{"vulnerability": "CVE-2024-27348", "sightings": [{"uuid": "21b8da4e-1ac7-42b2-8fa5-abac2711ee98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-09-20T18:10:03.000000Z"}, {"uuid": "fc99296a-dc97-4ced-b2f7-5e8100bad2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "65bf5f60-212b-4052-8b60-17a25a90cab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-06)", "content": "", "creation_timestamp": "2025-02-06T00:00:00.000000Z"}, {"uuid": "b455f717-70ce-4748-a067-6b5a6e05f699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:01.000000Z"}, {"uuid": "9d87ba83-2e9b-4e93-be72-770d6e0ed03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:58.000000Z"}, {"uuid": "596ca018-e0c1-4c12-aa06-1c89c752fccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmejvr74ze2q", "content": "", "creation_timestamp": "2025-04-09T08:07:56.766451Z"}, {"uuid": "4d74de3d-ddd4-4fbb-813c-d73cd40dec9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-15)", "content": "", "creation_timestamp": "2025-05-15T00:00:00.000000Z"}, {"uuid": "53fa5d61-0edc-43fc-98f3-0c4291456d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmifndzalw2t", "content": "", "creation_timestamp": "2025-04-10T21:02:18.764606Z"}, {"uuid": "df693cd1-3ebe-4b2d-96c2-f16689912de4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "53a854a5-af28-4423-9194-52334ab9e689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-20)", "content": "", "creation_timestamp": "2025-09-20T00:00:00.000000Z"}, {"uuid": "ba3679df-6351-44fc-befe-72bf16cb4669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-05)", "content": "", "creation_timestamp": "2025-10-05T00:00:00.000000Z"}, {"uuid": "d1ecd05f-c211-4d6b-9a1d-2d685d137ab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb", "content": "", "creation_timestamp": "2024-08-14T09:30:49.000000Z"}, {"uuid": "7bdb05e5-5459-4765-85d3-ec7c113217b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d7b1e7b0-a95e-46bd-8f3a-d1968dfa657b", "content": "", "creation_timestamp": "2026-02-02T12:26:28.411618Z"}, {"uuid": "0719e0c3-4266-4f47-a19c-df84183bf505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7483", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aHugeGraph Server RCE Scanner ( CVE-2024-27348 )\nURL\uff1ahttps://github.com/Zeyad-Azima/CVE-2024-27348\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-31T20:14:51.000000Z"}, {"uuid": "925d7c0e-3faa-484d-a2f1-2fb8b7ec715b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7510", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-27348 Proof of concept Exploit - Unauthenticated RCE in Apache HugeGraph Server\nURL\uff1ahttps://github.com/kljunowsky/CVE-2024-27348\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-06-03T19:22:42.000000Z"}, {"uuid": "fd2abd48-d0f0-48f1-9622-9753ca7d9a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/cQf2CT3r4WvnJhAn_Z5tbBdbHlIor2zaa0XkqChp6pgA9CQ", "content": "", "creation_timestamp": "2025-12-13T09:00:04.000000Z"}, {"uuid": "95f40651-8284-4a7f-af27-cf81594e86ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13050", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Exploit-code | Zero-Day: CVE-2024-27348 (RCE) - Unauth users can execute commands via Groovy injection in Apache HugeGraph-Server.\n\nFix: Upgrade to version 1.3.0\n\nPython Scanner: https://github.com/Zeyad-Azima/CVE-2024-27348", "creation_timestamp": "2024-06-03T02:16:35.000000Z"}, {"uuid": "271395bc-3048-44c2-b0df-2b5c27930787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-website/wp-login.php\"\n    payload = {\n        \"username\": \"attacker_username\",\n        \"password\": \"attacker_password\"\n    }\n    response = requests.post(url, data=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-camera-ip/api/exploit\"\n    payload = {\"command\": \"switch_network\"}\n    response = requests.post(url, json=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-hugegraph-server\"\n    payload = {\"exploit\": \"malicious_code_here\"}\n    response = requests.post(url, json=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n    Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}, {"uuid": "2dcf164f-a47c-46b0-b229-26a9e656c9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/475", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T21:02:41.000000Z"}, {"uuid": "1e5b1a5b-18ce-4dd5-9784-861e761f2efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/464", "content": "https://github.com/Zeyad-Azima/CVE-2024-27348\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 )\n#github #exploit", "creation_timestamp": "2024-06-03T05:55:44.000000Z"}, {"uuid": "172e1a70-abb5-4719-a4ba-0052420f83b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "Telegram/6TjTMn3eJ4SIQXACl90w0pYk95P-tseSc5ZpOgbPehxwHw", "content": "", "creation_timestamp": "2024-07-17T07:58:44.000000Z"}, {"uuid": "78e4f4a7-6c1a-4e13-9b1a-f358f1f90fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/feYi57SvoYtPXJUtMYFTAKZJgaMQOxVMuutGWUodZDs", "content": "", "creation_timestamp": "2024-06-07T22:09:57.000000Z"}, {"uuid": "fcffab96-ab74-4d05-9e6b-d6b41323cda1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/682", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8Apache HugeGraph Server RCE Scanner (CVE-2024-27348).\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE202427348 #Vulnerability \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nhttps://x.com/DarkWebInformer/status/1798761369623515326", "creation_timestamp": "2024-06-06T19:00:10.000000Z"}, {"uuid": "75b57539-7c8b-4933-8f4c-396ed2ee8844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/HackingInsights/6468", "content": "\u200aActive Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released\n\nhttps://securityonline.info/active-exploits-targeting-apache-hugegraph-flaw-cve-2024-27348-poc-code-released/", "creation_timestamp": "2024-07-18T10:13:01.000000Z"}, {"uuid": "5a495296-22eb-4f03-975d-649ddb0162ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/1633", "content": "\u200aCVE-2024-27348: Apache HugeGraph RCE Vulnerability, PoC Exploit Published\n\nhttps://securityonline.info/cve-2024-27348-apache-hugegraph-rce-vulnerability-poc-exploit-published/", "creation_timestamp": "2024-06-05T11:43:01.000000Z"}, {"uuid": "af520024-b58c-4751-81f8-1f80313902f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/veIOHsbV5kLZGnQksJSl1JOrCFYfC-6sYrwF7hGdBF9KK0en", "content": "", "creation_timestamp": "2024-07-23T18:28:14.000000Z"}, {"uuid": "59298591-13eb-4cdf-b530-d5e6f0221f39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/936", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T21:02:17.000000Z"}, {"uuid": "0545fa72-70b4-4b1a-8e6c-c88dbaceac25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/15247", "content": "The Hacker News\nCritical Apache HugeGraph Vulnerability Under Attack - Patch ASAP\n\nThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.\nTracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.\n\"Users are", "creation_timestamp": "2024-07-17T07:58:45.000000Z"}, {"uuid": "39f3c4c9-d81d-4e66-a3ba-469a5906f042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "Telegram/_5ikaDwwOP-YTEC3A66jN4BdPOUaHTxwBchjujeNg5YV-w", "content": "", "creation_timestamp": "2024-07-17T08:17:27.000000Z"}, {"uuid": "9f700d32-52fb-4d60-9b7b-0cead2caa9b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/0QbDKVhn6TCrVXkSdD0th2eJVlWHCP4L_6A9AZOFrjNSMEg", "content": "", "creation_timestamp": "2024-08-06T23:48:46.000000Z"}, {"uuid": "887ea069-78d1-4112-ae08-34711efe51c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/kk8UfhFwmY5fCWc2ol4Wfv6GNmAscGhX1y7IkyBsp1-AehM", "content": "", "creation_timestamp": "2024-08-22T10:54:43.000000Z"}, {"uuid": "d3473046-1eb9-4e44-a3fd-2dedf848a291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/166", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:09:47.000000Z"}, {"uuid": "48892974-2072-4d9b-9ec3-a4802bb86b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/170", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:10:39.000000Z"}, {"uuid": "ecf6f4d1-accc-48e5-801b-f043c29307d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/2962", "content": "The Hacker News\nCritical Apache HugeGraph Vulnerability Under Attack - Patch ASAP\n\nThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.\nTracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.