{"vulnerability": "CVE-2024-2961", "sightings": [{"uuid": "b8b3b61c-52d0-4668-9d6c-8b860b9320ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://dustri.org/b/upcoming-hardening-in-php.html", "content": "", "creation_timestamp": "2024-11-12T07:32:46.139458Z"}, {"uuid": "75f84d8c-ccc2-4859-9bc5-2034869be551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "249ecb3d-3691-4bb8-985d-0507a7a77430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:02.000000Z"}, {"uuid": "622ea26b-d22c-4874-88c8-1f281b56f611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://gist.github.com/X1r0z/0c6a4323fd600a07091d6392cb9c77b5", "content": "", "creation_timestamp": "2025-02-11T15:06:39.000000Z"}, {"uuid": "3a22509c-eb85-4b15-862f-6b33e36b4593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7514", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis repository contains a C program to test for CVE-2024-2961, a buffer overflow vulnerability in the iconv() function of glibc.\nURL\uff1ahttps://github.com/exfil0/test_iconv\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-04T00:09:53.000000Z"}, {"uuid": "524b64c0-4198-409f-b404-486503d47880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "7f522050-9d62-4603-9715-ecd74db54a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:31.000000Z"}, {"uuid": "c6825363-d4d2-4116-a2f3-2f1c574e2d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "94c06ab1-91ea-42cd-865f-ac50cb5483dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb", "content": "", "creation_timestamp": "2024-10-18T13:02:37.000000Z"}, {"uuid": "0cabce34-b859-4d75-a491-4cced6d4a0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "fbf3f5ea-34b1-453b-b3fd-b5beb2d59db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7347", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024\u20132961 Security Issue Mitigation Script\nURL\uff1ahttps://github.com/rvizx/CVE-2024-2961\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-20T06:56:40.000000Z"}, {"uuid": "b9285a55-8726-4810-bf79-cc2cee524a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8505", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()\nURL\uff1ahttps://github.com/pointedsec/CVE-2024-44541\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-10T14:41:46.000000Z"}, {"uuid": "f73a6467-b871-4462-827f-4fd1772563a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12465", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7\nURL\uff1ahttps://github.com/suce0155/CVE-2024-2961_buddyforms_2.7.7\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-04T13:57:20.000000Z"}, {"uuid": "29ab714d-7399-4d04-a804-d5e160a0e0d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12463", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aCVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7\nURL\uff1ahttps://github.com/suce0155/cve-2024-2961_buddyforms\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-04T13:40:35.000000Z"}, {"uuid": "c701aeba-e95b-46be-9135-790d6289d06f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/itsec_news/5097", "content": "\u200b\u26a1\ufe0fGoogle Tag Manager \u0441\u0442\u0430\u043b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u043a\u0440\u0430\u0436\u0438 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445\n\n\ud83d\udcac\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043d\u043e\u0432\u043e\u043c\u0443 \u043e\u0442\u0447\u0435\u0442\u0443 Trustwave, \u0432 \u043f\u0440\u0435\u0434\u0434\u0432\u0435\u0440\u0438\u0438 \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u0447\u043d\u043e\u0433\u043e \u0441\u0435\u0437\u043e\u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0445 \u043a\u0430\u0440\u0442 \u0438 \u043b\u0438\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u0410\u0442\u0430\u043a\u0438 Magecart, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0432 2015 \u0433\u043e\u0434\u0443, \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432.\n\nMagecart \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Magento, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u044b \u0442\u044b\u0441\u044f\u0447\u0438 \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u041f\u0430\u043d\u0434\u0435\u043c\u0438\u044f 2020 \u0433\u043e\u0434\u0430 \u0443\u0441\u0438\u043b\u0438\u043b\u0430 \u0443\u0433\u0440\u043e\u0437\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043f\u0435\u0440\u0435\u0445\u043e\u0434 \u043d\u0430 \u043e\u043d\u043b\u0430\u0439\u043d-\u043f\u043e\u043a\u0443\u043f\u043a\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a.\n\n\u0425\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0430\u0439\u0442\u0430\u043c. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435, \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u0445 \u0438\u043b\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0441\u0430\u0439\u0442\u0430. \u0412 2024 \u0433\u043e\u0434\u0443 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\nCVE-2024-20720 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.1) \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Magento, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b. \u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2024 \u0433\u043e\u0434\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u043c \u0432\u0437\u043b\u043e\u043c\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432.\nCosmicSting ( CVE-2024-34102 \u0438 CVE-2024-2961 ) \u2014 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432. \u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0434\u043e 75% \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c Adobe Commerce \u0438 Magento.\n\u041f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0441\u043a\u0438\u043c\u043c\u0435\u0440\u044b \u043d\u0430 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u043a\u0430\u0437\u043e\u0432. \u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u043e\u043c\u0435\u0440\u0430 \u043a\u0430\u0440\u0442 \u0438 CVV-\u043a\u043e\u0434\u044b.\n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u0443\u0447\u0430\u0441\u0442\u0438\u043b\u0438\u0441\u044c \u0441\u043b\u0443\u0447\u0430\u0438 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c Google Tag Manager (GTM), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c. \u0425\u0430\u043a\u0435\u0440\u044b \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b GTM \u0438 \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u0430\u0445. \u0422\u0430\u043a\u043e\u0439 \u043c\u0435\u0442\u043e\u0434 \u0442\u0440\u0443\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c, \u0442\u0430\u043a \u043a\u0430\u043a GTM \u043a\u0430\u0436\u0435\u0442\u0441\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c.\n\n\u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f WebSocket. \u0427\u0430\u0441\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u043e\u0434\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 Base64 \u0434\u043b\u044f \u0443\u0441\u043b\u043e\u0436\u043d\u0435\u043d\u0438\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430.