{"vulnerability": "CVE-2024-3802", "sightings": [{"uuid": "dafe2440-0a4b-4688-bc2d-31c2c2f5c2f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38029", "type": "seen", "source": "https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review", "content": "", "creation_timestamp": "2024-10-08T17:54:47.000000Z"}, {"uuid": "785a6a72-e411-4620-8584-99b286b92f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1534/", "content": "", "creation_timestamp": "2024-11-20T05:00:00.000000Z"}, {"uuid": "1e63234d-5f0d-4500-aaf9-792f0928642b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmifne6cpg2t", "content": "", "creation_timestamp": "2025-04-10T21:02:20.020111Z"}, {"uuid": "4c9b74a4-7398-4c43-944c-2e2f661ebf22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmifnearov2e", "content": "", "creation_timestamp": "2025-04-10T21:02:20.531167Z"}, {"uuid": "c265b4d7-1958-49a1-b533-773fc528048d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3luqp43gha52q", "content": "", "creation_timestamp": "2025-07-24T23:34:27.062694Z"}, {"uuid": "fbfd0880-8463-4787-9714-58eccdfa1274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-38023", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1324", "content": "", "creation_timestamp": "2024-07-10T04:00:00.000000Z"}, {"uuid": "72c87a2d-3eb8-4098-9ab8-c9f9bf8cca8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-website/wp-login.php\"\n payload = {\n \"username\": \"attacker_username\",\n \"password\": \"attacker_password\"\n }\n response = requests.post(url, data=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-camera-ip/api/exploit\"\n payload = {\"command\": \"switch_network\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-hugegraph-server\"\n payload = {\"exploit\": \"malicious_code_here\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}, {"uuid": "6d8f43c8-81d8-4ce2-80af-336cb9400b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-website/wp-login.php\"\n payload = {\n \"username\": \"attacker_username\",\n \"password\": \"attacker_password\"\n }\n response = requests.post(url, data=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-camera-ip/api/exploit\"\n payload = {\"command\": \"switch_network\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-hugegraph-server\"\n payload = {\"exploit\": \"malicious_code_here\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}, {"uuid": "b4d38be7-6250-4117-956c-ea9a80c20b2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "https://t.me/cKure/13253", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2024-38021: Critical Zero-click RCE Vulnerability Impacts Microsoft Outlook Applications.\n\nhttps://cybersecuritynews.com/outlook-zero-click-rce-vulnerability/", "creation_timestamp": "2024-07-11T14:41:54.000000Z"}, {"uuid": "70d7377d-12e1-4568-a6ea-eaa489a01026", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/10606", "content": "\u200aTechnical Analysis: CVE-2024-38021\n\nhttps://blog.morphisec.com/technical-analysis-cve-2024-38021", "creation_timestamp": "2024-08-20T13:04:09.000000Z"}, {"uuid": "d203898a-4abe-4d0c-9828-edaeb10a321e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "https://t.me/itsec_news/4526", "content": "\u200b\u26a1\ufe0f\u0418\u044e\u043b\u044c\u0441\u043a\u0438\u0439 Patch Tuesday: Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 143 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\n\ud83d\udcac\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u00ab\u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439\u00bb \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 , \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 143 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0434\u0432\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 5 \u0438\u043c\u0435\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0442\u0430\u0442\u0443\u0441, 136 \u2014 \u0432\u0430\u0436\u043d\u044b\u0439, \u0438 \u0435\u0449\u0451 4 \u2014 \u0443\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u0439. \u042d\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f 33 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Edge \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Chromium \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\n\n\u041d\u0438\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u044b \u0434\u0432\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430:\n\nCVE-2024-38080 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.8) \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows Hyper-V.\nCVE-2024-38112 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.5) \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043c\u0435\u043d\u044b \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows MSHTML.\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Microsoft, \u0434\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2024-38112 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043d\u0430 \u0437\u0430\u0442\u0435\u043c \u0434\u043e\u043b\u0436\u043d\u0430 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 Check Point \u0425\u0430\u0439\u0444\u044d\u0439 \u041b\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b Windows Internet Shortcut (.URL), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 URL \u0447\u0435\u0440\u0435\u0437 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0439 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 Internet Explorer. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043a\u0440\u044b\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u00ab.HTA\u00bb, \u0447\u0442\u043e \u043e\u0431\u043b\u0435\u0433\u0447\u0430\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u0430\u0436\u0435 \u043d\u0430 \u0441\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Windows 10 \u0438 11.