{"vulnerability": "CVE-2024-28000", "sightings": [{"uuid": "a3a99e9f-843f-439b-a126-d9df7aacab99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrquv7b7nm22", "content": "", "creation_timestamp": "2025-06-16T21:02:25.130263Z"}, {"uuid": "93ad012e-0d1a-4b1b-bb0a-bb15eb287d6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lrmx6sygew2r", "content": "", "creation_timestamp": "2025-06-15T07:32:55.472957Z"}, {"uuid": "859fd245-0bb7-4615-b565-7f3971e640ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lz7r6tasco2s", "content": "", "creation_timestamp": "2025-09-19T21:02:35.041047Z"}, {"uuid": "e1d3b0be-2902-4bb6-a653-8e055e74b491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8353", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof of Concept, CVE-2024-28000\nURL\uff1ahttps://github.com/Useems/CVE-2024-28000-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-24T08:34:28.000000Z"}, {"uuid": "caf29ccd-4276-4821-a60b-21e6610cea3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8338", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1a0Day CVE-2024-28000 Auto Exploiter on WordPress LiteSpeed Cache plugin\nURL\uff1ahttps://github.com/realbotnet/CVE-2024-28000\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-23T14:31:16.000000Z"}, {"uuid": "73bdaf54-1392-46ca-a05d-ea5ac4ba0d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8491", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-28000 LiteSpeed Cache Privilege Escalation Scan&amp;Exp\nURL\uff1ahttps://github.com/SSSSuperX/CVE-2024-28000\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-09T06:59:03.000000Z"}, {"uuid": "0115c5c1-5652-4dd8-b9c4-2bad6a9b6ded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8501", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account\nURL\uff1ahttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-10T08:18:38.000000Z"}, {"uuid": "4c94ccce-bde4-48ca-8ab2-b54ed5d6965a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8376", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for the CVE-2024 Litespeed Cache Privilege Escalation \nURL\uff1ahttps://github.com/arch1m3d/CVE-2024-28000\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-27T07:22:00.000000Z"}, {"uuid": "3f2c0159-2a0c-4904-a09d-e28d3a8f293d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/xatori_sec/88", "content": "CVE-2024-28000\n*\nWordPress, \u0434\u044b\u0440\u043a\u0430 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache (\u0441\u043b\u0430\u0431\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0445\u044d\u0448\u0430)\nLPE  \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0434\u043e 6.3.0.1\n*\nPOC exploit", "creation_timestamp": "2024-08-24T12:52:25.000000Z"}, {"uuid": "6388e9a9-c674-4938-9bc1-8a039768f6ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://t.me/itsec_news/4674", "content": "\u200b\u26a1\ufe0fCVE-2024-44000: \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f WordPress \u0432\u043d\u043e\u0432\u044c \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c\n\n\ud83d\udcac \u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache \u0434\u043b\u044f WordPress \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 CVE-2024-44000 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS \u0432 7.5 \u0431\u0430\u043b\u043b\u043e\u0432, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 6.4.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Patchstack \u0420\u0430\u0444\u0438 \u041c\u0443\u0445\u0430\u043c\u043c\u0430\u0434 \u043e\u0442\u043c\u0435\u0442\u0438\u043b \u0432 \u0441\u0432\u043e\u0451\u043c \u043e\u0442\u0447\u0451\u0442\u0435, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0451\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430. \u042d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u043d\u0430 \u0441\u0430\u0439\u0442 \u0438 \u043f\u0440\u043e\u0447\u0438\u043c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f\u043c.\n\n\u041f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043b \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u043e\u0442\u043b\u0430\u0434\u043a\u0438 \u00ab/wp-content/debug.log\u00bb, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u0441\u044f \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e cookie \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0435\u0430\u043d\u0441\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u0442\u043e \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0451\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u043d\u043e\u0441\u0438\u0442 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440 \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b, \u0442\u0430\u043a \u043a\u0430\u043a \u0434\u043b\u044f \u0435\u0451 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0447\u0442\u043e\u0431\u044b \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 \u0431\u044b\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043e\u0442\u043b\u0430\u0434\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432\u044b\u043a\u043b\u044e\u0447\u0435\u043d\u0430. \u041e\u0434\u043d\u0430\u043a\u043e, \u0441\u0430\u0439\u0442\u044b, \u0433\u0434\u0435 \u044d\u0442\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0431\u044b\u043b\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0440\u0430\u043d\u0435\u0435 \u0438 \u0444\u0430\u0439\u043b \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u043d\u0435 \u0431\u044b\u043b \u0443\u0434\u0430\u043b\u0451\u043d, \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0440\u0438\u0441\u043a\u0443.