\n\n\u0414\u043b\u044f \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0438\u0441\u043a\u043e\u0432 \u0430\u0442\u0430\u043a Magecart \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f:\n\n\u0421\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f;\n\u041e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0438 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b;\n\u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c Content Security Policy (CSP) \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0435\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432;\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c Subresource Integrity (SRI) \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432;\n\u041f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439.\n\u0410\u0442\u0430\u043a\u0438 Magecart \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439, \u0438 \u0437\u0430\u0449\u0438\u0442\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-01-10T11:40:31.000000Z"}, {"uuid": "0de293cf-4c84-4667-930b-e9c9169b7b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7464", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBash script to patch for CVE-2024-2961\nURL\uff1ahttps://github.com/absolutedesignltd/iconvfix\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-30T13:48:21.000000Z"}, {"uuid": "edb9251b-de8c-44fd-8bf8-6f409f1533e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/cKure/13181", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 \u2757\ufe0f Sansec researchers are warning of a critical CosmicSting vulnerability that affects almost 75% of sites using Adobe Commerce and Magento.\n\nDespite the release of emergency fixes, nine days later the situation remains unchanged: millions of sites are at risk of serious XML external entity injection (XXE) and RCE attacks.\n\nCosmicSting is also tracked as CVE-2024-34102 (CVSS: 9.8) and represents the most severe bug in Magento and Adobe Commerce in the last two years.\n\nBy itself, it allows an attacker to view private files (for example, files with passwords). However, when combined with a recent bug in Linux, iconv (CVE-2024-2961) carries powerful malicious RCE potential.\n\nThe issue affects Adobe Commerce 2.4.7 (and earlier versions, including 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), Adobe Commerce Extended Support 2.4.3-ext-7 (2.4.2-ext -7, 2.4.1-ext-7, 2.4.0-ext-7, 2.3.7-p4-ext-7 and earlier), Magento 2.4.7 (and earlier including 2.4.6-p5 , 2.4.5-p7, 2.4.4-p8), as well as the Adobe Commerce Webhooks plugin (from 1.2.0 to 1.4.0).\n\nAs Sansec notes, the absence of a detailed technical description in the Adobe bulletin will not prevent active exploitation, since effective attack methods can be modeled by analyzing the patch code.\n\nGiven its high severity and low sophistication, CosmicSting can now be considered one of the most destructive attacks in e-commerce history, along with Shoplift, Ambionics and Trojan Order, according to Sansec .\n\nResearchers recommend that platform administrators apply patches for CVE-2024-34102 as soon as possible or follow the proposed mitigation measures.", "creation_timestamp": "2024-06-22T07:57:07.000000Z"}, {"uuid": "5e989978-72af-40c9-9fbe-7a804c20b9e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7429", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()\nURL\uff1ahttps://github.com/ambionics/cnext-exploits\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-27T08:50:42.000000Z"}, {"uuid": "cfb4c8c9-e9d3-4cda-b6a9-2c1d9ca8aaa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/habr_com_news/27158", "content": "\u0412 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 C-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Glibc \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2024-2961), \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0442\u0440\u043e\u043a \u0432 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0435 ISO-2022-CN-EXT \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 iconv().\n\n#\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430 #\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c", "creation_timestamp": "2024-04-23T05:44:41.000000Z"}, {"uuid": "0556b223-a9bf-4f72-852f-ce8cabfcd545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/YAH_Channel/806", "content": "CVE-2023-26326\n\u041c\u043e\u0449\u043d\u044e\u0447\u0438\u0439 \u0440\u0435\u0441\u0435\u0447 \u043d\u0430 RCE \u0447\u0435\u0440\u0435\u0437 \u043b\u044e\u0431\u043e\u0439 SSRF \u0432 PHP:\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "creation_timestamp": "2024-05-31T08:48:29.000000Z"}, {"uuid": "d9f412d7-652f-4645-8247-c88dc0fc8256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/6lKByArH9FS3kGV0eBc5AxMt53ZNy3FxF1pgZuVY2NXgTHI", "content": "", "creation_timestamp": "2025-08-21T15:00:06.000000Z"}, {"uuid": "fcb8f7fd-243f-4d73-ace4-49b611cc93e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1593", "content": "#Threat_Research\nIconv, set the charset to RCE:\nPart 1: https://t.me/CyberSecurityTechnologies/10575\nPart 2 - Exploiting the glibc to hack PHP engine (CVE-2024-2916)\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2\nPart 3 - Exploitation of CVE-2024-2961 blindly\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "creation_timestamp": "2024-10-02T16:38:49.000000Z"}, {"uuid": "d3b2f1f9-cd4d-4bfc-97e5-52d77639a894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "exploited", "source": "https://t.me/sycebrex/188", "content": "\u041f\u0430\u0442\u0447\u0438\u043d\u0433 \u0438\u0437 \u0433\u043e\u0432\u043d\u0430 \u0438 \u043f\u0430\u043b\u043e\u043a \u043f\u0440\u0438\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u043b\u0430\u0431\u043e\u0443\u043c\u0438\u0435\u043c \u0438 \u043e\u0442\u0432\u0430\u0433\u043e\u0439\n\n\u041f\u043e\u043a\u0430 \u041c\u043e\u0441\u043a\u0432\u0430 \u043f\u043b\u0430\u0432\u0438\u0442\u0441\u044f, \u043a\u0430\u043a \u0441\u043b\u0438\u0432\u043e\u0447\u043d\u043e\u0435 \u043c\u0430\u0441\u043b\u043e, \u0440\u0430\u0441\u0441\u043a\u0430\u0436\u0443 \u0432\u0430\u043c \u0437\u0430\u043d\u044f\u0442\u043d\u0443\u044e \u0438\u0441\u0442\u043e\u0440\u0438\u044e \u043f\u0440\u043e \u043c\u043e\u0435\u0433\u043e \u0434\u0440\u0443\u0433\u0430 \u0421\u0435\u0440\u0435\u0433\u0443, \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u044f \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0442\u0443\u0442 \u0443\u043f\u043e\u043c\u044f\u043d\u0430\u044e. \u041a\u0441\u0442\u0430\u0442\u0438, \u0435\u0441\u043b\u0438 \u043a\u0442\u043e \u043e\u0442\u0433\u0430\u0434\u0430\u0435\u0442 \u043e\u0442\u043a\u0443\u0434\u0430 \u0435\u0433\u043e \u043d\u0438\u043a Spacewasp - \u043f\u0440\u0438\u0448\u043b\u044e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043c\u0435\u0440\u0447\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e. \u042f \u0443\u0436\u0435 \u0442\u0430\u043a \u0434\u0435\u043b\u0430\u043b \u0440\u0430\u043d\u044c\u0448\u0435, \u0431\u0435\u0437 \u0448\u0443\u0442\u043e\u0447\u0435\u043a.