\n\nCVE-2024-38080, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows Hyper-V. \u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0441\u0442\u0430\u0440\u0448\u0435\u0433\u043e \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0430 \u043f\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Tenable \u0421\u0430\u0442\u043d\u0430\u043c\u0430 \u041d\u0430\u0440\u0430\u043d\u0433, \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f SYSTEM \u043f\u043e\u0441\u043b\u0435 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u0442\u043e \u043f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Hyper-V \u0438\u0437 44 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441 2022 \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0441\u0442\u043e\u0438\u0442 \u0432\u044b\u0434\u0435\u043b\u0438\u0442\u044c \u0434\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u0431\u044b\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b:\n\nCVE-2024-37985 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 5.9) \u2014 \u0430\u0442\u0430\u043a\u0430 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0431\u043e\u0447\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b FetchBench, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u044c \u043a\u0443\u0447\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u043d\u0430 \u0431\u0430\u0437\u0435 Arm.\nCVE-2024-35264 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8.1) \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 .NET \u0438 Visual Studio. \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u043a\u0440\u044b\u0432 http/3 \u043f\u043e\u0442\u043e\u043a \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0442\u0435\u043b\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0451\u0442 \u043a \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u0433\u043e\u043d\u043a\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\nMicrosoft \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 37 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 SQL Server Native Client OLE DB Provider, 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Secure Boot, \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 PowerShell \u0438 \u043e\u0434\u043d\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043c\u0435\u043d\u044b \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 RADIUS (CVE-2024-3596, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a BlastRADIUS ).\n\n\u0413\u0440\u0435\u0433 \u0412\u0430\u0439\u0441\u043c\u0430\u043d, \u0432\u0435\u0434\u0443\u0449\u0438\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 Rapid7, \u043e\u0442\u043c\u0435\u0442\u0438\u043b, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 SQL Server \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043d\u043e \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u0438\u0439 \u043a\u043e\u0434, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044e, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 SQL Server, \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0432\u043e\u0437\u0432\u0440\u0430\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0451\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u0441\u043a\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u0417\u0430\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38021 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 8.8), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0432 Microsoft Office. \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Morphisec, \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0438\u0437-\u0437\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u0410\u0442\u0430\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u044f, \u0437\u0430\u043f\u0438\u0441\u0438 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0412\u0441\u0435 \u044d\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Microsoft \u0441 \u0446\u0435\u043b\u044c\u044e \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u043f\u043b\u0430\u043d\u0430\u0445 \u043d\u0430\u0447\u0430\u0442\u044c \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b CVE \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u043c\u0438 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u044f\u043c\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-07-11T17:56:08.000000Z"}, {"uuid": "6b24aff7-8640-40bb-91a1-203e41ef6888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4205", "content": "\ud83d\uddbc\ufe0f Microsoft SharePoint Server 20219 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\n\ud83d\udd17 Source:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-10T09:41:41.000000Z"}, {"uuid": "76cb6c76-8b18-4c82-a64f-acddbd2d5953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4205", "content": "\ud83d\uddbc\ufe0f Microsoft SharePoint Server 20219 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\n\ud83d\udd17 Source:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-10T09:41:41.000000Z"}, {"uuid": "7b8eadb1-7179-4987-9ed7-541d4cdf60b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4295", "content": "\ud83e\udd77\ud83c\udffb DEFCON 32 is over and you can find the links on the interesting researches (in our view) below:\n\n\ud83d\uded1SQL Injection Isn't Dead. Smuggling Queries at the Protocol Level\n\n\ud83d\uded1A TWO-PART SAGA: CONTINUING THE JOURNEY OF HACKING MALWARE C2S\n\n\ud83d\uded1Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021\n\n\ud83d\uded1Gotta Cache \u2018em all: Bending the rules of web cache exploitation\n\n\ud83d\uded1NTLM: the last ride\n\n\ud83d\uded1HookChain: a new perspective for Bypassing EDR Solutions\n\n\ud83d\uded1sshamble: Unexpected Exposures in SSH\n\n\ud83d\uded1MaLDAPtive LDAP Obfuscation Deobfuscation and Detection\n\n\ud83d\uded1Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine\n\n\ud83d\uded1Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming\n\nAll presentations from