{"vulnerability": "CVE-2024-37383", "sightings": [{"uuid": "533ccbab-c2c7-4b84-b184-21161b4d2b96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-10-24T18:10:03.000000Z"}, {"uuid": "b66a445f-e9fa-4496-9b2f-bbcf5865f85b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:00.000000Z"}, {"uuid": "a8b82983-0f3b-4851-85f8-54224c403aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmjchxthlt2w", "content": "", "creation_timestamp": "2025-04-11T05:38:16.799513Z"}, {"uuid": "25518777-bce4-4ce1-8032-351aed421545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lv7ousi4dl2c", "content": "", "creation_timestamp": "2025-07-30T22:40:18.747392Z"}, {"uuid": "a9089124-f808-4423-855d-0e97c64327a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmngl3ejzb2t", "content": "", "creation_timestamp": "2025-04-12T21:02:19.800311Z"}, {"uuid": "25af7e91-62ce-4163-a8ac-b2cc5cbfadc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://vulnerability.circl.lu/comment/59dce60f-7719-44c7-9f8b-5ef37763c997", "content": "", "creation_timestamp": "2024-11-07T17:02:33.331102Z"}, {"uuid": "d541d47a-407e-4fc7-8c74-dc7f78f2eff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-37383", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/149c0087-ea19-4a21-8355-71ebfd149ffa", "content": "", "creation_timestamp": "2026-02-02T12:26:25.126546Z"}, {"uuid": "188058bf-9af5-49d7-bd36-f7a677ef3dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8827", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof of concept for CVE-2024-37383\nURL\uff1ahttps://github.com/bartfroklage/CVE-2024-37383-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-24T04:06:50.000000Z"}, {"uuid": "2ac28a0a-69b2-4d53-918c-d99e3b04af1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1616", "content": "* \u0627\u0644\u0627\u062d\u062a\u064a\u0627\u0644 \u0627\u0644\u0645\u0627\u0644\u064a: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062c\u0647\u0627\u0632 \u0644\u0633\u0631\u0642\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0645\u0627\u0644\u064a\u0629\u060c \u0645\u062b\u0644 \u0623\u0631\u0642\u0627\u0645 \u0628\u0637\u0627\u0642\u0627\u062a \u0627\u0644\u0627\u0626\u062a\u0645\u0627\u0646 \u0648\u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631.\n * \u0627\u0646\u062a\u0634\u0627\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062c\u0647\u0627\u0632 \u0644\u0646\u0634\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0627\u0644\u0623\u062e\u0631\u0649 \u0639\u0644\u0649 \u0623\u062c\u0647\u0632\u0629 \u0623\u062e\u0631\u0649.\n\u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n * \u062a\u062d\u062f\u064a\u062b \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps: \u064a\u062c\u0628 \u0639\u0644\u064a\u0643 \u062a\u062d\u062f\u064a\u062b \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u062a\u0648\u0641\u0631\u060c \u062d\u064a\u062b \u0623\u0646 \u0647\u0630\u0647 \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0639\u0627\u062f\u0629 \u0645\u0627 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0625\u0635\u0644\u0627\u062d\u0627\u062a \u0644\u0644\u0623\u062e\u0637\u0627\u0621 \u0648\u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n * \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u0645\u0648\u062b\u0648\u0642\u0629 \u0641\u0642\u0637: \u0644\u0627 \u062a\u0642\u0645 \u0628\u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0625\u0644\u0627 \u0645\u0646 \u0645\u062a\u062c\u0631 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0631\u0633\u0645\u064a \u0623\u0648 \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u0645\u0648\u062b\u0648\u0642\u0629 \u0623\u062e\u0631\u0649.\n * \u062a\u062c\u0646\u0628 \u0627\u0644\u0646\u0642\u0631 \u0639\u0644\u0649 \u0631\u0648\u0627\u0628\u0637 \u0645\u0634\u0628\u0648\u0647\u0629: \u0644\u0627 \u062a\u0646\u0642\u0631 \u0639\u0644\u0649 \u0623\u064a \u0631\u0648\u0627\u0628\u0637 \u0645\u0634\u0628\u0648\u0647\u0629 \u062a\u0623\u062a\u064a \u0625\u0644\u064a\u0643 \u0639\u0628\u0631 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u0646\u0635\u064a\u0629 \u0623\u0648 \u0627\u0644\u0628\u0631\u064a\u062f \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u0623\u0648 \u0645\u0648\u0627\u0642\u0639 \u0627\u0644\u0648\u064a\u0628 \u063a\u064a\u0631 \u0627\u0644\u0645\u0648\u062b\u0648\u0642\u0629.\n * \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0646\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a: \u0642\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0646\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0641\u064a\u0631\u0648\u0633\u0627\u062a \u062c\u064a\u062f \u0639\u0644\u0649 \u062c\u0647\u0627\u0632\u0643 \u0648\u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b\u0647 \u0628\u0627\u0646\u062a\u0638\u0627\u0645.