{"vulnerability": "CVE-2024-2734", "sightings": [{"uuid": "21b8da4e-1ac7-42b2-8fa5-abac2711ee98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-09-20T18:10:03.000000Z"}, {"uuid": "fc99296a-dc97-4ced-b2f7-5e8100bad2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "65bf5f60-212b-4052-8b60-17a25a90cab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-06)", "content": "", "creation_timestamp": "2025-02-06T00:00:00.000000Z"}, {"uuid": "9d87ba83-2e9b-4e93-be72-770d6e0ed03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:58.000000Z"}, {"uuid": "b455f717-70ce-4748-a067-6b5a6e05f699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:01.000000Z"}, {"uuid": "596ca018-e0c1-4c12-aa06-1c89c752fccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmejvr74ze2q", "content": "", "creation_timestamp": "2025-04-09T08:07:56.766451Z"}, {"uuid": "4d74de3d-ddd4-4fbb-813c-d73cd40dec9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-15)", "content": "", "creation_timestamp": "2025-05-15T00:00:00.000000Z"}, {"uuid": "53a854a5-af28-4423-9194-52334ab9e689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-20)", "content": "", "creation_timestamp": "2025-09-20T00:00:00.000000Z"}, {"uuid": "53fa5d61-0edc-43fc-98f3-0c4291456d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmifndzalw2t", "content": "", "creation_timestamp": "2025-04-10T21:02:18.764606Z"}, {"uuid": "df693cd1-3ebe-4b2d-96c2-f16689912de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "925d7c0e-3faa-484d-a2f1-2fb8b7ec715b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7510", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27348 Proof of concept Exploit - Unauthenticated RCE in Apache HugeGraph Server\nURL\uff1ahttps://github.com/kljunowsky/CVE-2024-27348\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-06-03T19:22:42.000000Z"}, {"uuid": "7bdb05e5-5459-4765-85d3-ec7c113217b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d7b1e7b0-a95e-46bd-8f3a-d1968dfa657b", "content": "", "creation_timestamp": "2026-02-02T12:26:28.411618Z"}, {"uuid": "0719e0c3-4266-4f47-a19c-df84183bf505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7483", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aHugeGraph Server RCE Scanner ( CVE-2024-27348 )\nURL\uff1ahttps://github.com/Zeyad-Azima/CVE-2024-27348\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-31T20:14:51.000000Z"}, {"uuid": "ba3679df-6351-44fc-befe-72bf16cb4669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-05)", "content": "", "creation_timestamp": "2025-10-05T00:00:00.000000Z"}, {"uuid": "d1ecd05f-c211-4d6b-9a1d-2d685d137ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb", "content": "", "creation_timestamp": "2024-08-14T09:30:49.000000Z"}, {"uuid": "fd2abd48-d0f0-48f1-9622-9753ca7d9a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/cQf2CT3r4WvnJhAn_Z5tbBdbHlIor2zaa0XkqChp6pgA9CQ", "content": "", "creation_timestamp": "2025-12-13T09:00:04.000000Z"}, {"uuid": "95f40651-8284-4a7f-af27-cf81594e86ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13050", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Exploit-code | Zero-Day: CVE-2024-27348 (RCE) - Unauth users can execute commands via Groovy injection in Apache HugeGraph-Server.\n\nFix: Upgrade to version 1.3.0\n\nPython Scanner: https://github.com/Zeyad-Azima/CVE-2024-27348", "creation_timestamp": "2024-06-03T02:16:35.000000Z"}, {"uuid": "2dcf164f-a47c-46b0-b229-26a9e656c9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/475", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T21:02:41.000000Z"}, {"uuid": "cdb3a3f7-8834-4ab2-90dd-ec99ed643117", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27345", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5787", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-27345\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22932.\n\ud83d\udccf Published: 2024-04-03T16:19:45.349Z\n\ud83d\udccf Modified: 2025-02-27T20:05:08.119Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/advisories/ZDI-24-225/", "creation_timestamp": "2025-02-27T20:25:53.000000Z"}, {"uuid": "271395bc-3048-44c2-b0df-2b5c27930787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-website/wp-login.php\"\n    payload = {\n        \"username\": \"attacker_username\",\n        \"password\": \"attacker_password\"\n    }\n    response = requests.post(url, data=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-camera-ip/api/exploit\"\n    payload = {\"command\": \"switch_network\"}\n    response = requests.post(url, json=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-hugegraph-server\"\n    payload = {\"exploit\": \"malicious_code_here\"}\n    response = requests.post(url, json=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n    Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}, {"uuid": "af520024-b58c-4751-81f8-1f80313902f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/veIOHsbV5kLZGnQksJSl1JOrCFYfC-6sYrwF7hGdBF9KK0en", "content": "", "creation_timestamp": "2024-07-23T18:28:14.000000Z"}, {"uuid": "1e5b1a5b-18ce-4dd5-9784-861e761f2efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/464", "content": "https://github.com/Zeyad-Azima/CVE-2024-27348\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 )\n#github #exploit", "creation_timestamp": "2024-06-03T05:55:44.000000Z"}, {"uuid": "172e1a70-abb5-4719-a4ba-0052420f83b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "Telegram/6TjTMn3eJ4SIQXACl90w0pYk95P-tseSc5ZpOgbPehxwHw", "content": "", "creation_timestamp": "2024-07-17T07:58:44.000000Z"}, {"uuid": "fcffab96-ab74-4d05-9e6b-d6b41323cda1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/682", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8Apache HugeGraph Server RCE Scanner (CVE-2024-27348).\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE202427348 #Vulnerability \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nhttps://x.com/DarkWebInformer/status/1798761369623515326", "creation_timestamp": "2024-06-06T19:00:10.000000Z"}, {"uuid": "5a495296-22eb-4f03-975d-649ddb0162ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/1633", "content": "\u200aCVE-2024-27348: Apache HugeGraph RCE Vulnerability, PoC Exploit Published\n\nhttps://securityonline.info/cve-2024-27348-apache-hugegraph-rce-vulnerability-poc-exploit-published/", "creation_timestamp": "2024-06-05T11:43:01.000000Z"}, {"uuid": "78e4f4a7-6c1a-4e13-9b1a-f358f1f90fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/feYi57SvoYtPXJUtMYFTAKZJgaMQOxVMuutGWUodZDs", "content": "", "creation_timestamp": "2024-06-07T22:09:57.000000Z"}, {"uuid": "75b57539-7c8b-4933-8f4c-396ed2ee8844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/HackingInsights/6468", "content": "\u200aActive Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released\n\nhttps://securityonline.info/active-exploits-targeting-apache-hugegraph-flaw-cve-2024-27348-poc-code-released/", "creation_timestamp": "2024-07-18T10:13:01.000000Z"}, {"uuid": "39f3c4c9-d81d-4e66-a3ba-469a5906f042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "Telegram/_5ikaDwwOP-YTEC3A66jN4BdPOUaHTxwBchjujeNg5YV-w", "content": "", "creation_timestamp": "2024-07-17T08:17:27.000000Z"}, {"uuid": "59298591-13eb-4cdf-b530-d5e6f0221f39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/936", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T21:02:17.000000Z"}, {"uuid": "0545fa72-70b4-4b1a-8e6c-c88dbaceac25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/15247", "content": "The Hacker News\nCritical Apache HugeGraph Vulnerability Under Attack - Patch ASAP\n\nThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.\nTracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.\n\"Users are", "creation_timestamp": "2024-07-17T07:58:45.000000Z"}, {"uuid": "d3473046-1eb9-4e44-a3fd-2dedf848a291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/166", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:09:47.000000Z"}, {"uuid": "9f700d32-52fb-4d60-9b7b-0cead2caa9b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/0QbDKVhn6TCrVXkSdD0th2eJVlWHCP4L_6A9AZOFrjNSMEg", "content": "", "creation_timestamp": "2024-08-06T23:48:46.000000Z"}, {"uuid": "48892974-2072-4d9b-9ec3-a4802bb86b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/170", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:10:39.000000Z"}, {"uuid": "93dacce2-f249-4181-a4bd-bb502ece410b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/KomunitiSiber/2258", "content": "Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP\nhttps://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html\n\nThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.\nTracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.\n\"Users are", "creation_timestamp": "2024-07-17T09:35:22.000000Z"}, {"uuid": "887ea069-78d1-4112-ae08-34711efe51c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/kk8UfhFwmY5fCWc2ol4Wfv6GNmAscGhX1y7IkyBsp1-AehM", "content": "", "creation_timestamp": "2024-08-22T10:54:43.000000Z"}, {"uuid": "ecf6f4d1-accc-48e5-801b-f043c29307d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/2962", "content": "The Hacker News\nCritical Apache HugeGraph Vulnerability Under Attack - Patch ASAP\n\nThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.\nTracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.