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 CrowdStrike.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f CVE \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0441 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430\u00a0\u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438.\n\n\u041d\u0430 \u0442\u043e\u0442 \u043c\u043e\u043c\u0435\u043d\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c.\n\n\u041f\u043e\u0437\u0436\u0435 12 \u0438\u044e\u043b\u044f \u0432 \u0431\u043b\u043e\u0433\u0435 Project Discovery \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441 PoC \u0434\u043b\u044f CVE-2023-29300, \u043f\u043e\u0441\u0442 \u0432\u0441\u043a\u043e\u0440\u0435 \u0431\u044b\u043b \u0443\u0434\u0430\u043b\u0435\u043d.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e Project Discovery, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0443 WDDX.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f Java Reflection API, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0435\u0433\u043e \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b.\n\nRapid7 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u0447\u0442\u043e Adobe \u043d\u0435 \u0441\u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0431\u0430\u0433\u0443 \u0432 WDDX, \u0442\u0430\u043a \u043a\u0430\u043a \u044d\u0442\u043e \u043d\u0430\u0440\u0443\u0448\u0438\u0442 \u0432\u0441\u0435, \u0447\u0442\u043e \u043e\u0442 \u043d\u0435\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u0442, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u043c\u0435\u0441\u0442\u043e \u0437\u0430\u043f\u0440\u0435\u0442\u0430 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 WDDX \u043e\u043d\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0438 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0443\u0442\u0435\u0439 \u043a \u043a\u043b\u0430\u0441\u0441\u0430\u043c Java, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b\n\n14 \u0438\u044e\u043b\u044f Adobe \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043f\u043b\u0430\u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f CVE-2023-38203. Rapid7 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 CVE-2023-29300, \u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0448\u043b\u0438 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0433\u0430\u0434\u0436\u0435\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Adobe OOB \u0435\u0449\u0435 \u0440\u0430\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442 \u0441\u043f\u0438\u0441\u043e\u043a, \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u0433\u0430\u0434\u0436\u0435\u0442\u0430 \u0447\u0435\u0440\u0435\u0437 com.sun.rowset.\u00a0JdbcRowSetImpl, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0432 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0435 Project Discover.\n\n\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u0436\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439, Rapid7 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-29298 \u0432\u0441\u0435 \u0435\u0449\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043e\u0439\u0442\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u043f\u0430\u0442\u0447 \u043e\u0442 Adobe.\n\nAdobe \u043f\u043e\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043b\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 ColdFusion, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u043b\u0443\u0447\u0448\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u0430\u0442\u0430\u043a.\n\n\u041d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Project Discovery \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e CVE-2023-29300 (\u0438, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, CVE-2023-38203) \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 CVE-2023-29298 \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0440\u0435\u0436\u0438\u043c\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438.\n\n\u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 CFC.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0435\u0441\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c CFC \u0434\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u0435\u043d \u0438\u0437-\u0437\u0430 \u0440\u0435\u0436\u0438\u043c\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 ColdFusion, \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0441 CVE-2023-29298.\n\n\u041a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044f \u0443\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 ColdFusion, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043d\u0430 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0440\u0435\u0436\u0438\u043c.\n\n\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0435\u0443\u0434\u0438\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e Rapid7 \u0443\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2023-29298, \u0438 \u043d\u0435\u0447\u0442\u043e, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u043f\u043e\u0445\u043e\u0436\u0435\u0435 \u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0438\u0437 \u043e\u0442\u0447\u0435\u0442\u0430 Project Discovery, \u043f\u0440\u0438\u0447\u0435\u043c \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u0437\u043e\u0440\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u044d\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u041f\u043e\u043a\u0430 \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CVE-2023-29298 \u043d\u0435\u0442, \u043e\u0434\u043d\u0430\u043a\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0442\u0430\u043a\u0430\u044f \u043a\u0430\u043a CVE-2023-38203.