DEFCON32: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/", "creation_timestamp": "2024-08-12T15:58:24.000000Z"}, {"uuid": "2465f8eb-e60e-4ae4-abf1-08a00f5f3cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/10796", "content": "\u200aResearcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021)\n\nhttps://securityonline.info/researcher-details-microsoft-outlook-zero-click-vulnerability-cve-2024-38021/", "creation_timestamp": "2024-08-21T12:52:52.000000Z"}, {"uuid": "16fa3b14-d771-43e7-b179-c0b9b40487c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/217", "content": "\ud83e\udd77\ud83c\udffb DEFCON 32 is over and you can find the links on the interesting researches (in our view) below:\n\n\ud83d\uded1SQL Injection Isn't Dead. Smuggling Queries at the Protocol Level\n\n\ud83d\uded1A TWO-PART SAGA: CONTINUING THE JOURNEY OF HACKING MALWARE C2S\n\n\ud83d\uded1Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021\n\n\ud83d\uded1Gotta Cache \u2018em all: Bending the rules of web cache exploitation\n\n\ud83d\uded1NTLM: the last ride\n\n\ud83d\uded1HookChain: a new perspective for Bypassing EDR Solutions\n\n\ud83d\uded1sshamble: Unexpected Exposures in SSH\n\n\ud83d\uded1MaLDAPtive LDAP Obfuscation Deobfuscation and Detection\n\n\ud83d\uded1Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine\n\n\ud83d\uded1Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming\n\nAll presentations from DEFCON32: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/", "creation_timestamp": "2024-08-12T13:33:20.000000Z"}, {"uuid": "328c41c8-9532-4260-af23-d4cac7e0662f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "https://t.me/kasperskyb2b/1337", "content": "\ud83e\ude79\ud83e\ude79 \u0418\u044e\u043b\u044c\u0441\u043a\u0438\u0439 Patch tuesday: 4 \u0437\u0438\u0440\u043e\u0434\u0435\u044f\n\n\u041f\u043b\u0430\u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 142 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0432\u0435 \u044f\u0432\u043b\u044f\u043b\u0438\u0441\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u043c\u0438, \u0430 \u0435\u0449\u0451 \u0434\u0432\u0435 \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u044b \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0412\u0441\u0435\u0433\u043e 5 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u0432\u0441\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a RCE. \u0412 \u0446\u0435\u043b\u043e\u043c, \u043a \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 59 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u0435\u0449\u0435 26 \u2014 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439, 24 \u2014 \u043e\u0431\u0445\u043e\u0434\u0443 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 9 \u2014 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 17 \u2014 DoS, 7 \u2014 spoofing. \n\n\u0410\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c EoP \u0432 HyperV (CVE-2024-38080, CVSS 7.8), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 system, \u0438 \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0432 MSHTML (CVE-2024-38112, CVSS 7.5). \n\u041f\u0440\u043e \u0434\u0435\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0434\u0435\u0444\u0435\u043a\u0442\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043c\u0430\u043b\u043e, \u0430 \u043f\u043e \u0432\u0442\u043e\u0440\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u0442\u0447\u0451\u0442 Checkpoint \u2014 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b .url \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0441\u044f \u0432 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0435\u043c Internet Explorer, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044f \u0430\u0442\u0430\u043a\u0438. \n\n\u0414\u0432\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u0437\u0438\u0440\u043e\u0434\u0435\u044f, \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0432\u0448\u0438\u0445\u0441\u044f (\u0432\u0440\u043e\u0434\u0435 \u0431\u044b) \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u2014 \u044d\u0442\u043e RCE \u0432 .NET \u0438 Visual Studio (CVE-2024-35264) \u0438 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e \u043f\u043e\u0431\u043e\u0447\u043d\u043e\u043c\u0443 \u043a\u0430\u043d\u0430\u043b\u0443 \u043d\u0430 ARM-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430\u0445, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 FetchBench (CVE-2024-37985).\n\n\u0421\u0440\u0435\u0434\u0438 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0438\u043c \u043d\u0430 \u0441\u043b\u0443\u0436\u0431\u0443 \u0432 \u0441\u043a\u043e\u0440\u043e\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043e\u0442\u043c\u0435\u0442\u0438\u043c RCE \u0432 MS Office \u0438 Windows Imaging Component (CVE-2024-38021, -38060), \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 RCE \u0432 Remote Desktop Licensing Services (CVE-2024-38074, -38076, -38077), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u0435\u0441\u044f\u0442\u043e\u043a EoP \u0432 Windows.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-07-10T09:47:45.000000Z"}, {"uuid": "e6d94ed7-c2ed-422d-b67e-1601fd555ba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/123", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:10.000000Z"}, {"uuid": "cbdc23a6-13c0-46e6-adee-bccbc615863c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/123", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:10.000000Z"}, {"uuid": "cd06c61f-5ea4-4721-937d-d277a6edfb34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/706", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:27.000000Z"}, {"uuid": "b55b8561-05be-426f-9013-37e8168cdc75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/sycebrex/191", "content": "\u0414\u0430\u0432\u0435\u0447\u0430 \u0437\u0430\u043b\u0438\u043b\u0438 \u043d\u0430 GitHub \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0434\u043b\u044f \nMicrosoft SharePoint Server 2019\n\n\u0417\u0430\u043b\u0438\u0432\u0448\u0438\u0439 \u043f\u043e\u043a\u0430\u0437\u0430\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0440\u0430\u0437\u0443 \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: \n\ud83c\udf53 CVE-2024-38094\n\ud83c\udf53 CVE-2024-38024\n\ud83c\udf53 CVE-2024-38023\n\n\u0428\u0442\u043e\u0448. \u041d\u0435 \u0443\u0434\u0438\u0432\u043b\u044e\u0441\u044c, \u0435\u0441\u043b\u0438 \u0443\u0436\u0435 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0433\u0434\u0435-\u0442\u043e \u0447\u0442\u043e-\u0442\u043e \u0442\u044b\u043a\u0430\u0442\u044c \u0431\u0435\u0437\u0431\u043e\u0436\u043d\u043e. \u0410 \u043a\u0442\u043e-\u0442\u043e \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0436\u0435 \u00ab\u0437\u0430\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u00bb \u044d\u0442\u043e \u0432 \u0431\u043e\u0435\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u0441\u043a\u043e\u0440\u043e \u0431\u0443\u0434\u0435\u0442 \u0432 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u0445 \n\n\u041c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0430 \u0432\u0438\u0434\u0435\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043b\u0438 \u0441\u0442\u0430\u0440\u044b\u0439 \u043f\u0441\u0438\u0445\u043e\u0434\u0435\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u0438\u043f Chemical Brothers \u043d\u0430 \u043e\u0434\u0438\u043d \u0438\u0437 \u043b\u044e\u0431\u0438\u043c\u0435\u0439\u0448\u0438\u0445 \u0442\u0440\u0435\u043a\u043e\u0432 The Test (\u0442\u0430\u043c \u043a\u0441\u0442\u0430\u0442\u0438 \u0432\u043e\u043a\u0430\u043b \u0420\u0438\u0447\u0430\u0440\u0434\u0430 \u042d\u0448\u043a\u0440\u043e\u0444\u0442\u0430 \u0438\u0437 The Verve)", "creation_timestamp": "2024-07-11T11:22:38.000000Z"}, {"uuid": "55372ad2-981b-4029-8fd0-0a1831e18e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/rootdr_research/19", "content": "CVE-2024-38094 / CVE-2024-38024 / CVE-2024-38023\n\nMicrosoft SharePoint RCE\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nFor more join to channel (:\nhttps://t.me/rootdr_research\n\n#CVE \n#Exploit", "creation_timestamp": "2024-07-10T13:41:51.000000Z"}, {"uuid": "4bb9bdbf-9641-4dc1-bcfe-0abcc62d945b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/rootdr_research/19", "content": "CVE-2024-38094 / CVE-2024-38024 / CVE-2024-38023\n\nMicrosoft SharePoint RCE\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nFor more join to channel (:\nhttps://t.me/rootdr_research\n\n#CVE \n#Exploit", "creation_timestamp": "2024-07-10T13:41:51.000000Z"}, {"uuid": "a1bc8985-d032-4e36-b531-dcaa3727f94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/706", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:27.000000Z"}, {"uuid": "c06b882c-18c2-42c3-8d67-3ea101081a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/malwaremanzero/204", "content": "\u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0627\u0644\u0644\u064a \u0628\u064a\u0637\u0644\u0642 \u0639\u0644\u064a\u0647\u0627 CVE-2024-38024 \u0647\u064a \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0623\u0645\u0627\u0646 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a \u0645\u0646\u062a\u062c\u0627\u062a \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0648\u0628\u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0639\u0646 \u0628\u0639\u062f \u0639\u0644\u0649 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062a\u0639\u062a\u0628\u0631 \u0645\u0646 \u0646\u0648\u0639 Remote Code Execution \u0623\u0648 RCE \u064a\u0639\u0646\u064a \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0642\u062f\u0631 \u064a\u0646\u0641\u0630 \u0643\u0648\u062f \u0636\u0627\u0631 \u0639\u0646 \u0628\u0639\u062f \u0628\u062f\u0648\u0646 \u0645\u0627 \u064a\u0643\u0648\u0646 \u0639\u0646\u062f\u0647 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0627\u062a\u0639\u0631\u0641\u062a \u0644\u0623\u0648\u0644 \u0645\u0631\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0641\u0631\u064a\u0642 \u0628\u062d\u062b\u064a \u0623\u0645\u0646\u064a \u0645\u062a\u062e\u0635\u0635 \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u062a\u062d\u0644\u064a\u0644\u0647\u0627 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u0623\u062b\u0631 \u0639\u0644\u0649 \u0623\u0646\u0638\u0645\u0629 \u062a\u0634\u063a\u064a\u0644 \u0648\u064a\u0646\u062f\u0648\u0632 \u0648\u0628\u062a\u062a\u0648\u0627\u062c\u062f \u0641\u064a \u0645\u0643\u0648\u0646 \u0645\u0639\u064a\u0646 \u0645\u0646 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0644\u064a \u0628\u064a\u0643\u0648\u0646 \u0645\u0633\u0624\u0648\u0644 \u0639\u0646 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u062a\u062d\u0642\u0642 \u0635\u062d\u064a\u062d \u0645\u0646 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0644\u0642\u0649 \u0645\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u062e\u0627\u0631\u062c\u064a\u0629 \u0648\u062f\u0647 \u0628\u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u062d\u0642\u0646 \u0643\u0648\u062f \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u064a\u062e\u0644\u064a\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0644\u064a \u0639\u0627\u064a\u0632\u0647\u0627\n\n\u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0643\u0627\u0646 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u062d\u0644\u064a\u0644 \u062d\u0632\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u0648\u0635\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0648\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u0641\u064a\u0647\u0627 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062f\u064a \u0627\u0644\u0641\u0631\u064a\u0642 \u0627\u0644\u0628\u062d\u062b\u064a \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0634\u0628\u0643\u0627\u062a \u0648\u0628\u0631\u0627\u0645\u062c \u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u062e\u0637\u0627\u0621 \u0644\u0644\u0648\u0635\u0648\u0644 \u0644\u0646\u0642\u0637\u0629 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0643\u0645\u0627\u0646 \u0627\u0633\u062a\u062e\u062f\u0645\u0648\u0627 \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0647\u0646\u062f\u0633\u0629 \u0627\u0644\u0639\u0643\u0633\u064a\u0629 \u0644\u0641\u0647\u0645 \u0643\u064a\u0641\u064a\u0629 \u0639\u0645\u0644 \u0627\u0644\u0645\u0643\u0648\u0646 \u0627\u0644\u0644\u064a \u0641\u064a\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0634\u0643\u0644 \u0623\u0639\u0645\u0642 \u0648\u0644\u0645\u0627 \u062a\u0623\u0643\u062f\u0648\u0627 \u0645\u0646 \u0648\u062c\u0648\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0642\u0627\u0645\u0648\u0627 \u0628\u062a\u062c\u0647\u064a\u0632 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 \u0623\u0648 Proof of Concept \u0627\u0644\u0644\u064a \u0628\u064a\u0628\u064a\u0646\u0648\u0627 \u0641\u064a\u0647 \u0625\u0632\u0627\u064a \u0645\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0634\u0643\u0644 \u0639\u0645\u0644\u064a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062a\u0645 \u0643\u062a\u0627\u0628\u062a\u0647 \u0628\u0644\u063a\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u0629 Python \u0627\u0644\u0644\u064a \u0628\u062a\u0639\u062a\u0628\u0631 \u0645\u0646 \u0627\u0644\u0644\u063a\u0627\u062a \u0627\u0644\u0642\u0648\u064a\u0629 \u0648\u0627\u0644\u0645\u0631\u0646\u0629 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0644\u064a \u0627\u062a\u0643\u062a\u0628\u062a \u0628\u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u0646\u0642\u0637\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0628\u062a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0625\u0631\u0633\u0627\u0644 \u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0639\u064a\u0646\u0629 \u0644\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0636\u062d\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u0645\u0639\u0627\u0644\u062c\u062a\u0647\u0627 \u0628\u0634\u0643\u0644 \u063a\u064a\u0631 \u0635\u062d\u064a\u062d \u0648\u0628\u062a\u0633\u0645\u062d \u0628\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631\n\n\u0645\u0646 \u0627\u0644\u0646\u0627\u062d\u064a\u0629 \u0627\u0644\u0639\u0644\u0645\u064a\u0629 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0632\u064a \u062f\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u062d\u0627\u062c\u0627\u062a \u0632\u064a Buffer Overflow \u0623\u0648 Heap Spraying \u0627\u0644\u0644\u064a \u0647\u0645\u0627 \u062a\u0642\u0646\u064a\u0627\u062a \u0628\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0645\u0646 \u062a\u062c\u0627\u0648\u0632 \u062d\u062f\u0648\u062f \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0648\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062a\u062d\u062f\u064a\u062f\u064b\u0627 \u0628\u062a\u0633\u062a\u063a\u0644 \u0646\u0642\u0637\u0629 \u0641\u064a \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0644\u064a \u0628\u062a\u0648\u0635\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0648\u0628\u062a\u062e\u0644\u064a\u0647 \u064a\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062f\u064a \u0643\u0623\u0646\u0647\u0627 \u0635\u0627\u0644\u062d\u0629 \u0648\u064a\u0628\u062f\u0623 \u064a\u0646\u0641\u0630\u0647\u0627 \u0628\u062f\u0648\u0646 \u062a\u062d\u0642\u0642 \u0643\u0627\u0641\u064a \u0645\u0646 \u0635\u062d\u062a\u0647\u0627 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u0627\u0644\u0634\u0643\u0644 \u062f\u0647 \u0628\u064a\u062a\u0637\u0644\u0628 \u0641\u0647\u0645 \u0639\u0645\u064a\u0642 \u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0648\u062f\u064a \u062d\u0627\u062c\u0627\u062a \u0645\u0634 \u0633\u0647\u0644\u0629 \u0644\u0643\u0646 \u0627\u0644\u0641\u0631\u0642 \u0627\u0644\u0628\u062d\u062b\u064a\u0629 \u0628\u062a\u0643\u0648\u0646 \u0645\u062a\u0645\u0631\u0633\u0629 \u0641\u064a \u0627\u0644\u062d\u0627\u062c\u0627\u062a \u062f\u064a \u0648\u0628\u062a\u0639\u0631\u0641 \u0625\u0632\u0627\u064a \u062a\u0643\u062a\u0634\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u062a\u0633\u062a\u063a\u0644\u0647\u0627 \u0628\u0634\u0643\u0644 \u0641\u0639\u0627\u0644\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0640CVE", "creation_timestamp": "2024-07-25T10:22:21.000000Z"}, {"uuid": "94805a8f-b179-4a0d-9757-4aefd35407f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/sycebrex/191", "content": "\u0414\u0430\u0432\u0435\u0447\u0430 \u0437\u0430\u043b\u0438\u043b\u0438 \u043d\u0430 GitHub \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0434\u043b\u044f \nMicrosoft SharePoint Server 2019\n\n\u0417\u0430\u043b\u0438\u0432\u0448\u0438\u0439 \u043f\u043e\u043a\u0430\u0437\u0430\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0440\u0430\u0437\u0443 \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: \n\ud83c\udf53 CVE-2024-38094\n\ud83c\udf53 CVE-2024-38024\n\ud83c\udf53 CVE-2024-38023\n\n\u0428\u0442\u043e\u0448. \u041d\u0435 \u0443\u0434\u0438\u0432\u043b\u044e\u0441\u044c, \u0435\u0441\u043b\u0438 \u0443\u0436\u0435 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0433\u0434\u0435-\u0442\u043e \u0447\u0442\u043e-\u0442\u043e \u0442\u044b\u043a\u0430\u0442\u044c \u0431\u0435\u0437\u0431\u043e\u0436\u043d\u043e. \u0410 \u043a\u0442\u043e-\u0442\u043e \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0436\u0435 \u00ab\u0437\u0430\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u00bb \u044d\u0442\u043e \u0432 \u0431\u043e\u0435\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u0441\u043a\u043e\u0440\u043e \u0431\u0443\u0434\u0435\u0442 \u0432 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u0445 \n\n\u041c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0430 \u0432\u0438\u0434\u0435\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043b\u0438 \u0441\u0442\u0430\u0440\u044b\u0439 \u043f\u0441\u0438\u0445\u043e\u0434\u0435\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u0438\u043f Chemical Brothers \u043d\u0430 \u043e\u0434\u0438\u043d \u0438\u0437 \u043b\u044e\u0431\u0438\u043c\u0435\u0439\u0448\u0438\u0445 \u0442\u0440\u0435\u043a\u043e\u0432 The Test (\u0442\u0430\u043c \u043a\u0441\u0442\u0430\u0442\u0438 \u0432\u043e\u043a\u0430\u043b \u0420\u0438\u0447\u0430\u0440\u0434\u0430 \u042d\u0448\u043a\u0440\u043e\u0444\u0442\u0430 \u0438\u0437 The