\n\u0645\u0627\u0630\u0627 \u0641\u0639\u0644\u062a \u0634\u0631\u0643\u0629 \u0634\u0627\u0648\u0645\u064a\u061f\n\u0642\u0627\u0645\u062a \u0634\u0631\u0643\u0629 \u0634\u0627\u0648\u0645\u064a \u0628\u0625\u0635\u062f\u0627\u0631 \u062a\u062d\u062f\u064a\u062b \u0644\u062a\u0637\u0628\u064a\u0642 XiaomiGetApps \u0644\u0625\u0635\u0644\u0627\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629. \u0644\u0630\u0644\u0643\u060c \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u062c\u062f\u064b\u0627 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\u0646\u0635\u0627\u0626\u062d \u0625\u0636\u0627\u0641\u064a\u0629:\n * \u0643\u0646 \u062d\u0630\u0631\u064b\u0627 \u0639\u0646\u062f \u0645\u0646\u062d \u0627\u0644\u0623\u0630\u0648\u0646\u0627\u062a \u0644\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a: \u0644\u0627 \u062a\u0642\u0645 \u0628\u0645\u0646\u062d \u0627\u0644\u0623\u0630\u0648\u0646\u0627\u062a \u0644\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0625\u0644\u0627 \u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u062b\u0642 \u0628\u0647\u0627 \u062a\u0645\u0627\u0645\u064b\u0627.\n * \u0642\u0645 \u0628\u0625\u0646\u0634\u0627\u0621 \u0646\u0633\u062e \u0627\u062d\u062a\u064a\u0627\u0637\u064a\u0629 \u0645\u0646 \u0628\u064a\u0627\u0646\u0627\u062a\u0643 \u0628\u0627\u0646\u062a\u0638\u0627\u0645: \u064a\u0633\u0627\u0639\u062f \u0625\u0646\u0634\u0627\u0621 \u0646\u0633\u062e \u0627\u062d\u062a\u064a\u0627\u0637\u064a\u0629 \u0645\u0646 \u0628\u064a\u0627\u0646\u0627\u062a\u0643 \u0639\u0644\u0649 \u062d\u0645\u0627\u064a\u062a\u0647\u0627 \u0641\u064a \u062d\u0627\u0644\u0629 \u062d\u062f\u0648\u062b \u0623\u064a \u0634\u064a\u0621 \u0633\u064a\u0621.\n\u0645\u0644\u0627\u062d\u0638\u0627\u062a:\n * \u0647\u0630\u0627 \u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u064a\u0647\u062f\u0641 \u0625\u0644\u0649 \u062a\u0642\u062f\u064a\u0645 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0639\u0627\u0645\u0629 \u062d\u0648\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u060c \u0648\u0644\u0627 \u064a\u0639\u062a\u0628\u0631 \u0628\u062f\u064a\u0644\u0627\u064b \u0639\u0646 \u0627\u0644\u0645\u0634\u0648\u0631\u0629 \u0627\u0644\u0645\u0647\u0646\u064a\u0629.\n * \u0642\u062f \u064a\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u062c\u062f\u064a\u062f\u0629 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631\u060c \u0644\u0630\u0644\u0643 \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0623\u0646 \u062a\u0628\u0642\u0649 \u0639\u0644\u0649 \u0627\u0637\u0644\u0627\u0639 \u062f\u0627\u0626\u0645 \u0628\u0623\u062d\u062f\u062b \u0627\u0644\u062a\u0637\u0648\u0631\u0627\u062a \u0641\u064a \u0645\u062c\u0627\u0644 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a.\n\nThe Smart Shadow:\n\u062b\u063a\u0631\u0629 \u062c\u062f\u064a\u062f\u0629 \u0641\u064a Roundcube (CVE-2024-37383) \u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0641\u064a \u0647\u062c\u0645\u0627\u062a \u0627\u0644\u062a\u0635\u064a\u062f \u0627\u0644\u0627\u062d\u062a\u064a\u0627\u0644\u064a!\n\u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 #Criminal_IP\u060c \u064a\u0645\u0643\u0646\u0643 \u062a\u062d\u062f\u064a\u062f \u062e\u0648\u0627\u062f\u0645 Roundcubewebmail \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u0647\u0630\u0627 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0641\u064a \u062c\u0645\u064a\u0639 \u0623\u0646\u062d\u0627\u0621 \u0627\u0644\u0639\u0627\u0644\u0645!\n\ud83d\udd0e \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645: tech_stack: \"Roundcube\"\n\ud83c\udf10 \u062a\u0639\u0631\u0641 \u0639\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0641\u064a Roundcube \u0648\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u062e\u0641\u064a\u0641 \u0648\u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0644\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u0627\u0644\u062e\u0648\u0627\u062f\u0645 \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u0644\u062e\u0637\u0631 \u0641\u064a \u062c\u0645\u064a\u0639 \u0623\u0646\u062d\u0627\u0621 \u0627\u0644\u0639\u0627\u0644\u0645:\n\nhttps://blog.criminalip.io/2024/11/08/cve-2024-37383-roundcube-webmail-vulnerability-targeting-government-agencies/\n\n\u043c\u03c5\u0455\u0442\u03b1\u0192\u03b1:\nWindows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published\n\nhttps://securityonline.info/windows-zero-day-vulnerability-cve-2024-38193-exploited-in-the-wild-poc-published/", "creation_timestamp": "2024-12-13T19:00:23.000000Z"}, {"uuid": "4a3f5dd4-987c-44f8-949e-65cbd37c2c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8940", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRoundcube mail server exploit for CVE-2024-37383 (Stored XSS)\nURL\uff1ahttps://github.com/amirzargham/CVE-2024-37383-exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-03T07:21:18.000000Z"}, {"uuid": "7feb0493-fe59-4834-bf10-2fb363d904ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://t.me/CyberBulletin/1256", "content": "\u26a1\ufe0fRoundcube mail server attacks exploit CVE-2024-37383 vulnerability. An XSS leading to remote email collection.