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 LiteSpeed Cache 6.5.0.1 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0430\u0435\u0442 \u0444\u0430\u0439\u043b \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0432 \u043d\u043e\u0432\u0443\u044e \u043f\u0430\u043f\u043a\u0443, \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u0442 \u0438\u043c\u044f \u0444\u0430\u0439\u043b\u0430 \u0438 \u0438\u0441\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u0430\u043d\u043d\u044b\u0445 \u043e cookie. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 \u00ab/wp-content/debug.log\u00bb \u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0435\u0433\u043e, \u0435\u0441\u043b\u0438 \u043e\u0442\u043b\u0430\u0434\u043a\u0430 \u0431\u044b\u043b\u0430 \u043a\u043e\u0433\u0434\u0430-\u043b\u0438\u0431\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0432 \u00ab.htaccess\u00bb, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u0430. \u042d\u0442\u043e \u0441\u043d\u0438\u0437\u0438\u0442 \u0440\u0438\u0441\u043a, \u0435\u0441\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u043e\u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u0433\u0430\u0434\u0430\u0442\u044c \u043d\u043e\u0432\u043e\u0435 \u0438\u043c\u044f \u0444\u0430\u0439\u043b\u0430 \u043c\u0435\u0442\u043e\u0434\u043e\u043c \u043f\u043e\u0434\u0431\u043e\u0440\u0430. \u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-44000 \u043f\u043e\u0434\u0447\u0451\u0440\u043a\u0438\u0432\u0430\u044e\u0442 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043e\u0442\u043b\u0430\u0434\u043a\u0438 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u043c\u0438, \u0447\u0442\u043e\u0431\u044b \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u0443\u0442\u0435\u0447\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0435 \u043f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u043c\u0435\u0441\u044f\u0446. \u0422\u0430\u043a, \u0440\u0430\u043d\u0435\u0435 \u043c\u044b \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-28000, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0443\u0440\u043e\u0432\u043d\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f 5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-09-06T16:54:22.000000Z"}, {"uuid": "4646b6aa-8676-4c37-8fff-68ce58bd1034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/3522", "content": "#exploit\n1. CVE-2024-40711:\nVeeam Backup &amp; Response - RCE\nhttps://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2\n\n2. CVE-2024-28000:\nLiteSpeed Cache Privilege Escalation\nhttps://github.com/Alucard0x1/CVE-2024-28000\n\n3. CVE-2024-6800:\nGHES Authentication Bypass\nhttps://cyble.com/blog/saml-exploit-github-cve-2024-6800", "creation_timestamp": "2024-09-10T10:01:29.000000Z"}, {"uuid": "857609b2-80ff-479d-a896-fc55bb2f7a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "Telegram/3vatDWzAWAjeRaF2O5WA6NW8Fm5-4ZWI_kBCkC9q2U-ZEQ", "content": "", "creation_timestamp": "2024-09-12T03:03:17.000000Z"}, {"uuid": "c4b41b19-c4fe-4d22-ba4e-76edeffd3e97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1956", "content": "https://github.com/JohnDoeAnonITA/CVE-2024-28000\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account\n#github #exploit #\u63d0\u6743", "creation_timestamp": "2024-09-11T18:12:16.000000Z"}, {"uuid": "d8e807a4-6b6e-4d31-b642-59bd2ff9eb60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://t.me/cvedetector/3769", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28000 - LiteSpeed Technologies LiteSpeed Cache Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-28000 \nPublished : Aug. 21, 2024, 2:15 p.m. | 17\u00a0minutes ago \nDescription : Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.3.0.1. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T16:34:21.000000Z"}, {"uuid": "5c2baa4a-95a1-4fc2-9430-d7ad9602b0ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://t.me/HackingInsights/10905", "content": "\u200aCritical CVE-2024-28000 (CVSS 9.8) Flaw Puts 5 Million WordPress Sites at Risk of Complete Takeover\n\nhttps://securityonline.info/critical-cve-2024-28000-flaw-puts-5-million-wordpress-sites-at-risk-of-complete-takeover/", "creation_timestamp": "2024-08-22T12:21:39.000000Z"}, {"uuid": "4240b03e-c6aa-49f8-b927-452e8229587b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/669", "content": "#exploit\n1. CVE-2024-40711:\nVeeam Backup &amp; Response - RCE\nhttps://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2\n\n2. CVE-2024-28000:\nLiteSpeed Cache Privilege Escalation\nhttps://github.com/Alucard0x1/CVE-2024-28000\n\n3. CVE-2024-6800:\nGHES Authentication