\n\"Users are", "creation_timestamp": "2024-07-17T07:58:45.000000Z"}, {"uuid": "0b7af850-c4be-4c86-889b-ecdf356dc6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7899", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T10:50:14.000000Z"}, {"uuid": "b6c05e73-588e-419b-b12a-786037141abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/B7nPnGK6CDe0h-3gITKZEXyYbiu1um7fpEJhfduYYTBu1CQ", "content": "", "creation_timestamp": "2025-02-10T10:00:05.000000Z"}, {"uuid": "662860cf-5f2f-480f-8a1c-766d098f764f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7923", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:57:35.000000Z"}, {"uuid": "dac347bb-37de-43c0-8dbe-f7d742e27d67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2114", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T18:01:14.000000Z"}, {"uuid": "cd547a85-0e92-4a57-a58c-e11f429aaf58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21852", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T10:50:19.000000Z"}, {"uuid": "ed15d128-b483-4ba9-a764-22ff8b6a5f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3275", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:57:15.000000Z"}, {"uuid": "ec524a89-0825-4b39-8ced-dd3676cd11d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3269", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T09:36:25.000000Z"}, {"uuid": "257e583e-01f5-4852-b54e-26f1eff04d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21898", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:58:14.000000Z"}, {"uuid": "a0eb70f4-6183-415d-a730-65a5fcf3874d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/x0_f7YGAw8w2X2T2kmYLEbsIvhM6drNbQwO1xsFhclFP5TU", "content": "", "creation_timestamp": "2024-07-17T13:12:24.000000Z"}, {"uuid": "ccfaec2b-f431-4078-8b98-ad89adeea2da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6704", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:57:35.000000Z"}, {"uuid": "0cf6f5fd-6998-41f7-89c8-9b9930931d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/fAXZm1Yvbldb_iU-viyD5c58AYqQ4zX6h4wkq_DRT6sbTV8", "content": "", "creation_timestamp": "2024-07-02T16:14:04.000000Z"}, {"uuid": "bd5fd603-6890-445e-a2e1-b092c9813eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://t.me/MrVGunz/1161", "content": "\u0634\u0646\u0627\u0633\u0647 CVE-2024-27348: \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0632\u0631\u06cc\u0642 Groovy \u062f\u0631 Apache HugeGraph-Server \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f. \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0628\u0647 \u0646\u0633\u062e\u0647 1.3.0 \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u06cc\u062f.\n\nCVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.", "creation_timestamp": "2024-06-04T12:48:00.000000Z"}, {"uuid": "a6d78b79-5fb4-4cea-b2db-987abf6e589f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6681", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T10:50:14.000000Z"}, {"uuid": "744e862e-6246-4dd6-b208-cd015943e2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5978", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T13:08:33.000000Z"}, {"uuid": "21ce0f9a-788a-4788-9802-7a45a6538e1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/533", "content": "https://github.com/Zeyad-Azima/CVE-2024-27348\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 )\n#github #exploit", "creation_timestamp": "2024-06-03T05:55:44.000000Z"}, {"uuid": "76cbb891-91a3-43b0-bffb-b65b4c4c70ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/548", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T21:02:41.000000Z"}, {"uuid": "db52837f-1dd5-402b-8951-a1cc86adfa63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/thehackernews/5262", "content": "\u26a0\ufe0f New Critical Flaw Alert: Apache HugeGraph-Server vulnerability (CVE-2024-27348) with a CVSS score of 9.8 is being actively exploited for remote code execution. \n \nLearn more: https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html \n \nAre your servers up-to-date?", "creation_timestamp": "2024-07-17T07:32:08.000000Z"}, {"uuid": "31550f3f-fc25-4a5e-a68f-165622d4c450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2589", "content": "https://github.com/kljunowsky/CVE-2024-27348\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit\n#github #exploit", "creation_timestamp": "2024-06-05T16:05:58.000000Z"}, {"uuid": "0436f451-fef1-4da7-85df-e263c11c1843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2576", "content": "https://github.com/Zeyad-Azima/CVE-2024-27348\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 )\n#github #exploit", "creation_timestamp": "2024-06-03T04:29:58.000000Z"}, {"uuid": "d1a4e4a4-ade0-411f-a9f3-669b5528255f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/10635", "content": "#exploit\n1. CVE-2024-27822:\nmacOS PackageKit Privilege Escalation\nhttps://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html\n\n2. CVE-2024-27348:\nApache HugeGraph Server RCE\nhttps://github.com/kljunowsky/CVE-2024-27348\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\n3. CVE-2024-34331:\nParallels Repack Privilege Escalation\nhttps://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html", "creation_timestamp": "2024-07-17T19:40:43.000000Z"}, {"uuid": "465f8fdf-3151-4744-9656-23d2671d599d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/S_E_Reborn/4953", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T19:33:17.000000Z"}]}