\n\n#CyberBulletin", "creation_timestamp": "2024-10-25T03:55:20.000000Z"}, {"uuid": "22f7fa4c-14b1-48e5-96be-d9ae464ca456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "exploited", "source": "https://t.me/true_secator/7098", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 FearsOff \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 \u0432\u0435\u0431-\u043f\u043e\u0447\u0442\u044b Roundcube, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0435\u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u043e\u0439 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0434\u0435\u0441\u044f\u0442\u0438\u043b\u0435\u0442\u0438\u044f \u0438 \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2025-49113 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,9 \u0438\u0437 10,0.\n\n\u041e\u043d\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u0430 PHP.\n\n\u0420\u0438\u0441\u043a\u0443 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b Roundcube Webmail \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.5.10 \u0438 1.6.x \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.6.11, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 _from \u0432 URL-\u0430\u0434\u0440\u0435\u0441\u0435 \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0432 program/actions/settings/upload.php, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 PHP\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u043b \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.6.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0431\u044b\u043b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0432 1.6.11 \u0438 1.5.10 LTS. \n\nFearsOff \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u044c PoC \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f, \u043d\u043e \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043b\u0430\u0433 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u041c\u0435\u0434\u043b\u0438\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442\u044c, \u0432\u0435\u0434\u044c \u0440\u0430\u043d\u0435\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Roundcube \u0443\u0436\u0435 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u0446\u0435\u043b\u044f\u043c\u0438 \u0430\u0442\u0430\u043a, \u043a\u0430\u043a \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 CVE-2024-37383 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443.\n\n\u0422\u043e\u0433\u0434\u0430 Positive Technologies \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0430 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Roundcube \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043a\u0440\u0430\u0436\u0443 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.", "creation_timestamp": "2025-06-03T18:41:00.000000Z"}, {"uuid": "3833f5c8-4af7-4fc1-8b5d-19dd9c8575ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/683", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aRoundcube mail server exploit for CVE-2024-37383 (Stored XSS)\nURL\uff1ahttps://github.com/amirzargham/CVE-2024-37383-exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-05T20:57:54.000000Z"}, {"uuid": "13359f3a-57ab-4bf4-b01c-a04ba65131ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://t.me/cibsecurity/80590", "content": "\ud83e\udd85 CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention \ud83e\udd85\n\n  Overview   The Cybersecurity and Infrastructure Security Agency CISA has issued urgent advisories regarding two vulnerabilities that pose substantial risks to organizations CVE202420481, a denialofservice DoS vulnerability affecting Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD, and CVE202437383, a crosssite scripting XSS vulnerability in RoundCube Webmail. Both vulnerabilities highlight the necessity for immediate action to safeguard against potential exploitation.   