\n\"Users are", "creation_timestamp": "2024-07-17T07:58:45.000000Z"}, {"uuid": "93dacce2-f249-4181-a4bd-bb502ece410b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/KomunitiSiber/2258", "content": "Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP\nhttps://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html\n\nThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.\nTracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.\n\"Users are", "creation_timestamp": "2024-07-17T09:35:22.000000Z"}, {"uuid": "b6c05e73-588e-419b-b12a-786037141abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/B7nPnGK6CDe0h-3gITKZEXyYbiu1um7fpEJhfduYYTBu1CQ", "content": "", "creation_timestamp": "2025-02-10T10:00:05.000000Z"}, {"uuid": "0b7af850-c4be-4c86-889b-ecdf356dc6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7899", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T10:50:14.000000Z"}, {"uuid": "662860cf-5f2f-480f-8a1c-766d098f764f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7923", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:57:35.000000Z"}, {"uuid": "257e583e-01f5-4852-b54e-26f1eff04d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21898", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:58:14.000000Z"}, {"uuid": "cd547a85-0e92-4a57-a58c-e11f429aaf58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21852", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T10:50:19.000000Z"}, {"uuid": "ed15d128-b483-4ba9-a764-22ff8b6a5f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3275", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:57:15.000000Z"}, {"uuid": "ec524a89-0825-4b39-8ced-dd3676cd11d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3269", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T09:36:25.000000Z"}, {"uuid": "dac347bb-37de-43c0-8dbe-f7d742e27d67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2114", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T18:01:14.000000Z"}, {"uuid": "a0eb70f4-6183-415d-a730-65a5fcf3874d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/x0_f7YGAw8w2X2T2kmYLEbsIvhM6drNbQwO1xsFhclFP5TU", "content": "", "creation_timestamp": "2024-07-17T13:12:24.000000Z"}, {"uuid": "0cf6f5fd-6998-41f7-89c8-9b9930931d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "Telegram/fAXZm1Yvbldb_iU-viyD5c58AYqQ4zX6h4wkq_DRT6sbTV8", "content": "", "creation_timestamp": "2024-07-02T16:14:04.000000Z"}, {"uuid": "ccfaec2b-f431-4078-8b98-ad89adeea2da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6704", "content": "Tools - Hackers Factory\n\nTools for analyzing EDR agents \n\nhttps://github.com/outflanknl/edr-internals\n\nCodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security \n\nhttps://github.com/github/codeql\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit \n\nhttps://github.com/kljunowsky/CVE-2024-27348\n\nAll-in-one desktop app for running LLMs locally. \n\nhttps://github.com/cztomsik/ava\n\nA Powerful Network Reconnaissance Tool for Security Professionals \n\nhttps://github.com/fkkarakurt/reconic\n\nAgentic LLM Vulnerability Scanner \n\nhttps://github.com/msoedov/agentic_security\n\nLinux Incident Response Reporting \n\nhttps://github.com/emrekybs/MrHandler\n\nTo detect logic bugs in graph database engines by mutating graph query patterns. ICSE'24. \n\nhttps://github.com/YuanchengJiang/GraphGenie\n\nAn interactive shell to spoof some LOLBins command line \n\nhttps://github.com/itaymigdal/LOLSpoof\n\nA Modern Framework for Bug Bounty Hunting \n\nhttps://github.com/R-s0n/ars0n-framework\n\nGWPSan: Sampling-Based Sanitizer Framework \n\nhttps://github.com/google/gwpsan\n\n#HackersFactory", "creation_timestamp": "2024-06-09T07:57:35.000000Z"}, {"uuid": "a6d78b79-5fb4-4cea-b2db-987abf6e589f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6681", "content": "Tools - Hackers Factory\n\nA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements. \n\nhttps://github.com/xnl-h4ck3r/XnlReveal\n\nBurp Extension to find potential endpoints, parameters, and generate a custom target wordlist \n\nhttps://github.com/xnl-h4ck3r/GAP-Burp-Extension\n\nFinds graphql queries in javascript files \n\nhttps://github.com/xssdoctor/graphqlMaker\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) \n\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\nUnauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6 \n\nhttps://github.com/Chocapikk/CVE-2024-25600\n\nA good collection with browser exploit CTF challenges. Please feel free to share if there is additional. Thank you all.