\n\n\u0421\u0435\u0440\u0435\u0433\u0430 \u043e\u0447\u044c \u043a\u0440\u0443\u0442\u043e\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438 \u0432 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u0430\u043b\u0443\u0435\u0442\u0441\u044f \u0431\u0430\u0433\u0431\u0430\u0443\u043d\u0442\u044f\u043c\u0438. \u0412 \u043a\u043e\u043d\u0446\u0435 2023 \u0433\u043e\u0434\u0430 \u043e\u043d \u043d\u0430\u0448\u0435\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Magento. \u042d\u0442\u043e \u043e\u0445\u0440\u0435\u043d\u0435\u0442\u044c \u043a\u0430\u043a\u043e\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0442 Adobe \u0434\u043b\u044f eCommerce. \u041a\u0430\u043a \u043f\u0438\u0448\u0443\u0442 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u044b, \u041c\u0430\u0433\u0435\u043d\u0442\u043e\u0439 \u043e\u043a\u0443\u0447\u0435\u043d\u043e \u0434\u043e 38% \u043e\u043d\u043b\u0430\u0439\u043d \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432. \n\n\u0421\u0435\u0440\u0435\u0433\u0430 \u043d\u0430\u0448\u0435\u043b XXE (XML external entity attack), \u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b \u0432 \u0431\u0430\u0433\u0431\u0430\u0443\u043d\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 HackerOne. \u0422\u0430\u0439\u043c\u0438\u043d\u0433 \u0442\u0443\u0442 \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f: \n\ud83d\uddff\u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b 20 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2023\n\ud83d\uddff\u0410\u0434\u043e\u0431 \u043f\u0440\u0438\u043d\u044f\u043b \u0431\u0430\u0433\u0443 8 \u044f\u043d\u0432\u0430\u0440\u044f 2024\n\ud83d\uddff\u0431\u0430\u0431\u043a\u0438 \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0438 21 \u043c\u0430\u044f 2024 (9000 \u0431\u0430\u043a\u0441\u043e\u0432; \u043d\u0430 \u043c\u043e\u0439 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0432\u0437\u0433\u043b\u044f\u0434 \u044d\u0442\u043e \u043c\u0430\u043b\u043e \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u043c\u043f\u0430\u043a\u0442\u0430 \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u0432\u0430\u0436\u043d\u044b\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0410\u0434\u043e\u0431 \u044f\u0432\u043d\u043e \u043d\u0435\u0434\u043e\u043e\u0446\u0435\u043d\u0438\u043b)\n\ud83d\uddff\u0444\u0438\u043a\u0441 \u0437\u0430\u043f\u0443\u0448\u0438\u043b\u0438 \u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 CVE-2024-34102 11 \u0438\u044e\u043d\u044f 2024\n\n\u0424\u0438\u043a\u0441 - \u041a\u041e\u0420\u042f\u0412\u042b\u0419 (\u043e\u0447\u0435\u043d\u044c \u0432\u0430\u0436\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043d\u0435 \u0431\u0443\u0434\u0443). \u0418 \u0432 \u0446\u0435\u043b\u043e\u043c \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0410\u0434\u043e\u0431\u043e\u043c \u0431\u044b\u043b\u0438 \u043d\u0435 \u0448\u0438\u0431\u043a\u043e \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u044b\u0435, \u043a\u0430\u043a \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b \u043f\u043e\u0437\u0436\u0435 \u0421\u0435\u0440\u0435\u0433\u0430. \u042d\u0442\u043e \u0431\u044b\u043b \u043f\u0435\u0440\u0432\u044b\u0439 \u0430\u043a\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \"\u041f\u0430\u0442\u0447\u0438\u043d\u0433 \u0438\u0437 \u0433\u043e\u0432\u043d\u0430 \u0438 \u043f\u0430\u043b\u043e\u043a\". \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043a\u043e \u0432\u0442\u043e\u0440\u043e\u043c\u0443 - \"\u0421\u043b\u0430\u0431\u043e\u0443\u043c\u0438\u0435 \u0438 \u043e\u0442\u0432\u0430\u0433\u0430\".\n\n\u0412\u043d\u0435\u0437\u0430\u043f\u043d\u043e \u043d\u0430 \u0441\u0446\u0435\u043d\u0443 \u0432\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Sansec \u0443\u0432\u0438\u0434\u0435\u043b\u0430 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e CVE-2024-34102, \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u043e\u0440\u044f\u0432\u044b\u0439 \u0444\u0438\u043a\u0441 \u043e\u0442 \u0410\u0434\u043e\u0431\u0430 \u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044e\u00a0\u0438 \u0412\u041d\u0415\u0417\u0410\u041f\u041d\u041e \u0441\u0434\u0435\u043b\u0430\u043b\u0430 \u0434\u0432\u0435 \u0432\u0435\u0449\u0438: \u0445\u043e\u0440\u043e\u0448\u0443\u044e - \u043e\u043d\u0438 \u0434\u0430\u043b\u0438 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CosmicSting; \u0438 \u043f\u043b\u043e\u0445\u0443\u044e - \u043e\u043d\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438, \u043f\u043e \u0441\u0443\u0442\u0438, \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (\u0432\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c \u043a\u043e\u0440\u044f\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 \u043e\u0442 \u0410\u0434\u043e\u0431). Sansec \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0438\u043b\u0438 \u0441\u0432\u043e\u0439 Emergency Fix, \u043d\u043e \u043e\u043d \u0431\u044b\u043b \u043d\u0430 \u0441\u0442\u043e\u043b\u044c\u043a\u043e Emergency, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u043b\u0441\u044f \u044d\u043d\u043a\u043e\u0434\u0438\u043d\u0433\u043e\u043c \u0432\u0445\u043e\u0434\u043d\u043e\u0433\u043e JSON. \u0418, \u0441\u044e\u0440\u043f\u0440\u0438\u0437-\u0441\u044e\u0440\u043f\u0440\u0438\u0437, \u0447\u0443\u0432\u0430\u043a\u0438 \u0438\u0437 Hypernode\u00a0\u0443\u0436\u0435 27 \u0438\u044e\u043d\u044f \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u0436\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u042d\u0442\u0430 \u0431\u0430\u0433\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 CVE-2024-2961 \u0434\u0430\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0410 \u044d\u0442\u043e \u043e\u0447\u0435\u043d\u044c \u0433\u0440\u0443\u0441\u0442\u043d\u043e. \u0422\u0430\u043a\u043e\u0439 \u0440\u0430\u0441\u043a\u043b\u0430\u0434, \u0441\u0443\u0434\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443, \u0440\u0430\u0441\u0441\u0442\u0440\u043e\u0438\u043b \u0410\u0434\u043e\u0431 \u0438, \u043e \u0431\u043e\u0433\u0438, \u043e\u043d\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447\u00a0\u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \n\n\u0422\u0443\u0442 \u044f \u0438\u0441\u043a\u0440\u043d\u0435\u043d\u043d\u0435 \u043c\u043e\u0433\u0443 \u043f\u043e\u0437\u0434\u0440\u0430\u0432\u0438\u0442\u044c \u0421\u0435\u0440\u0435\u0433\u0443 \u0441 \"\u0438\u043c\u0435\u043d\u043d\u043e\u0439\" \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e. \u042d\u0442\u043e \u043a\u043b\u0430\u0441\u0441\u043d\u0430\u044f \u0430\u0447\u0438\u0432\u043a\u0430. \u0410 \u0435\u0449\u0435 \u0443 \u043d\u0435\u0433\u043e \u0445\u043e\u0440\u043e\u0448\u0435\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0431\u0435\u0437 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438", "creation_timestamp": "2024-07-04T19:47:41.000000Z"}, {"uuid": "63efef2b-0991-4407-b04f-80a2ea8365de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/4915", "content": "#Threat_Research\nIconv, set the charset to RCE:\nPart 1: https://t.me/CyberSecurityTechnologies/10575\nPart 2 - Exploiting the glibc to hack PHP engine (CVE-2024-2916)\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2\nPart 3 - Exploitation of CVE-2024-2961 blindly\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "creation_timestamp": "2024-10-02T16:38:48.000000Z"}, {"uuid": "6a25ab81-05ab-44d0-9cc8-7eae342f14c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/Hunt3rkill3rs1/337", "content": "CVE-2024-2961 - \u0442\u0438\u0445\u043e\u0445\u043e\u0434\u043a\u0430\n\u26d4\n\u041f\u043e\u043c\u043d\u0438\u0442\u0435 \u043c\u0435\u0441\u044f\u0446 \u043d\u0430\u0437\u0430\u0434 \u0431\u044b\u043b \u043a\u0438\u043f\u0438\u0448\u044c, \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u043e\u0433\u043e \u0447\u0442\u043e \u043d\u0430\u0448\u043b\u0438 \u0434\u044b\u0440\u043a\u0443 \u0432 glibc. \n\u0422\u043e\u0433\u0434\u0430 \u043c\u043d\u043e\u0433\u0438\u0435 \u0445\u043e\u0441\u0442\u0435\u0440\u044b \u0435\u0449\u0435 \u043d\u0430\u043f\u0440\u044f\u0433\u043b\u0438\u0441\u044c. \u041d\u043e \u0442\u0430\u043a \u043a\u0430\u043a \u0432 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u043f\u0430\u0431\u043b\u0438\u043a \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0443\u043f\u043b\u044b\u043b\u043e, \u0432\u0441\u0435 \u0443\u0441\u043f\u043e\u043a\u043e\u0438\u043b\u0438\u0441\u044c.