The relevant CVE IDs for these vulnerabilities are CVE202437383 and CVE202420481. The first vulnerability, CVE202437383, affects Roundcube Webmail versions prior to 1.5.7 and 1.6.x before 1.6.7, while CVE202420481 impacts Cisco products running a vulnerable release of Cisco ASA or FTD Software wi...\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"CYBLE\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2024-10-25T18:02:14.000000Z"}, {"uuid": "3351f65d-97d5-4980-b9a0-458ea1f302ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "exploited", "source": "https://t.me/true_secator/6345", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Positive Technologies \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Roundcube Webmail, \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 PHP, \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0442\u0440\u0430\u043d \u0421\u041d\u0413.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435, \u043e\u0434\u043d\u0430\u043a\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435, \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CVE-2024-37383.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 JavaScript \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 Roundcube \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 SVG \u0432 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u043c \u043f\u0438\u0441\u044c\u043c\u0435, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\nPositive Technologies\u00a0\u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0431\u0435\u0437 \u0432\u0438\u0434\u0438\u043c\u043e\u0433\u043e \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e, \u043d\u043e \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c .DOC. \n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u0441\u0442\u0440\u043e\u0438\u043b \u0441\u043a\u0440\u044b\u0442\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432 \u043a\u043e\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a\u043b\u0438\u0435\u043d\u0442 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b, \u043d\u043e \u043d\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u043b \u0432 \u0442\u0435\u043b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0442\u0435\u0433\u043e\u0432, \u0432 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 .\n\n\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442 \u043a\u043e\u0434\u0430 JavaScript \u0432 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0435 base64, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u0434 href.\n\n\u041e\u043d \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0441 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442-\u043e\u0431\u043c\u0430\u043d\u043a\u0443 (Road map.doc), \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u0432\u043b\u0435\u0447\u044c \u0436\u0435\u0440\u0442\u0432\u0443, \u043f\u043e\u043f\u0443\u0442\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u044f\u044f \u0432 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 \u0444\u043e\u0440\u043c\u0443 \u0432\u0445\u043e\u0434\u0430 \u0434\u043b\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0441 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u041d\u0430 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443, \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u043c\u0443\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0444\u043e\u0440\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u043b\u044f\u043c\u0438 rcmloginuser \u0438 rcmloginpwd (\u043b\u043e\u0433\u0438\u043d \u0438 \u043f\u0430\u0440\u043e\u043b\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Roundcube).\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0440\u0430\u0441\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043e\u0431\u0430 \u043f\u043e\u043b\u044f \u0431\u0443\u0434\u0443\u0442 \u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u044b \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0438\u043b\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438, \u0437\u0430\u043f\u043e\u043b\u0443\u0447\u0438\u0432 \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u0414\u0430\u043d\u043d\u044b\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 libcdn[.]org, \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0438 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 Cloudflare. \n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043f\u043b\u0430\u0433\u0438\u043d ManageSieve \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0441 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\nCVE-2024-37383 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Roundcube \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u043d\u0438\u0436\u0435 1.5.6 \u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 1.6 \u043f\u043e 1.6.6, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c\u00a01.5.7\u00a0\u0438\u00a01.6.7\u00a019 \u043c\u0430\u044f. \n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u044b\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c, -\u00a01.6.9, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 1 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f.