Bypass\nhttps://cyble.com/blog/saml-exploit-github-cve-2024-6800", "creation_timestamp": "2024-09-10T10:01:29.000000Z"}, {"uuid": "dfdb9ad4-ff84-418d-9ea8-eeea698af8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/BlackHat0Hackers/3533", "content": "CVE-2024-28000\n*\nWordPress, \u0434\u044b\u0440\u043a\u0430 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache (\u0441\u043b\u0430\u0431\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0445\u044d\u0448\u0430)\nLPE  \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0434\u043e 6.3.0.1\n*\nPOC exploit", "creation_timestamp": "2024-10-05T11:03:44.000000Z"}, {"uuid": "596d2f16-f1a2-4233-ad5f-e52ccd714001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/311", "content": "#exploit\n1. CVE-2024-40711:\nVeeam Backup &amp; Response - RCE\nhttps://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2\n\n2. CVE-2024-28000:\nLiteSpeed Cache Privilege Escalation\nhttps://github.com/Alucard0x1/CVE-2024-28000\n\n3. CVE-2024-6800:\nGHES Authentication Bypass\nhttps://cyble.com/blog/saml-exploit-github-cve-2024-6800", "creation_timestamp": "2024-09-10T14:05:36.000000Z"}, {"uuid": "cc146bc6-6076-468f-a22d-4622e9d0c8f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2702", "content": "\ud83d\udea8LiteSpeed Cache Privilege Escalation PoC - CVE-2024-28000\n\nhttps://darkwebinformer.com/litespeed-cache-privilege-escalation-poc-cve-2024-28000/", "creation_timestamp": "2024-08-26T22:20:23.000000Z"}, {"uuid": "d14a8f2a-6e46-4cc7-9a62-8358fb6b6e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "Telegram/-1BqOg-3Ri9KmpizBnv1vcOSUIPCrC25RBsutDifmwGKwx4", "content": "", "creation_timestamp": "2024-09-11T18:01:31.000000Z"}, {"uuid": "1284f0da-4fcf-474f-a7c9-6b27ced0befd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/18586", "content": "https://github.com/JohnDoeAnonITA/CVE-2024-28000\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account\n#github #exploit #\u63d0\u6743", "creation_timestamp": "2024-09-11T18:12:16.000000Z"}, {"uuid": "6739570b-74d0-43d6-849b-3c6549ca3894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/871", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:19:51.000000Z"}, {"uuid": "116160ec-67c5-4d18-b264-26892aaa4712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/145929", "content": "CVE-2024-28000\n*\nWordPress, \u0434\u044b\u0440\u043a\u0430 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache (\u0441\u043b\u0430\u0431\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0445\u044d\u0448\u0430)\nLPE  \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0434\u043e 6.3.0.1\n*\nPOC exploit", "creation_timestamp": "2024-08-24T18:01:34.000000Z"}, {"uuid": "ef1de1b0-9bd3-489d-9f6f-85724adda605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8745", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:19:56.000000Z"}, {"uuid": "676f5389-2648-469f-9d2c-2695738685e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23768", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:20:59.000000Z"}, {"uuid": "41fbba77-4275-44fe-8625-9a9514f154c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3721", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:20:05.000000Z"}, {"uuid": "341774c4-2311-4d8e-a6cb-2b5ebd72984e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/461", "content": "CVE-2024-28000\n*\nWordPress, \u0434\u044b\u0440\u043a\u0430 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache (\u0441\u043b\u0430\u0431\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0445\u044d\u0448\u0430)\nLPE  \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0434\u043e 6.3.0.1\n*\nPOC exploit", "creation_timestamp": "2024-08-24T18:01:33.000000Z"}, {"uuid": "4f08f2b3-9945-4c5b-aab2-f81b62ab0932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2246", "content": "CVE-2024-28000\n*\nWordPress, \u0434\u044b\u0440\u043a\u0430 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache (\u0441\u043b\u0430\u0431\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0445\u044d\u0448\u0430)\nLPE  \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0434\u043e 6.3.0.1\n*\nPOC exploit", "creation_timestamp": "2024-08-24T11:29:48.000000Z"}, {"uuid": "4262eb31-99b8-41f7-9e5e-03d0bc4f2134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7409", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:19:56.000000Z"}, {"uuid": "bafad0d5-4e42-4eff-8621-cb7d108c6c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://t.me/true_secator/6212", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043e\u0442\u0440\u0430\u0441\u043b\u0435\u0432\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.\n\n1. Ivanti, \u043a\u0430\u043a \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c, \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0430\u0441\u044c \u0441 \u044d\u043a\u0430\u043f\u043b\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Cloud Service Appliance (CSA). CVE-2024-8190 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435. \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Ivanti CSA \u0441 \u0438\u0441\u0442\u0435\u043a\u0448\u0438\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u043e\u0441\u0438\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u041f\u041e, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a.