Verve)", "creation_timestamp": "2024-07-11T11:22:38.000000Z"}, {"uuid": "332b5d9d-b1b2-459d-9ada-f57811b84d17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "https://t.me/HackingInsights/5518", "content": "\u200aCVE-2024-38021: Zero-Click Vulnerability Discovered in Microsoft Outlook\n\nhttps://securityonline.info/cve-2024-38021-zero-click-vulnerability-discovered-in-microsoft-outlook/", "creation_timestamp": "2024-07-10T10:17:47.000000Z"}, {"uuid": "acbee1d1-078c-4579-9f0b-8e1ebb322293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/5525", "content": "\u200aCVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook\n\nhttps://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability", "creation_timestamp": "2024-07-10T10:17:47.000000Z"}, {"uuid": "1a403f63-55a5-49aa-a000-27d9b156ddf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/veIOHsbV5kLZGnQksJSl1JOrCFYfC-6sYrwF7hGdBF9KK0en", "content": "", "creation_timestamp": "2024-07-23T18:28:14.000000Z"}, {"uuid": "d5533131-632b-4eb2-aee6-12f53df9ab7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "Telegram/veIOHsbV5kLZGnQksJSl1JOrCFYfC-6sYrwF7hGdBF9KK0en", "content": "", "creation_timestamp": "2024-07-23T18:28:14.000000Z"}, {"uuid": "061de3e5-9403-44b0-9634-99fdff2334cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/dc_main/6434", "content": "Microsoft SharePoint Server 2019 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\nSource:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-08-15T04:59:17.000000Z"}, {"uuid": "841ff440-43f8-4b52-9041-96366d772b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/DOvVBYl81gcQnEx0SnDYShnK_l00AQ-j6ykpGr0q_-DsSYc", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}, {"uuid": "6d9d1cb5-6db6-4ef4-a9c0-a1b6afc4dea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/dc_main/6434", "content": "Microsoft SharePoint Server 2019 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\nSource:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-08-15T04:59:17.000000Z"}, {"uuid": "6e6229be-4e94-405b-bc23-5e62ab2702da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/JdMoVB3Dk4QWIjoir-XpoF425YxCOG6rpGYbwBE_Oz6Y8AE", "content": "", "creation_timestamp": "2024-08-09T09:36:15.000000Z"}, {"uuid": "818cd8db-1028-4761-9754-baf0f63eaed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "Telegram/DOvVBYl81gcQnEx0SnDYShnK_l00AQ-j6ykpGr0q_-DsSYc", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}, {"uuid": "66d9115e-e989-4f2c-a441-c8f237ca8371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "Telegram/gDp4IOK8PoYe7XQNSnCOkUsPn_D90k2AExtDlWX8HOH04P0", "content": "", "creation_timestamp": "2024-07-11T01:21:43.000000Z"}, {"uuid": "a237d5ec-30e5-44b6-8248-ea42825cbd5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "Telegram/JdMoVB3Dk4QWIjoir-XpoF425YxCOG6rpGYbwBE_Oz6Y8AE", "content": "", "creation_timestamp": "2024-08-09T09:36:15.000000Z"}, {"uuid": "89f49906-7c16-4eae-98ae-51308af080af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/44", "content": "Microsoft SharePoint Server 2019 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\nSource:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-11T03:45:26.000000Z"}, {"uuid": "3dc088de-5571-4e02-9ce4-4b8120b40612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2156", "content": "CVE-2024-38094 / CVE-2024-38024 / CVE-2024-38023\n*\nMicrosoft SharePoint RCE\n*\nVIDEO\n*\nPOC exploit", "creation_timestamp": "2024-07-10T11:45:05.000000Z"}, {"uuid": "175738c1-deb9-40a5-aff5-e9b91f66cc6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2156", "content": "CVE-2024-38094 / CVE-2024-38024 / CVE-2024-38023\n*\nMicrosoft SharePoint RCE\n*\nVIDEO\n*\nPOC exploit", "creation_timestamp": "2024-07-10T11:45:05.000000Z"}, {"uuid": "b287e6ff-fe4b-4228-be20-47db797122e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "Telegram/mLuXIhkdQoQwPvwhDsS4ApxxO_4ER5M9JWf4bsHNwYwF5rU", "content": "", "creation_timestamp": "2024-07-20T19:49:10.000000Z"}, {"uuid": "44ab3d7c-6ba3-494d-ac90-e0d2c2d12c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/mLuXIhkdQoQwPvwhDsS4ApxxO_4ER5M9JWf4bsHNwYwF5rU", "content": "", "creation_timestamp": "2024-07-20T19:49:10.000000Z"}, {"uuid": "5cf2165f-bfa6-4769-84b5-d9617e58d0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/44", "content": "Microsoft SharePoint Server 2019 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\nSource:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-11T03:45:26.000000Z"}, {"uuid": "c988ac10-8b38-40be-85b3-487c20851e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5978", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T13:08:33.000000Z"}, {"uuid": "ad83a2ef-8692-4bd4-ad27-e74623667370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5978", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T13:08:33.000000Z"}, {"uuid": "2fa4f388-5368-468f-a15c-8c556f817b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1516", "content": "RCE \u0447\u0435\u0440\u0435\u0437 Microsoft SharePoint Server 2019\n\nMicrosoft SharePoint \u2014 \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435.\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u043b \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 CVE \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u044d\u0442\u0443 \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443: \n\nCVE-2024-38094 \nCVE-2024-38024\nCVE-2024-38023\n\n\u0427\u0442\u043e\u0431\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c RCE, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0441\u043b\u043e\u0432\u0438\u0439, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e\n1) \u0421\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 SharePoint.\n2) \u0423\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 (\u043b\u043e\u0433/\u043f\u0430\u0441\u0441) \u0434\u043b\u044f NTLM \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 + \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u043e\u043b\u0436\u043d\u0430 \u0438\u043c\u0435\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0430\u043f\u043e\u043a.