\n\u0410 \u0440\u0435\u0441\u0451\u0440\u0447\u0435\u0440\u044b \u043d\u0435 \u0443\u0441\u043f\u043e\u043a\u043e\u0438\u043b\u0438\u0441\u044c, \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u0432\u043a\u0443\u0441\u043d\u043e \u043f\u0430\u0445\u043b\u043e \u043f\u0435\u0440\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0441\u043f\u043b\u043e\u0438\u0442\u043e\u043c.\n\u041d\u0443 \u0442\u0430\u043a \u0432\u043e\u0442, \u043d\u0430 \u0441\u0446\u0435\u043d\u0443 \u0432\u043f\u043e\u043b\u0437\u0430\u0435\u0442 Iconv \u0441\u043e \u0441\u0432\u043e\u0438\u043c RCE.\n*\n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0432\u044b\u0448\u0435\u043b \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0439 WriteUp (\u043f\u0435\u0440\u0432\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u0442\u0440\u0451\u0445), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u0430 \u0434\u044b\u0440\u044b 2961\n*\n\u0427\u0438\u0442\u0430\u0435\u043c\nIconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine", "creation_timestamp": "2024-05-27T20:01:24.000000Z"}, {"uuid": "fc4addf6-66e5-48bc-9c8e-a0b8e0801478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/1016", "content": "\u200aglibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published\n\nhttps://securityonline.info/glibc-flaw-cve-2024-2961-opens-door-to-rce-poc-exploit-published/", "creation_timestamp": "2024-05-28T18:50:02.000000Z"}, {"uuid": "c01a7a0f-758d-4c98-8bfa-513622f570d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/F8dzW3GxsxaVPdc_Iu76xbRBYSi3iGsJiXKAOLZG29igsDk", "content": "", "creation_timestamp": "2025-02-05T00:00:10.000000Z"}, {"uuid": "8a84ec05-9af5-4940-83fe-a145adeff586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "exploited", "source": "Telegram/FCl-zFUhmS9UiC9aFZN8Wtg1m5_J70RBJYj81-h3AognJmoR", "content": "", "creation_timestamp": "2024-04-24T14:54:06.000000Z"}, {"uuid": "c1832070-643d-454d-a930-7720bda39928", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/156", "content": "Tools - Hackers Factory\n\nAn incredibly fast proxy checker &amp; IP rotator with ease. \n\nhttps://github.com/kitabisa/mubeng\n\n[CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner \n\nhttps://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner/\n\nRepository to house markdown templates for researchers \n\nhttps://github.com/bugcrowd/templates\n\nPython for AWAE (Advanced Web Attacks and Exploitation) \n\nhttps://github.com/shreyaschavhan/python-for-awae\n\nA tool for collecting RDP, web and VNC screenshots all in one place \n\nhttps://github.com/nccgroup/scrying\n\nJeeves SQLI Finder \n\nhttps://github.com/ferreiraklet/Jeeves\n\nThe Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples. \n\nhttps://github.com/imperva/frida-jit-unpacker\n\nExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv() \n\nhttps://github.com/ambionics/cnext-exploits?tab=readme-ov-file\n\n\u53bb\u4e2d\u5fc3\u5316\u8fdc\u7a0b\u63a7\u5236\u5de5\u5177\uff08Decentralized Remote Administration Tool\uff09\uff0c\u901a\u8fc7ENS\u5b9e\u73b0\u4e86\u914d\u7f6e\u6587\u4ef6\u5206\u53d1\u7684\u53bb\u4e2d\u5fc3\u5316\uff0c\u901a\u8fc7Telegram\u5b9e\u73b0\u4e86\u670d\u52a1\u7aef\u7684\u53bb\u4e2d\u5fc3\u5316 \n\nhttps://github.com/SpenserCai/DRat\n\nAbusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. \n\nhttps://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV\n\nCollection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated)\n\nhttps://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md\n\nGitHub - yoryio/CVE-2024-20767: Exploit for CVE-2024-20767 - Adobe ColdFusion\n\nhttps://github.com/yoryio/CVE-2024-20767\n\nGitHub - TracecatHQ/tracecat: \ud83d\ude3c The open source alternative to Tines / Splunk SOAR. Build AI-assisted workflows, orchestrate alerts, and close cases fast.\n\nhttps://github.com/TracecatHQ/tracecat\n\nGitHub - sarperavci/CloudflareBypassForScraping: A cloudflare verification bypass script for webscraping\n\nhttps://github.com/sarperavci/CloudflareBypassForScraping\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:01:17.000000Z"}, {"uuid": "4c57a20a-941b-4709-82ea-4fb160c70f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/XIN-Y3hp1jfTcvV6CwOqxxQXZ4MmKS7rtpP9E0VrlY837nw", "content": "", "creation_timestamp": "2025-01-30T04:00:12.000000Z"}, {"uuid": "0a22be05-433a-4cc6-9ece-9c4f47914080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/EPMWd4WNRecTWvESTQHlRCQzOU9qSgjrCdYAHbAYrOYLHsY", "content": "", "creation_timestamp": "2025-02-04T22:00:06.000000Z"}, {"uuid": "da503855-d259-4497-a5c2-29624f80eef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3250", "content": "Tools - Hackers Factory\n\nAn incredibly fast proxy checker &amp; IP rotator with ease. \n\nhttps://github.com/kitabisa/mubeng\n\n[CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner \n\nhttps://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner/\n\nRepository to house markdown templates for researchers \n\nhttps://github.com/bugcrowd/templates\n\nPython for AWAE (Advanced Web Attacks and Exploitation) \n\nhttps://github.com/shreyaschavhan/python-for-awae\n\nA tool for collecting RDP, web and VNC screenshots all in one place \n\nhttps://github.com/nccgroup/scrying\n\nJeeves SQLI Finder \n\nhttps://github.com/ferreiraklet/Jeeves\n\nThe Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples. \n\nhttps://github.com/imperva/frida-jit-unpacker\n\nExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv() \n\nhttps://github.com/ambionics/cnext-exploits?tab=readme-ov-file\n\n\u53bb\u4e2d\u5fc3\u5316\u8fdc\u7a0b\u63a7\u5236\u5de5\u5177\uff08Decentralized Remote Administration Tool\uff09\uff0c\u901a\u8fc7ENS\u5b9e\u73b0\u4e86\u914d\u7f6e\u6587\u4ef6\u5206\u53d1\u7684\u53bb\u4e2d\u5fc3\u5316\uff0c\u901a\u8fc7Telegram\u5b9e\u73b0\u4e86\u670d\u52a1\u7aef\u7684\u53bb\u4e2d\u5fc3\u5316 \n\nhttps://github.com/SpenserCai/DRat\n\nAbusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. \n\nhttps://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV\n\nCollection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated)\n\nhttps://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md\n\nGitHub - yoryio/CVE-2024-20767: Exploit for CVE-2024-20767 - Adobe ColdFusion\n\nhttps://github.com/yoryio/CVE-2024-20767\n\nGitHub - TracecatHQ/tracecat: \ud83d\ude3c The open source alternative to Tines / Splunk SOAR. Build AI-assisted workflows, orchestrate alerts, and close cases fast.