\n\n2. Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-29847, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u0432 Ivanti Endpoint Manager, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0438 \u0442\u0443\u0442 \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n3. Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Vision Pro \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0424\u043b\u043e\u0440\u0438\u0434\u044b \u0438 \u0422\u0435\u0445\u0430\u0441\u0441\u043a\u043e\u0433\u043e \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0438, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u043f\u0430\u0440\u043e\u043b\u0438, \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u0437\u0433\u043b\u044f\u043d\u0443\u0432 \u043d\u0430 \u043a\u043b\u0430\u0432\u0438\u0448\u0438.\n\n\u041c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 GAZEploit \u0438 \u0435\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043f\u0435\u0447\u0430\u0442\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c Vision Pro, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0434\u0432\u0438\u0436\u0435\u043d\u0438\u044f \u0433\u043b\u0430\u0437.\n\n\u0410\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 30 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u0445 \u0438 \u043f\u043e\u043a\u0430\u0437\u0430\u043b\u0430 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0442\u043e\u0447\u043d\u043e\u0441\u0442\u044c.\n\nApple \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u043a\u00a0CVE-2024-40865\u00a0 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0435\u0435 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c visionOS 1.3. \n\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f visionOS 1.3 \u0431\u044b\u043b\u0430 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0438\u044e\u043b\u044f, \u043d\u043e 5 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f Apple \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0435\u0435, \u0432\u043a\u043b\u044e\u0447\u0438\u0432 CVE-2024-40865.\u00a0\n\n4. \u0415\u0449\u0435 \u043f\u043e Apple: \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432 iOS 18 \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442\u00a0\u0444\u0443\u043d\u043a\u0446\u0438\u044e\u00a0\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b iPhone, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u043a\u0430\u043c\u0435\u0440\u044b, \u0430\u043a\u043a\u0443\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u044b \u0438 \u0434\u0438\u0441\u043f\u043b\u0435\u0438. \n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u043b\u044e\u0441\u043e\u0432 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u0441\u0443\u043b\u0438\u0442 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u043c\u043e\u043d\u0442\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0434\u043b\u044f \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u043c\u0430\u0441\u0442\u0435\u0440\u0441\u043a\u0438\u0445.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0413\u0430\u0431\u043e\u0440 \u041b\u0435\u0433\u0440\u0430\u0434\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Spring Java. \n\nCVE-2024-38816 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u044e\u0431\u043e\u043c\u0443 \u0444\u0430\u0439\u043b\u0443 \u0432\u043d\u0443\u0442\u0440\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430.\n\n\u0410\u0442\u0430\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 VMware \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.\n\n6. \u041c\u0438\u043a\u043a\u043e \u041a\u0435\u043d\u0442\u0442\u044f\u043b\u044f \u0432\u044b\u043a\u0430\u0442\u0438\u043b \u043e\u0442\u0447\u0435\u0442 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0441\u0435\u0440\u0438\u0438 \u043e\u0448\u0438\u0431\u043e\u043a, \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0445 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430 \u043d\u0430\u0437\u0430\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f Zero Click \u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u0440\u0435\u0434\u044b \u043a\u0430\u043b\u0435\u043d\u0434\u0430\u0440\u044f macOS. \u0412\u0441\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 2022 \u043f\u043e \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c 2023 \u0433\u043e\u0434\u0430.