\n\n\u041f\u043e\u0437\u0438\u0442\u0438\u0432\u044b \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0445\u043e\u0442\u044f \u0438 Roundcube Webmail, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0441\u0430\u043c\u044b\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c, \u043d\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f \u0432 \u0432\u0438\u0434\u0443 \u0448\u0438\u0440\u043e\u043a\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u043c \u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u0435\u043a\u0442\u043e\u0440\u0430\u0445, \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u044f \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2024-10-22T14:40:05.000000Z"}, {"uuid": "194d4959-a016-46cc-a601-e852ca103336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/GarudaSecID/2720", "content": "https://github.com/amirzargham/CVE-2024-37383-exploit", "creation_timestamp": "2024-11-03T17:41:12.000000Z"}, {"uuid": "59fc8a9c-2caa-4230-89f6-0fe8f8fca464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "Telegram/SBVg0TnFEfKklW4Y5m6tIyQ54IwduLYPStns9TmA3yfEWA", "content": "", "creation_timestamp": "2024-11-03T17:40:44.000000Z"}, {"uuid": "5a919d8e-9645-4260-9143-baaddd017529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "Telegram/Dl0hQw-ostCCcCN_Abc74_zsCm5uHWNRe1s4haHF-3VKxQ", "content": "", "creation_timestamp": "2024-11-03T17:47:09.000000Z"}, {"uuid": "275c2786-c5f2-4f77-a977-1e759d6e08c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "exploited", "source": "Telegram/4Egbro03pdjaiRYKuHD1kMRkFGmP7bcmoojerD5xCNf9Ztu_", "content": "", "creation_timestamp": "2024-11-12T15:20:57.000000Z"}, {"uuid": "5e5d95ea-ba8b-48ae-8ea3-67bf16d85b73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "exploited", "source": "https://t.me/xakep_ru/16551", "content": "Positive Technologies: \u0433\u043e\u0441\u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0432 \u0421\u041d\u0413 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Roundcube Webmail\n\n\u0412 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Positive Technologies \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e, \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u0435\u043c \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0431\u044b\u043b\u0430 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0432 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0442\u0440\u0430\u043d \u0421\u041d\u0413. \u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0438\u0441\u044c\u043c\u0430 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-37383, \u0440\u0430\u043d\u0435\u0435 \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u0443\u044e \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0435 Roundcube Webmail.\n\nhttps://xakep.ru/2024/10/16/roundcube-attack/", "creation_timestamp": "2024-10-16T12:35:28.000000Z"}, {"uuid": "43ad2350-0a92-47cb-afe7-a3d9e84892cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11328", "content": "#AppSec\n#WebApp_Security\n1. Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability\nhttps://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability\n]-&gt; https://github.com/bartfroklage/CVE-2024-37383-POC\n2. SAP Ping Pong - XSS and URL Redirection Vulnerabilities\nhttps://redrays.io/blog/sap-ping-pong-xss-and-url-redirection-vulnerabilities", "creation_timestamp": "2024-11-08T05:10:03.000000Z"}, {"uuid": "30a7fe60-7c86-48f5-9908-9245a0f33f91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "seen", "source": "https://t.me/CyberBulletin/26196", "content": "\u26a1\ufe0fRoundcube mail server attacks exploit CVE-2024-37383 vulnerability. An XSS leading to remote email collection.\n\n#CyberBulletin", "creation_timestamp": "2024-10-25T03:55:20.000000Z"}, {"uuid": "22426188-7eea-4f14-9764-362c98cb8cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-37383", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/15", "content": "https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability\n\nFake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability\n\nhttps://github.com/bartfroklage/CVE-2024-37383-POC\n\nProof of concept for CVE-2024-37383\n\n#github #exploit #xss #\u5206\u6790", "creation_timestamp": "2024-11-11T17:22:38.000000Z"}]}