\n\nhttps://github.com/TracecatHQ/tracecat\n\nGitHub - sarperavci/CloudflareBypassForScraping: A cloudflare verification bypass script for webscraping\n\nhttps://github.com/sarperavci/CloudflareBypassForScraping\n\n#HackersFactory", "creation_timestamp": "2024-05-28T10:06:24.000000Z"}, {"uuid": "2aa5e3f2-ef6b-45f4-a296-900028807dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/RvktR4k9JwApBud5To0qGsMWoBxgvMdh7QqBbs4z7Kr9O7g", "content": "", "creation_timestamp": "2025-01-27T10:00:06.000000Z"}, {"uuid": "e62fe57d-26fc-4bfe-a3fe-7bd48eec33a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/SXqudEEcuqakb5MlDk-NKuYRWmtWijUqbJbqT7HTvVIRtvQ", "content": "", "creation_timestamp": "2025-01-29T22:00:06.000000Z"}, {"uuid": "4d60291b-3420-4555-8054-fb1a2e4cdc42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/sU-jNaPMtLGhQJIUlK_Y1eVeodJiHQnKe9p9PX30oKjDADc", "content": "", "creation_timestamp": "2025-01-29T12:30:50.000000Z"}, {"uuid": "fd2f889d-4d53-47f6-bd26-39976684ec73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/Jcz8p22MvmwAhBG5Fy50RK8-sXwLhyt48n06uP5R6U-giBw", "content": "", "creation_timestamp": "2025-02-02T10:00:06.000000Z"}, {"uuid": "efb79544-3efa-4cb2-95a7-9768a4415c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/cJsgRNVBrT561ip7U0GHo0TvX67x2CBLImkhnh0UxMyZU4Q", "content": "", "creation_timestamp": "2025-02-21T04:02:28.000000Z"}, {"uuid": "a6caf7c9-6400-4fd1-b342-ea2f6590f94e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7825", "content": "Tools - Hackers Factory\n\nAn incredibly fast proxy checker &amp; IP rotator with ease. \n\nhttps://github.com/kitabisa/mubeng\n\n[CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner \n\nhttps://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner/\n\nRepository to house markdown templates for researchers \n\nhttps://github.com/bugcrowd/templates\n\nPython for AWAE (Advanced Web Attacks and Exploitation) \n\nhttps://github.com/shreyaschavhan/python-for-awae\n\nA tool for collecting RDP, web and VNC screenshots all in one place \n\nhttps://github.com/nccgroup/scrying\n\nJeeves SQLI Finder \n\nhttps://github.com/ferreiraklet/Jeeves\n\nThe Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples. \n\nhttps://github.com/imperva/frida-jit-unpacker\n\nExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv() \n\nhttps://github.com/ambionics/cnext-exploits?tab=readme-ov-file\n\n\u53bb\u4e2d\u5fc3\u5316\u8fdc\u7a0b\u63a7\u5236\u5de5\u5177\uff08Decentralized Remote Administration Tool\uff09\uff0c\u901a\u8fc7ENS\u5b9e\u73b0\u4e86\u914d\u7f6e\u6587\u4ef6\u5206\u53d1\u7684\u53bb\u4e2d\u5fc3\u5316\uff0c\u901a\u8fc7Telegram\u5b9e\u73b0\u4e86\u670d\u52a1\u7aef\u7684\u53bb\u4e2d\u5fc3\u5316 \n\nhttps://github.com/SpenserCai/DRat\n\nAbusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. \n\nhttps://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV\n\nCollection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated)\n\nhttps://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md\n\nGitHub - yoryio/CVE-2024-20767: Exploit for CVE-2024-20767 - Adobe ColdFusion\n\nhttps://github.com/yoryio/CVE-2024-20767\n\nGitHub - TracecatHQ/tracecat: \ud83d\ude3c The open source alternative to Tines / Splunk SOAR. Build AI-assisted workflows, orchestrate alerts, and close cases fast.\n\nhttps://github.com/TracecatHQ/tracecat\n\nGitHub - sarperavci/CloudflareBypassForScraping: A cloudflare verification bypass script for webscraping\n\nhttps://github.com/sarperavci/CloudflareBypassForScraping\n\n#HackersFactory", "creation_timestamp": "2024-05-28T10:20:28.000000Z"}, {"uuid": "55c6e07e-28d2-42f4-a13b-c7e3e191b72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21615", "content": "Tools - Hackers Factory\n\nAn incredibly fast proxy checker &amp; IP rotator with ease. \n\nhttps://github.com/kitabisa/mubeng\n\n[CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner \n\nhttps://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner/\n\nRepository to house markdown templates for researchers \n\nhttps://github.com/bugcrowd/templates\n\nPython for AWAE (Advanced Web Attacks and Exploitation) \n\nhttps://github.com/shreyaschavhan/python-for-awae\n\nA tool for collecting RDP, web and VNC screenshots all in one place \n\nhttps://github.com/nccgroup/scrying\n\nJeeves SQLI Finder \n\nhttps://github.com/ferreiraklet/Jeeves\n\nThe Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples. \n\nhttps://github.com/imperva/frida-jit-unpacker\n\nExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv() \n\nhttps://github.com/ambionics/cnext-exploits?tab=readme-ov-file\n\n\u53bb\u4e2d\u5fc3\u5316\u8fdc\u7a0b\u63a7\u5236\u5de5\u5177\uff08Decentralized Remote Administration Tool\uff09\uff0c\u901a\u8fc7ENS\u5b9e\u73b0\u4e86\u914d\u7f6e\u6587\u4ef6\u5206\u53d1\u7684\u53bb\u4e2d\u5fc3\u5316\uff0c\u901a\u8fc7Telegram\u5b9e\u73b0\u4e86\u670d\u52a1\u7aef\u7684\u53bb\u4e2d\u5fc3\u5316 \n\nhttps://github.com/SpenserCai/DRat\n\nAbusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. \n\nhttps://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV\n\nCollection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated)\n\nhttps://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md\n\nGitHub - yoryio/CVE-2024-20767: Exploit for CVE-2024-20767 - Adobe ColdFusion\n\nhttps://github.com/yoryio/CVE-2024-20767\n\nGitHub - TracecatHQ/tracecat: \ud83d\ude3c The open source alternative to Tines / Splunk SOAR. Build AI-assisted workflows, orchestrate alerts, and close cases fast.\n\nhttps://github.com/TracecatHQ/tracecat\n\nGitHub - sarperavci/CloudflareBypassForScraping: A cloudflare verification bypass script for webscraping\n\nhttps://github.com/sarperavci/CloudflareBypassForScraping\n\n#HackersFactory", "creation_timestamp": "2024-05-28T10:27:55.000000Z"}, {"uuid": "4951fc4a-e6e7-4109-a1dc-e710b016fa77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/N8bgBSBkPNznkMvAB5WUrZyIrDF4arpRnY6P9jX8R8w5ocY", "content": "", "creation_timestamp": "2024-06-28T17:08:03.000000Z"}, {"uuid": "0a9b8542-6649-4f13-b862-0fc85b0ebe7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "Telegram/1vB96aQKQDLOMpqJzEiSCN-Is3OEEYw4fZZTRAPAB-EPvZg", "content": "", "creation_timestamp": "2024-06-28T07:06:43.000000Z"}, {"uuid": "d82de2a1-f351-4c71-91db-c55da157dbd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6610", "content": "Tools - Hackers Factory\n\nAn incredibly fast proxy checker &amp; IP rotator with ease. \n\nhttps://github.com/kitabisa/mubeng\n\n[CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner \n\nhttps://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner/\n\nRepository to house markdown templates for researchers \n\nhttps://github.com/bugcrowd/templates\n\nPython for AWAE (Advanced Web Attacks and Exploitation) \n\nhttps://github.com/shreyaschavhan/python-for-awae\n\nA tool for collecting RDP, web and VNC screenshots all in one place \n\nhttps://github.com/nccgroup/scrying\n\nJeeves SQLI Finder \n\nhttps://github.com/ferreiraklet/Jeeves\n\nThe Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples. \n\nhttps://github.com/imperva/frida-jit-unpacker\n\nExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv() \n\nhttps://github.com/ambionics/cnext-exploits?tab=readme-ov-file\n\n\u53bb\u4e2d\u5fc3\u5316\u8fdc\u7a0b\u63a7\u5236\u5de5\u5177\uff08Decentralized Remote Administration Tool\uff09\uff0c\u901a\u8fc7ENS\u5b9e\u73b0\u4e86\u914d\u7f6e\u6587\u4ef6\u5206\u53d1\u7684\u53bb\u4e2d\u5fc3\u5316\uff0c\u901a\u8fc7Telegram\u5b9e\u73b0\u4e86\u670d\u52a1\u7aef\u7684\u53bb\u4e2d\u5fc3\u5316 \n\nhttps://github.com/SpenserCai/DRat\n\nAbusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. \n\nhttps://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV\n\nCollection of references to write-ups, blog posts and papers related to cybersecurity, reverse engineering and exploitation (constantly updated)\n\nhttps://github.com/0xor0ne/awesome-list/blob/main/topics/cybersec.md\n\nGitHub - yoryio/CVE-2024-20767: Exploit for CVE-2024-20767 - Adobe ColdFusion\n\nhttps://github.com/yoryio/CVE-2024-20767\n\nGitHub - TracecatHQ/tracecat: \ud83d\ude3c The open source alternative to Tines / Splunk SOAR. Build AI-assisted workflows, orchestrate alerts, and close cases fast.