\n\n7. \u0412 Positive Technologies \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e \u0441\u0430\u043c\u044b\u0435 \u043e\u043f\u0430\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435:\n\n- RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Windows Remote Desktop Licensing Service, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 MadLicense (CVE-2024-38077);\n\n- \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 Mark of the Web \u0432 Windows, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 (CVE-2024-38213);\n\n- EoP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u044f\u0434\u0440\u0435 Windows (CVE-2024-38106), \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 Ancillary Function (CVE-2024-38193) \u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Power Dependency Coordinator (CVE-2024-38107);\n\n- EoP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache \u0434\u043b\u044f WordPress CMS (CVE-2024-28000).", "creation_timestamp": "2024-09-16T19:00:07.000000Z"}, {"uuid": "fd759de7-b991-4f73-a085-aa2915e6fb8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6177", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0438 \u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c\u0438 \u0442\u0440\u0435\u043d\u0434\u0430\u043c\u0438 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Mistymntncop \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b PoC \u0434\u043b\u044f CVE-2024-5274, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Chrome, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Google \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0435\u0449\u0435 \u0432 \u043c\u0430\u0435.\n\nQiAnXin \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043e\u0442\u0447\u0435\u0442 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0435\u0439 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0438 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 0-day \u0432 Windows DWM Core, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2024-30051 \u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Qakbot.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Jamf \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043e\u0431\u0437\u043e\u0440 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043e\u0431\u0445\u043e\u0434\u0430 Gatekeeper macOS \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e.\n\nPatchstack \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 CVE-2024-44000, \u0435\u0449\u0435 \u043e\u0434\u043d\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f LiteSpeed WordPress, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u041f\u0435\u0440\u0432\u043e\u0439 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0441\u0442\u0430\u043b\u0430 CVE-2024-28000, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0435 \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b cookie \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043e\u0442\u043b\u0430\u0434\u043a\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430.\n\n\u041e\u043d\u0430 \u0431\u044b\u043b\u0430\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 22 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2024 \u0433\u043e\u0434\u0430, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e \u0432\u0447\u0435\u0440\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c LiteSpeed Cache \u0432\u0435\u0440\u0441\u0438\u0438 6.5.0.1.\n\nVeeam \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f 18 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Veeam Backup &amp; Replication, Service Provider Console \u0438 One.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2024-40711 - \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f (CVSS v3.1: 9,8) \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Veeam Backup &amp; Replication, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\nApache \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CVE-2024-45195 \u0432 \u0441\u0432\u043e\u0435\u043c \u041f\u041e \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c OFBiz (Open For Business), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Linux \u0438 Windows.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Rapid7 \u0438 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u044f\u043c\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 Apache \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 18.12.16, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u044b\u0441\u043e\u043a\u0430, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u043e \u0441\u0432\u044f\u0437\u0430\u043d\u043e \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 RCE \u0432 OFBiz, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.", "creation_timestamp": "2024-09-06T16:05:05.000000Z"}, {"uuid": "6ec59e80-3fdc-409d-a2a4-55b0e67caa1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "exploited", "source": "https://t.me/true_secator/6122", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 LiteSpeed Cache \u0434\u0435\u043b\u0430\u0435\u0442 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0430\u0439\u0442\u043e\u0432 WordPress \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a.\n\nLiteSpeed Cache - \u044d\u0442\u043e \u043e\u0434\u0438\u043d \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f WordPress \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0439 WooCommerce, bbPress, ClassicPress \u0438 Yoast SEO.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2024-28000) \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0438\u043c\u0438\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u0430 \u0441\u043b\u0430\u0431\u044b\u043c \u0445\u044d\u0448\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u0432 LiteSpeed \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.3.0.