\n\n\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 ColdFusion \u0441\u0442\u0430\u043d\u0435\u0442 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.", "creation_timestamp": "2023-07-18T13:11:26.000000Z"}, {"uuid": "4985d5d7-d66d-4999-89aa-5411f6bd2c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4168", "content": "\ud83d\udd30\u2b50Sunrise CBD Leak: https://system32.ink/sunrise-cbd-data-leak/\n \n\u26a1\ud83d\udca5CVE-2023-29298 Adobe Poc: https://system32.ink/cve-2023-29298-adobe-poc/\n\n\ud83c\udf2a\ufe0f\u26a1PS5 Kernel Exploit: https://system32.ink/ps5-kernel-exploit/\n\n\u2623\ufe0fAnti-kill PHP Trojan Generator : https://system32.ink/anti-kill-php-trojan-generator/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-08-21T18:35:10.000000Z"}, {"uuid": "5c55a230-d922-49ce-978c-e39cfba4267a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://t.me/BABATATASASA/5557", "content": "CVE-2023-29298: Adobe ColdFusion Access Control Bypass\nhttps://unsafe.sh/go-171829.html?utm_source=feedly", "creation_timestamp": "2023-10-07T06:10:44.000000Z"}, {"uuid": "ecb5704b-694a-4476-8d07-fab0dda00bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://t.me/breachdetector/330444", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-29298: What is the Adobe ColdFusion Exploit? Explanation\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"04 Sep 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-09-04T14:48:36.000000Z"}, {"uuid": "69381dc5-64ae-42db-91bc-66166c732560", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/316312", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-29298: Adobe ColdFusion Exploiti Nedir ? Anlat\u0131m\", \n  \"author\": \" (SerasZen)\",\n  \"Detection Date\": \"13 Aug 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-08-13T09:57:31.000000Z"}, {"uuid": "a481511f-8c61-430b-9970-c12f37d74266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://t.me/true_secator/6588", "content": "Adobe \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-53961 \u0441 CVSS 7.4 \u0432 ColdFusion.\n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Adobe ColdFusion \u0432\u0435\u0440\u0441\u0438\u0439 2023 \u0438 2021 \u0438 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u043f\u0443\u0442\u0438 \u043a \u0437\u0430\u043a\u0440\u044b\u0442\u043e\u043c\u0443 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u0447\u0442\u0435\u043d\u0438\u044e \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0441 \u043f\u0441\u0435\u0432\u0434\u043e\u043d\u0438\u043c\u043e\u043c ma4ter. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c Adobe \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442, \u0447\u0442\u043e \u0435\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u043d\u0430\u043b\u0438\u0447\u0438\u0438 PoC \u0434\u043b\u044f CVE-2024-53961.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e Adobe \u043f\u043e\u043a\u0430 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043b\u0438 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c\u0441\u044f \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0435\u0439 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0435 \u0430\u0442\u0430\u043a \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Wddx.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 \u0432 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0430\u0445\u00a0ColdFusion 2023 \u0438 ColdFusion 2021.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0443\u0441\u0442\u043e\u044f\u0432\u0448\u0443\u044e\u0441\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0443 \u0430\u0442\u0430\u043a \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 Adobe ColdFusion (CVE-2023-29298, CVE-2023-38205, CVE-2023-26360), \u043a \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0441\u0442\u043e\u0438\u0442 \u043f\u0440\u0438\u0441\u043b\u0443\u0448\u0430\u0442\u044c\u0441\u044f.", "creation_timestamp": "2024-12-26T16:00:06.000000Z"}, {"uuid": "96cac652-4a03-4ecb-86ff-38d28f0680ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "https://t.me/true_secator/5968", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Cloudflare \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0437\u0430 2024 \u0433\u043e\u0434, \u043e\u0442\u0440\u0430\u0436\u0430\u044e\u0449\u0438\u0439 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0442\u0440\u0435\u043d\u0434\u044b \u0438\u043d\u0444\u043e\u0441\u0435\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u044f\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e \u043f\u0440\u0438\u0437\u0430\u0434\u0443\u043c\u0430\u0442\u044c\u0441\u044f.\n\n\u041f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430 \u043f\u043e \u043c\u0430\u0440\u0442 2024 \u0433\u043e\u0434\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u0432\u044b\u0432\u043e\u0434\u0443, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u0436\u0435 \u0447\u0435\u0440\u0435\u0437 22 \u043c\u0438\u043d\u0443\u0442\u044b \u043f\u043e\u0441\u043b\u0435 \u0438\u0445 \u0440\u0435\u043b\u0438\u0437\u0430.