\n\nhttps://github.com/TracecatHQ/tracecat\n\nGitHub - sarperavci/CloudflareBypassForScraping: A cloudflare verification bypass script for webscraping\n\nhttps://github.com/sarperavci/CloudflareBypassForScraping\n\n#HackersFactory", "creation_timestamp": "2024-05-28T10:20:28.000000Z"}, {"uuid": "a84a0ee5-7e29-4ecd-abb8-5075aa7dc298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2101", "content": "CVE-2024-2961 - \u0442\u0438\u0445\u043e\u0445\u043e\u0434\u043a\u0430 2\n*\n\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 glibc's iconv\n*\nExploit + POC \ud83d\udc4c\n\n#yammy", "creation_timestamp": "2024-05-27T21:11:01.000000Z"}, {"uuid": "648b380c-1db2-413f-962c-c2508ddc7c4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2100", "content": "CVE-2024-2961 - \u0442\u0438\u0445\u043e\u0445\u043e\u0434\u043a\u0430\n*\n\u041f\u043e\u043c\u043d\u0438\u0442\u0435 \u043c\u0435\u0441\u044f\u0446 \u043d\u0430\u0437\u0430\u0434 \u0431\u044b\u043b \u043a\u0438\u043f\u0438\u0448\u044c, \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u043e\u0433\u043e \u0447\u0442\u043e \u043d\u0430\u0448\u043b\u0438 \u0434\u044b\u0440\u043a\u0443 \u0432 glibc. \n\u0422\u043e\u0433\u0434\u0430 \u043c\u043d\u043e\u0433\u0438\u0435 \u0445\u043e\u0441\u0442\u0435\u0440\u044b \u0435\u0449\u0435 \u043d\u0430\u043f\u0440\u044f\u0433\u043b\u0438\u0441\u044c. \u041d\u043e \u0442\u0430\u043a \u043a\u0430\u043a \u0432 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u043f\u0430\u0431\u043b\u0438\u043a \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0443\u043f\u043b\u044b\u043b\u043e, \u0432\u0441\u0435 \u0443\u0441\u043f\u043e\u043a\u043e\u0438\u043b\u0438\u0441\u044c.\n\u0410 \u0440\u0435\u0441\u0451\u0440\u0447\u0435\u0440\u044b \u043d\u0435 \u0443\u0441\u043f\u043e\u043a\u043e\u0438\u043b\u0438\u0441\u044c, \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u0432\u043a\u0443\u0441\u043d\u043e \u043f\u0430\u0445\u043b\u043e \u043f\u0435\u0440\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0441\u043f\u043b\u043e\u0438\u0442\u043e\u043c.\n\u041d\u0443 \u0442\u0430\u043a \u0432\u043e\u0442, \u043d\u0430 \u0441\u0446\u0435\u043d\u0443 \u0432\u043f\u043e\u043b\u0437\u0430\u0435\u0442 Iconv \u0441\u043e \u0441\u0432\u043e\u0438\u043c RCE.\n*\n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0432\u044b\u0448\u0435\u043b \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u0439 WriteUp (\u043f\u0435\u0440\u0432\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u0442\u0440\u0451\u0445), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u0430 \u0434\u044b\u0440\u044b 2961\n*\n\u0427\u0438\u0442\u0430\u0435\u043c\nIconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine", "creation_timestamp": "2024-05-27T16:16:54.000000Z"}, {"uuid": "bb53cb41-6540-4c5b-9d88-d0f809a41c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/2857", "content": "\u0412\u044b\u0448\u043b\u0430 \u0432\u0442\u043e\u0440\u0430\u044f \u0441\u0435\u0440\u0438\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0430:\n\n\u043f\u0435\u0440\u0432\u0430\u044f \u0447\u0430\u0441\u0442\u044c:\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p1\n\n\u0432\u0442\u043e\u0440\u0430\u044f \u0447\u0430\u0441\u0442\u044c:\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "creation_timestamp": "2024-07-07T23:18:31.000000Z"}, {"uuid": "76da902b-23d2-412a-9388-bf3da1e94170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/true_secator/5792", "content": "\u041f\u043e\u0434\u043a\u0430\u0442\u0438\u043b\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 PoC \u0434\u043b\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0432\u0437\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u043e\u0447\u043d\u043e \u043d\u0435\u043b\u044c\u0437\u044f \u0443\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0438\u0437 \u0432\u0438\u0434\u0443.\n\nHorizon3 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u043b\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438 PoC \u0434\u043b\u044f CVE-2024-23108 \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 FortiSIEM, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f root \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 10/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\nCVE-2024-23108 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 FortiClient FortiSIEM \u0432\u0435\u0440\u0441\u0438\u0439 6.4.0 \u0438 \u0432\u044b\u0448\u0435 \u0438 \u0431\u044b\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e RCE (CVE-2024-23109) \u0441 \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10/10.\n\n\u0414\u043b\u044f \u043d\u0435\u0435 \u0442\u0430\u043a\u0436\u0435 \u0442\u0435\u043f\u0435\u0440\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0438 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435, \u0438 PoC. \n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e\u0442\u043a\u0430\u0437\u044b\u0432\u0430\u043b\u0438\u0441\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u0432\u0430\u0442\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0438 \u043f\u0440\u0438\u0441\u043e\u0432\u043e\u043a\u0443\u043f\u0438\u043b\u0438 \u0438\u0445 \u043a \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u043c\u0443 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044e \u043e\u0431\u00a0 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-34992. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e CVE-2024-23108 \u0438 CVE-2024-23109 \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u043c\u0438 \u043f\u0430\u0442\u0447\u0430\u043c\u0438 \u0434\u043b\u044f CVE-2023-34992. \u041d\u0435\u0434\u043e\u0440\u0430\u0437\u0443\u043c\u0435\u043d\u0438\u0435 \u0443\u0440\u0435\u0433\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043b\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0412\u0430\u043d \u0422\u0438\u043b\u0435\u043d \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b PoC \u0434\u043b\u044f CVE-2024-27842, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 Apple.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c macOS \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u044f\u0434\u0440\u0430. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 macOS Sonoma 14.5.\n\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438 PoC\u00a0\u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Glibc (CVE-2024-2961) \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0442\u0440\u0443\u0434\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f Ambionics \u0427\u0430\u0440\u043b\u044c\u0437\u0430 \u0424\u043e\u043b\u0430.\n\n\u041e\u0448\u0438\u0431\u043a\u0443 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PHP.", "creation_timestamp": "2024-05-29T12:55:07.000000Z"}, {"uuid": "a10f968b-639b-4ebc-bcb8-57edc19b6d52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/true_secator/6274", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c \u0441 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 PrivSec \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438 PoC \u0434\u043b\u044f CVE-2024-38200, \u043d\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 NTLM Relaying, \u0432\u043b\u0438\u044f\u044e\u0449\u0435\u0439 \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Office.