\n\nhttps://github.com/exd0tpy/CTF-browser-challenges?tab=readme-ov-file\n\nhttps://github.com/m1ghtym0/browser-pwn\n\nhttps://github.com/De4dCr0w/Browser-pwn\n\nOracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability \n\nhttps://github.com/mansk1es/CVE-2024-21111\n\nA Hex Editor for Reverse Engineers, Programmers\n\nhttps://github.com/WerWolv/ImHex\n\nLocal & remote Windows DLL Proxying \n\nhttps://github.com/synacktiv/DLHell\n\n#HackersFactory", "creation_timestamp": "2024-06-05T10:50:14.000000Z"}, {"uuid": "bd5fd603-6890-445e-a2e1-b092c9813eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://t.me/MrVGunz/1161", "content": "\u0634\u0646\u0627\u0633\u0647 CVE-2024-27348: \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u063a\u06cc\u0631\u0645\u062c\u0627\u0632 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u0632\u0631\u06cc\u0642 Groovy \u062f\u0631 Apache HugeGraph-Server \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f. \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0628\u0647 \u0646\u0633\u062e\u0647 1.3.0 \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u06cc\u062f.\n\nCVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.", "creation_timestamp": "2024-06-04T12:48:00.000000Z"}, {"uuid": "744e862e-6246-4dd6-b208-cd015943e2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5978", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T13:08:33.000000Z"}, {"uuid": "21ce0f9a-788a-4788-9802-7a45a6538e1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/533", "content": "https://github.com/Zeyad-Azima/CVE-2024-27348\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 )\n#github #exploit", "creation_timestamp": "2024-06-03T05:55:44.000000Z"}, {"uuid": "76cbb891-91a3-43b0-bffb-b65b4c4c70ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/548", "content": "CVE-2024-27348 RCE \u0432 Apache HugeGraph Server\n*\nUsage:\npython3 CVE-2024-27348.py -t http://target.tld:8080 -c \"command to execute\"\n\n*\nPOC exploit\n\n#apache #rce", "creation_timestamp": "2024-06-06T21:02:41.000000Z"}, {"uuid": "db52837f-1dd5-402b-8951-a1cc86adfa63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/thehackernews/5262", "content": "\u26a0\ufe0f New Critical Flaw Alert: Apache HugeGraph-Server vulnerability (CVE-2024-27348) with a CVSS score of 9.8 is being actively exploited for remote code execution. \n \nLearn more: https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html \n \nAre your servers up-to-date?", "creation_timestamp": "2024-07-17T07:32:08.000000Z"}, {"uuid": "31550f3f-fc25-4a5e-a68f-165622d4c450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2589", "content": "https://github.com/kljunowsky/CVE-2024-27348\n\nApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit\n#github #exploit", "creation_timestamp": "2024-06-05T16:05:58.000000Z"}, {"uuid": "0436f451-fef1-4da7-85df-e263c11c1843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2576", "content": "https://github.com/Zeyad-Azima/CVE-2024-27348\n\nApache HugeGraph Server RCE Scanner ( CVE-2024-27348 )\n#github #exploit", "creation_timestamp": "2024-06-03T04:29:58.000000Z"}, {"uuid": "465f8fdf-3151-4744-9656-23d2671d599d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "exploited", "source": "https://t.me/S_E_Reborn/4953", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T19:33:17.000000Z"}, {"uuid": "d1a4e4a4-ade0-411f-a9f3-669b5528255f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27348", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/10635", "content": "#exploit\n1. CVE-2024-27822:\nmacOS PackageKit Privilege Escalation\nhttps://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html\n\n2. CVE-2024-27348:\nApache HugeGraph Server RCE\nhttps://github.com/kljunowsky/CVE-2024-27348\nhttps://github.com/Zeyad-Azima/CVE-2024-27348\n\n3. CVE-2024-34331:\nParallels Repack Privilege Escalation\nhttps://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html", "creation_timestamp": "2024-07-17T19:40:43.000000Z"}]}