\n\n\u041e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044f \u0432 \u0441\u0440\u0435\u0434\u043d\u0435\u043c 57 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u0441\u0435\u043a\u0443\u043d\u0434\u0443, Cloudflare \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0445 CVE, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 PoC \u0434\u043b\u044f \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0440\u0430\u0441\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u0441\u043a\u043e\u0432\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c CVE-2023-50164 \u0438 CVE-2022-33891 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Apache, CVE-2023-29298, CVE-2023-38203 \u0438 CVE-2023-26360 \u0432 Coldfusion \u0438 CVE-2023-35082 \u0432 MobileIron.\n\n\u0425\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u0440\u043e\u0441\u0442\u0430 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2024-27198, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 JetBrains TeamCity.\n\nCloudflare \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u043b\u0443\u0447\u0430\u0439, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PoC \u0432\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 22 \u043c\u0438\u043d\u0443\u0442\u044b \u043f\u043e\u0441\u043b\u0435 \u0435\u0433\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u0438\u043b\u043e \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438.\n\nCloudflare \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u043e \u043e\u0442\u0447\u0430\u0441\u0442\u0438 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u0445 CVE, \u0438\u043c\u0435\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u044b\u0441\u0442\u0440\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u043d\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0442\u0430\u043a\u043e\u0439 \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 - \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0418\u0418 \u0434\u043b\u044f \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0430\u0432\u0438\u043b WAF \u0441 \u0443\u0441\u043b\u043e\u0432\u0438\u0435\u043c \u0431\u0430\u043b\u0430\u043d\u0441\u0430 \u043c\u0435\u0436\u0434\u0443 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043b\u043e\u0436\u043d\u044b\u0445 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043d\u0438\u0439 \u0438 \u0441\u043a\u043e\u0440\u043e\u0441\u0442\u044c\u044e \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0438\u043c \u043e\u0448\u0435\u043b\u043e\u043c\u043b\u044f\u044e\u0449\u0438\u043c \u0432\u044b\u0432\u043e\u0434\u043e\u043c \u0438\u0437 \u043e\u0442\u0447\u0435\u0442\u0430 Cloudflare \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e, \u0447\u0442\u043e 6,8% \u0432\u0441\u0435\u0433\u043e \u0435\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u043e\u0433\u043e \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u2014 \u044d\u0442\u043e \u0442\u0440\u0430\u0444\u0438\u043a \u0442\u0438\u043f\u0430 DDoS, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u043e\u043d\u043b\u0430\u0439\u043d-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b.\n\n\u042d\u0442\u043e \u0437\u0430\u043c\u0435\u0442\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 6%, \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u043f\u0435\u0440\u0438\u043e\u0434 (2022\u20132023 \u0433\u0433.), \u0447\u0442\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e\u0431 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u043e\u0431\u044a\u0435\u043c\u0430 DDoS-\u0430\u0442\u0430\u043a.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Cloudflare, \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0442\u044c \u0434\u043e 12% \u0432\u0441\u0435\u0433\u043e HTTP-\u0442\u0440\u0430\u0444\u0438\u043a\u0430.\n\n\u041e\u0442\u0447\u0435\u0442 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 PDF \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0437\u0434\u0435\u0441\u044c \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0438.", "creation_timestamp": "2024-07-15T14:33:14.000000Z"}, {"uuid": "25882153-4348-4820-b2af-18b30e57ebee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-29)", "content": "", "creation_timestamp": "2026-04-29T00:00:00.000000Z"}, {"uuid": "2b879c25-d2a6-42e0-bf4a-53bd2b9e87f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "exploited", "source": "https://t.me/thehackernews/3609", "content": "Beware! A critical security flaw (CVE-2023-28121) in the WooCommerce Payments #WordPress plugin is currently being actively exploited by threat actors. \n \nIn addition to this, Rapid7 has also discovered ongoing exploitation of Adobe ColdFusion flaws (including CVE-2023-29298), resulting in web shell deployments. \n \nRead details here: https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html", "creation_timestamp": "2023-07-18T08:02:30.000000Z"}, {"uuid": "97e30a5e-7863-4a47-92db-9d31cc1a4bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29298", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8659", "content": "#exploit\n1. CVE-2023-29298:\nAdobe ColdFusion Access Control Bypass\nhttps://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass\n\n2. XAMPP 8.2.4 - Unquoted Path\nhttps://seclists.org/fulldisclosure/2023/Jul/18\n\n3. CVE-2023-3460:\nUnauthorized admin access for Ultimate Member plugin POC\nhttps://github.com/Fire-Null/CVE-2023-3460", "creation_timestamp": "2023-07-13T11:01:01.000000Z"}]}