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u0430\u043d\u043e\u043d\u0441\u0430 \u043d\u0430 DEFCON.\n\n2. GreyNoise \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0438\u044e\u043d\u044c\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SolarWinds Serv-U, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0443\u044e \u043a\u0430\u043a CVE-2024-28995.\n\n3. JetBrains \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 20 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 TeamCity CI/CD.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0427\u0430\u0440\u043b\u044c\u0437 \u0424\u043e\u043b \u0438\u0437 LEXFO \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u0442\u0440\u0435\u0442\u044c\u044e (\u043f\u0435\u0440\u0432\u0430\u044f \u0438 \u0432\u0442\u043e\u0440\u0430\u044f) \u0447\u0430\u0441\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0437\u0430 CVE-2024-2961, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Glibc (CVE-2024-2961), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PHP.\n\n5. \u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 LAN/LDN \u0432 Nintendo Mario Kart 8 Deluxe \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.0.3 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0442\u0435\u043a\u0430 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441\u0435\u0430\u043d\u0441\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u043e\u0431\u0437\u043e\u0440\u0430-\u043e\u0442\u0432\u0435\u0442\u0430, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043a\u0430\u043a KartLANPwn.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0436\u0435\u0440\u0442\u0432\u0435 \u043d\u0435 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0442\u044c\u0441\u044f \u043a \u0438\u0433\u0440\u043e\u0432\u043e\u0439 \u0441\u0435\u0441\u0441\u0438\u0438 \u0441\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c. \u0414\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043c\u0435\u043d\u044e \u00abWireless Play\u00bb (\u0438\u043b\u0438 \u00abLAN Play\u00bb) \u043d\u0430 \u0442\u0438\u0442\u0443\u043b\u044c\u043d\u043e\u043c \u044d\u043a\u0440\u0430\u043d\u0435 \u0438\u0433\u0440\u044b, \u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0439\u0441\u044f \u043f\u043e\u0431\u043b\u0438\u0437\u043e\u0441\u0442\u0438 (LDN) \u0438\u043b\u0438 \u0432 \u0442\u043e\u0439 \u0436\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u043a\u043e\u043d\u0441\u043e\u043b\u044c \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0412\u0441\u0435 \u044d\u0442\u043e (CVE-2024-45200) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 DoS \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0433\u0440\u044b \u0438\u043b\u0438, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e, RCE \u043d\u0430 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n6. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Akamai \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Common UNIX Printing System (CUPS) \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f DDoS-\u0430\u0442\u0430\u043a.\n\n\u0420\u0430\u043d\u0435\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0447\u0442\u043e, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Red Hat, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u0440\u0430\u0436\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0435\u0441\u043b\u0438 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u043e \u0447\u0430\u0441\u0442\u0438 RCE \u0431\u044b\u043b\u0430 \u0437\u0430\u0432\u044b\u0448\u0435\u043d\u0430, \u0442\u043e \u043f\u043e\u0437\u0434\u043d\u0435\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u00a0\u0443\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u043d\u043e \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0435\u0433\u043e \u0432 \u0430\u0442\u0430\u043a\u0443 \u0441 \u043d\u0443\u043b\u0435\u0432\u044b\u043c \u0449\u0435\u043b\u0447\u043a\u043e\u043c.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Akamai \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u043c\u0430\u0441\u043b\u0430 \u0432 \u043e\u0433\u043e\u043d\u044c, \u043e\u0442\u043c\u0435\u0442\u0438\u0432, \u0447\u0442\u043e \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0446\u0435\u043b\u044c \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c, \u043d\u043e \u0438 \u0445\u043e\u0441\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 CUPS \u0442\u0430\u043a\u0436\u0435 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0436\u0435\u0440\u0442\u0432\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0435\u0442 \u0435\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u0443\u044e \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u043d\u0443\u044e \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0426\u041f.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Akamai \u0432\u044b\u044f\u0432\u0438\u043b \u0431\u043e\u043b\u0435\u0435 58\u00a0000 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 CUPS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 DDoS-\u0430\u0442\u0430\u043a.\n\n\u0418 \u0435\u0441\u043b\u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u0432\u0441\u0435 58\u00a0000+ \u0445\u043e\u0441\u0442\u043e\u0432 CUPS \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u044b \u0432 \u043e\u0434\u043d\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e, \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0442\u043e\u043a\u0443 \u0432 1 \u0413\u0411 \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u043f\u0430\u043a\u0435\u0442 UDP \u0438\u0437 \u043f\u0440\u0438\u043c\u0435\u0440\u0430 \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u0421\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0442\u043e\u043a\u0443 \u0432 6 \u0413\u0411.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u044d\u0442\u0438 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043e\u0448\u0435\u043b\u043e\u043c\u043b\u044f\u044e\u0449\u0438\u043c\u0438, \u043e\u043d\u0438 \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0443\u0442 \u043a \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0446\u0435\u043b\u044c\u044e \u043e\u043a\u043e\u043b\u043e 2,6 \u043c\u043b\u043d. TCP-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043b\u0435\u0433\u043a\u043e \u0438 \u043d\u0435 \u043d\u0430\u043a\u043b\u0430\u0434\u043d\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0442\u0430\u043a\u0443\u044e \u0430\u0442\u0430\u043a\u0443, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0445\u043e\u0441\u0442\u044b CUPS, \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u043a\u0443\u043d\u0434.", "creation_timestamp": "2024-10-02T17:30:06.000000Z"}, {"uuid": "2f341cd0-3f27-4593-9784-ec3773817cae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/true_secator/5886", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sansec \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CosmicSting, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 75% \u0441\u0430\u0439\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 Adobe Commerce \u0438 Magento.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u0441\u043f\u0443\u0441\u0442\u044f \u0434\u0435\u0432\u044f\u0442\u044c \u0434\u043d\u0435\u0439 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u043d\u0435 \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u043b\u0443\u0447\u0448\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443: \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0430\u0439\u0442\u043e\u0432 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0440\u0438\u0441\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0435\u0433\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u0430 XML (XXE) \u0438 RCE.