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430: poc_filtered.py, poc_specific.py \u0438 poc_sub.py. \u0421\u0435\u0439\u0447\u0430\u0441 \u043a\u043e\u0440\u043e\u0442\u043a\u043e \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u0441\u0443\u0442\u044c \u0438 \u043a\u0430\u043a \u043e\u043d\u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442. \n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 NTLM \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a API SharePoint \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u0441\u0445\u043e\u0436\u0438\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f: \n\n\u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 SharePoint \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0417\u0430\u0442\u0435\u043c \u043e\u043d\u0438 \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043f\u0430\u043f\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a BusinessDataMetadataCatalog, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f POST-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a API SharePoint \u043f\u043e \u043f\u0443\u0442\u0438 /api/web/Folders.\n\n\u0414\u0430\u043b\u0435\u0435 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0444\u0430\u0439\u043b \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 BDCMetadata.bdcm, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 SharePoint, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a GetCreatorView, GetDefaultValues, GetFilters \u0438 FindFiltered. \u042d\u0442\u0438 \u043c\u0435\u0442\u043e\u0434\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 SharePoint, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \n\n\u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 poc_filtered.py \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u043f\u0430\u043f\u043a\u0430 BusinessDataMetadataCatalog, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 X-RequestDigest \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. X-RequestDigest \u2014 \u044d\u0442\u043e \u0442\u043e\u043a\u0435\u043d, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0449\u0438\u0439, \u0447\u0442\u043e \u0437\u0430\u043f\u0440\u043e\u0441 \u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043e\u0442 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u042d\u0442\u043e\u0442 \u0442\u043e\u043a\u0435\u043d \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438\u0445 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438. \u0417\u0430\u0442\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0444\u0430\u0439\u043b \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 BDCMetadata.bdcm \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0430\u043f\u043a\u0443. \u042d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u043a\u043e\u043d\u0446\u0435, \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 XML-\u0437\u0430\u043f\u0440\u043e\u0441 \u043a API SharePoint \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u041d\u043e \u043c\u0435\u0436\u0434\u0443 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438 \u0435\u0441\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0440\u0430\u0437\u043d\u0438\u0446\u0430, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u0430\u0445. \n\n1) poc_filtered.py \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 FindFiltered \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 SharePoint.\n2) poc_specific.py \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 FindSpecific \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434.\n3) poc_sub.py \u0432 \u044d\u0442\u043e\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u0435\u0442\u043e\u0434 Subscribe \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0438 \u043d\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\nPoC \nPoC Video", "creation_timestamp": "2024-08-06T17:12:22.000000Z"}, {"uuid": "86d2dde0-eb6a-487f-9ba4-13c27b527bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1516", "content": "RCE \u0447\u0435\u0440\u0435\u0437 Microsoft SharePoint Server 2019\n\nMicrosoft SharePoint \u2014 \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435.\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u043b \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 CVE \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u044d\u0442\u0443 \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443: \n\nCVE-2024-38094 \nCVE-2024-38024\nCVE-2024-38023\n\n\u0427\u0442\u043e\u0431\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c RCE, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0441\u043b\u043e\u0432\u0438\u0439, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e\n1) \u0421\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 SharePoint.\n2) \u0423\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 (\u043b\u043e\u0433/\u043f\u0430\u0441\u0441) \u0434\u043b\u044f NTLM \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 + \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u043e\u043b\u0436\u043d\u0430 \u0438\u043c\u0435\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0430\u043f\u043e\u043a.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430: poc_filtered.py, poc_specific.py \u0438 poc_sub.py. \u0421\u0435\u0439\u0447\u0430\u0441 \u043a\u043e\u0440\u043e\u0442\u043a\u043e \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u0441\u0443\u0442\u044c \u0438 \u043a\u0430\u043a \u043e\u043d\u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442. \n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 NTLM \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a API SharePoint \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u0441\u0445\u043e\u0436\u0438\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f: \n\n\u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 SharePoint \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0417\u0430\u0442\u0435\u043c \u043e\u043d\u0438 \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043f\u0430\u043f\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a BusinessDataMetadataCatalog, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f POST-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a API SharePoint \u043f\u043e \u043f\u0443\u0442\u0438 /api/web/Folders.