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e.\n\n\u041e\u0448\u0438\u0431\u043a\u0443 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0414\u0436\u043e\u043d \u0411\u043b\u044d\u043a\u0431\u043e\u0440\u043d, \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u043d\u0435\u0439 1 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u0432 Patchstack \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 BugBounty.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 LiteSpeed \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 13 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 LiteSpeed Cache \u0432\u0435\u0440\u0441\u0438\u0438 6.4.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u0437\u0430\u0445\u0432\u0430\u0442 \u0441\u0430\u0439\u0442\u0430 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 LiteSpeed Cache \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0432\u044b\u0442\u0435\u043a\u0430\u044e\u0449\u0438\u043c\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c\u0438.\n\n\u0425\u044d\u0448 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0434\u0438\u043d \u043c\u0438\u043b\u043b\u0438\u043e\u043d \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0440\u0443\u0442, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0447\u0430\u0441\u043e\u0432 \u0434\u043e \u043e\u0434\u043d\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0445\u044d\u0448 \u0442\u0430\u043a\u0436\u0435 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0432 \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u0445 \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c \u0440\u0435\u0436\u0438\u043c\u043e\u043c \u043e\u0442\u043b\u0430\u0434\u043a\u0438, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438.\u00a0\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 \u043f\u0440\u043e\u0448\u043b\u044b\u0439 \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f,\u00a0\u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0438\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 WordPress \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0447\u0443\u0442\u044c \u0431\u043e\u043b\u0435\u0435 2,5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a, \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442 \u0441\u0430\u0439\u0442\u044b \u0443\u0433\u0440\u043e\u0437\u0430\u043c \u0430\u0442\u0430\u043a.\n\n\u0412 Patchstack \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0445\u044d\u0448\u0430 \u0441\u043d\u0438\u0436\u0430\u0435\u0442 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\u00a0\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043f\u043b\u0430\u0433\u0438\u043d, \u0434\u043b\u044f \u0436\u0435\u043b\u0430\u044e\u0449\u0435\u0433\u043e \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442, \u044d\u0442\u043e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442-\u0430\u0442\u0430\u043a\u0430.\n\nDefiant, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442 \u043e\u0431 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u0441\u043e\u043c\u043d\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0443\u0434\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0441\u0430\u043c\u043e\u0435 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.", "creation_timestamp": "2024-08-22T16:00:07.000000Z"}, {"uuid": "fbb3fd07-42a9-4333-8076-558fab5396fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "exploited", "source": "https://t.me/true_secator/6129", "content": "\u0415\u0449\u0435 \u0432\u0447\u0435\u0440\u0430 Wordfence \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u0430, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 LiteSpeed Cache WordPress \u0431\u0443\u0434\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0441\u0430\u043c\u043e\u0435 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n\u0410 \u044d\u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043d\u0430\u0441\u0442\u0430\u043b\u043e \u0443\u0436\u0435 \u0441\u0435\u0433\u043e\u0434\u043d\u044f: \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e CVE-2024-28000, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 WordPress \u0434\u043e 6.3.0.1.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0441\u043b\u0430\u0431\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0445\u044d\u0448\u0430 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0438\u043c\u0438\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u0430, \u0447\u0442\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u0431\u043e\u0440\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0445\u044d\u0448\u0430 \u0441 \u0446\u0435\u043b\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u0421\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c \u044d\u0442\u043e \u0447\u0435\u0440\u0435\u0437 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Patchstack \u0432\u0447\u0435\u0440\u0430\u00a0\u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044e \u0445\u0435\u0448\u0430 \u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0445\u0435\u0448, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0430 \u0437\u0430\u0442\u0435\u043c \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u043e\u0432\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 REST API.