\n\nCosmicSting \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-34102 (CVSS: 9,8) \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0430\u043c\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 Magento \u0438 Adobe Commerce \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430.\n\n\u0421\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0444\u0430\u0439\u043b\u044b \u0441 \u043f\u0430\u0440\u043e\u043b\u044f\u043c\u0438). \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439\u00a0\u043e\u0448\u0438\u0431\u043a\u043e\u0439 iconv \u0432 Linux (CVE-2024-2961)\u00a0\u043d\u0435\u0441\u0435\u0442 \u043c\u043e\u0449\u043d\u044b\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 RCE-\u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Adobe Commerce 2.4.7 (\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), Adobe Commerce Extended Support 2.4.3-ext-7 (2.4.2-ext-7, 2.4.1-ext-7, 2.4.0-ext-7, 2.3.7-p4- ext-7 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438), Magento 2.4.7 (\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043b\u0430\u0433\u0438\u043d Adobe Commerce Webhooks (\u0441 1.2.0 \u043f\u043e 1.4.0).\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0432 Sansec, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0433\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 Adobe \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043e\u0434\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c Sansec, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0438 \u043d\u0438\u0437\u043a\u0443\u044e \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c, CosmicSting \u0442\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0437\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0432 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u043d\u0430\u0440\u044f\u0434\u0443 \u0441 Shoplift, Ambionics \u0438 Trojan Order.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-34102 \u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u043c\u0435\u0440\u0430\u043c \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e.", "creation_timestamp": "2024-06-21T18:35:05.000000Z"}, {"uuid": "4b2fe926-76a5-44b5-81e2-5c2dc1d66d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/theninjaway1337/1559", "content": "CVE-2024-2961 \u2013 glibc Vulnerability Opens Door to PHP Attacks: Patch Immediately\n\nA recently discovered flaw in the GNU C Library\u2019s (glibc) iconv function (CVE-2024-2961) carries severe implications for web applications built on PHP. This vulnerability, which allows for out-of-bounds memory writes, could enable remote attackers to execute arbitrary code within the context of vulnerable PHP applications.\n\nhttps://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/\n\nCVE Details: https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "creation_timestamp": "2024-04-25T03:30:14.000000Z"}, {"uuid": "460e2906-19cd-4f47-a95c-37c610161e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/8751", "content": "Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "creation_timestamp": "2024-05-27T11:27:16.000000Z"}, {"uuid": "03e1fbb4-9253-4f43-90be-39eeb66b940a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9175", "content": "Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "creation_timestamp": "2024-10-18T20:12:39.000000Z"}, {"uuid": "544fd8bc-cde2-44e8-a22f-206653e71cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9176", "content": "Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "creation_timestamp": "2024-10-18T20:12:41.000000Z"}, {"uuid": "92b2f431-976a-493b-afcf-23e966221e80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9177", "content": "Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "creation_timestamp": "2024-09-30T16:40:15.000000Z"}, {"uuid": "d331a646-c524-4b71-a365-93a86ca28f66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/578", "content": "CNEXT exploits\n \n\ud83d\udcac\nExploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()\n \n\ud83d\udc41\u200d\ud83d\udde8 Technical analysis:\nThe vulnerability and exploits are described in the following blogposts:\n\n\u26aa\ufe0f Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)\n\u26aa\ufe0f To be continued...\n \n\ud83d\udddd Exploits:\nExploits will become available as blogposts come out.\n \n\u26aa\ufe0f CNEXT: file read to RCE exploit\n\u26aa\ufe0f To be continued...\n \n\ud83d\ude38 Github\n \n\u2b07\ufe0f Download\n\ud83d\udd12 BugCod3\n \n#CVE #Exploit #Cnext\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\ud83d\udc64 T.me/BugCod3BOT \n\ud83d\udce3 T.me/BugCod3", "creation_timestamp": "2024-05-28T16:01:58.000000Z"}, {"uuid": "2441373c-1b9f-4818-b053-eb9c81db62b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/8833", "content": "Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "creation_timestamp": "2024-06-17T16:30:49.000000Z"}, {"uuid": "5a44c138-02d6-4db9-b5f4-dfc8ce7156fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "Telegram/4V1L8rm_ci8R4NTF3AvtHqkyJLl9nOzw6nvw-H3zHaDaYho", "content": "", "creation_timestamp": "2026-05-13T03:00:06.000000Z"}, {"uuid": "4c886f37-0734-4f7e-8cfe-7f5c9195e554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2681", "content": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2\n\nICONV, SET THE CHARSET TO RCE: EXPLOITING THE GLIBC TO HACK THE PHP ENGINE (PART 2)\n#\u5206\u6790", "creation_timestamp": "2024-06-17T17:53:53.000000Z"}, {"uuid": "d773f1a3-2ecd-4f04-bbbc-0085eada578d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10575", "content": "#Threat_Research\nIconv, set the charset to RCE:\nExploiting the glibc to hack the PHP engine (CVE-2024-2961)\nPart 1: https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "creation_timestamp": "2024-05-27T19:04:20.000000Z"}, {"uuid": "076c273f-b03d-47e3-ab1c-f0d76c3a519d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "seen", "source": "https://t.me/club31337/1905", "content": "https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/\n\n\u269c\ufe0f @club1337", "creation_timestamp": "2024-11-11T01:56:54.000000Z"}, {"uuid": "65f232eb-3b1d-410e-ab7c-f50e4c984bf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3273", "content": "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1\n\nIconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2\n\nICONV, SET THE CHARSET TO RCE: EXPLOITING THE GLIBC TO HACK THE PHP ENGINE (PART 2)\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p3\n\nIconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)\n\n#\u5206\u6790", "creation_timestamp": "2024-10-02T19:01:48.000000Z"}, {"uuid": "5c8371fb-b99e-4546-b8e9-0ac496fff320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2961", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11214", "content": "#Threat_Research\nIconv, set the charset to RCE:\nPart 1\nPart 2 - Exploiting the glibc to hack PHP engine (CVE-2024-2961)\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p2\nPart 3 - Exploitation of CVE-2024-2961 blindly\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "creation_timestamp": "2025-01-30T14:55:40.000000Z"}]}