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043e\u043a\u043e\u043b\u043e 30% \u0441\u0430\u0439\u0442\u043e\u0432 WordPress \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u043b\u0430\u0433\u0438\u043d\u0430, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435 LiteSpeed Cache \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 5 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430\u0445 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u0417\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 24 \u0447\u0430\u0441\u0430 Wordfence \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 48 500 \u0430\u0442\u0430\u043a,\u00a0\u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 CVE-2024-28000, \u0447\u0442\u043e \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043e \u0432\u043e\u0437\u0440\u0430\u0441\u0442\u0430\u044e\u0449\u0435\u0439 \u0438\u043d\u0442\u0435\u043d\u0441\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c LiteSpeed Cache \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 6.4.1 \u0438\u043b\u0438 \u0432\u043e\u0432\u0441\u0435 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d \u0441 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430.", "creation_timestamp": "2024-08-23T15:50:05.000000Z"}, {"uuid": "ca808057-44fb-4b17-b4b7-f3d432d3ee09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://t.me/thehackernews/5456", "content": "\ud83d\udea8 A critical flaw in LiteSpeed Cache plugin could allow attackers to gain admin access to WordPress sites. \n \nThis vulnerability (CVE-2024-28000) affects over 5 million sites, leaving businesses exposed to severe security risks. \n \nRead: https://thehackernews.com/2024/08/critical-flaw-in-wordpress-litespeed.html", "creation_timestamp": "2024-08-22T07:14:40.000000Z"}, {"uuid": "77f1660c-8b72-46a1-8882-b8d0d06ccab7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3155", "content": "https://github.com/JohnDoeAnonITA/CVE-2024-28000\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account\n#github #exploit #\u63d0\u6743", "creation_timestamp": "2024-09-11T17:38:12.000000Z"}, {"uuid": "70bb4dc8-64ff-4dd6-8422-b32091693278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "Telegram/Car4153GSeVW78AiwVP6ELex_3ftOT8K2Pu-LaiQtVqpBmhu", "content": "", "creation_timestamp": "2024-09-11T18:07:25.000000Z"}, {"uuid": "a47dc98e-20f8-47db-86cf-9a6f6e21407c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11107", "content": "#exploit\n1. CVE-2024-40711:\nVeeam Backup &amp; Response - RCE\nhttps://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2\n]-&gt; https://github.com/watchtowrlabs/CVE-2024-40711\n\n2. CVE-2024-28000:\nLiteSpeed Cache Privilege Escalation\nhttps://github.com/Alucard0x1/CVE-2024-28000\n\n3. CVE-2024-6800:\nGHES Authentication Bypass\nhttps://cyble.com/blog/saml-exploit-github-cve-2024-6800", "creation_timestamp": "2024-09-16T18:20:15.000000Z"}, {"uuid": "671e90ba-476c-4f92-9192-921f6140237c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/280", "content": "Tools - Hackers Factory \n\nLeading free and open-source face recognition system.\n\nhttps://github.com/exadel-inc/CompreFace\n\nOkta Verify and Okta FastPass Abuse Tool.\n\nhttps://github.com/CCob/okta-terrify\n\nA list of open-source aviation projects and data.\n\nhttps://github.com/lucianosrp/open-source-aviation\n\nDisconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines.\n\nhttps://github.com/CCob/DGPOEdit\n\nDump cookies and credentials directly from Chrome/Edge process memory.\n\nhttps://github.com/Meckazin/ChromeKatz\n\n#Exploit\n\n1. CVE-2022-0944:\n\nGitHub sqlpad/sqlpad Template Injection/RCE\nhttps://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation\n\n2. CVE-2024-21388:\n\nMicrosoft Edge EoP\nhttps://github.com/d0rb/CVE-2024-21388\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account.\n\nhttps://github.com/JohnDoeAnonITA/CVE-2024-28000\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-13T05:21:00.000000Z"}, {"uuid": "1241680a-b384-4357-9f14-124676061571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/89", "content": "https://github.com/JohnDoeAnonITA/CVE-2024-28000\n\nCVE-2024-28000 Exploit for litespeed-cache =&lt;6.3 allows Privilege Escalation with creation of administrator account\n#github #exploit #\u63d0\u6743", "creation_timestamp": "2024-12-21T15:47:34.000000Z"}, {"uuid": "8fe5d244-637f-47ca-adf9-01f58ac7dccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-28000", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mkq4eakkcq2s", "content": "CVE cr\u00edtico en LiteSpeed Cache: 5 millones de sitios\n\nCVE-2024-28000 en LiteSpeed Cache tiene CVSS 9.8 y afect\u00f3 5 millones de sitios. C\u00f3mo verificar si fuiste v\u00edctima y c\u00f3mo parchear tu WordPress ahora.\n\n#litespeedcache #cve202428000 #escaladadeprivilegios #wordpressseguridad #pluginsvulnerables", "creation_timestamp": "2026-04-30T17:13:15.728569Z"}]}