\n\n\u0414\u0430\u043b\u0435\u0435 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0444\u0430\u0439\u043b \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 BDCMetadata.bdcm, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 SharePoint, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a GetCreatorView, GetDefaultValues, GetFilters \u0438 FindFiltered. \u042d\u0442\u0438 \u043c\u0435\u0442\u043e\u0434\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 SharePoint, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \n\n\u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 poc_filtered.py \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u043f\u0430\u043f\u043a\u0430 BusinessDataMetadataCatalog, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 X-RequestDigest \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. X-RequestDigest \u2014 \u044d\u0442\u043e \u0442\u043e\u043a\u0435\u043d, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0449\u0438\u0439, \u0447\u0442\u043e \u0437\u0430\u043f\u0440\u043e\u0441 \u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043e\u0442 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u042d\u0442\u043e\u0442 \u0442\u043e\u043a\u0435\u043d \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438\u0445 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438. \u0417\u0430\u0442\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0444\u0430\u0439\u043b \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 BDCMetadata.bdcm \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0430\u043f\u043a\u0443. \u042d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u043a\u043e\u043d\u0446\u0435, \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 XML-\u0437\u0430\u043f\u0440\u043e\u0441 \u043a API SharePoint \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u041d\u043e \u043c\u0435\u0436\u0434\u0443 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438 \u0435\u0441\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0440\u0430\u0437\u043d\u0438\u0446\u0430, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u0430\u0445. \n\n1) poc_filtered.py \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 FindFiltered \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 SharePoint.\n2) poc_specific.py \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 FindSpecific \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434.\n3) poc_sub.py \u0432 \u044d\u0442\u043e\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u0435\u0442\u043e\u0434 Subscribe \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0438 \u043d\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\nPoC \nPoC Video", "creation_timestamp": "2024-08-06T17:12:22.000000Z"}, {"uuid": "2d1b0b9c-d198-4d47-86a2-e8b9e31f9128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1509", "content": "\ud83d\uddbc\ufe0f Microsoft SharePoint Server 20219 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\n\ud83d\udd17 Source:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-10T11:35:17.000000Z"}, {"uuid": "cfb172a1-cb30-4cb6-aabb-b492cb8cf59f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1509", "content": "\ud83d\uddbc\ufe0f Microsoft SharePoint Server 20219 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\n\ud83d\udd17 Source:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-10T11:35:17.000000Z"}, {"uuid": "fbb4ebcc-e2f9-41ec-ab3d-fc17c58c3502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "exploited", "source": "https://t.me/S_E_Reborn/4953", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T19:33:17.000000Z"}, {"uuid": "8b78f60e-98f0-442e-8852-476e42cc238f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2958", "content": "https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nCVE-2024-38094\nCVE-2024-38024\nCVE-2024-38023\n#github #poc", "creation_timestamp": "2024-08-07T06:18:21.000000Z"}, {"uuid": "6728b586-f9a5-4f95-9b96-5afa436d2d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2958", "content": "https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nCVE-2024-38094\nCVE-2024-38024\nCVE-2024-38023\n#github #poc", "creation_timestamp": "2024-08-07T06:18:21.000000Z"}, {"uuid": "6c2298c6-435b-4d11-b783-c5f70cb76865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "exploited", "source": "https://t.me/S_E_Reborn/4953", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T19:33:17.000000Z"}, {"uuid": "6d01f3ce-a89e-4fd5-a9e6-62763760d368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10820", "content": "#exploit\n1. CVE-2024-38094,\nCVE-2024-38024,\nCVE-2024-38023:\nMS SharePoint RCE\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n2. CVE-2024-33327:\nLumisXP XSS\nhttps://seclists.org/fulldisclosure/2024/Jul/9\n\n3. Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge RCE\nhttps://0reg.dev/blog/evernote-rce", "creation_timestamp": "2024-07-12T13:22:56.000000Z"}, {"uuid": "d1d05f06-ed73-4d5b-a66b-932ee3391b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3733", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-16T11:23:44.000000Z"}, {"uuid": "4c90c79f-9660-4917-86d3-bcd8f2ec4e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10820", "content": "#exploit\n1. CVE-2024-38094,\nCVE-2024-38024,\nCVE-2024-38023:\nMS SharePoint RCE\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n2. CVE-2024-33327:\nLumisXP XSS\nhttps://seclists.org/fulldisclosure/2024/Jul/9\n\n3. Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge RCE\nhttps://0reg.dev/blog/evernote-rce", "creation_timestamp": "2024-07-12T13:22:56.000000Z"}, {"uuid": "a347596a-be7a-428b-88e7-d11025d8a063", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38023", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3410", "content": "#exploit\n1. CVE-2024-38094,\nCVE-2024-38024,\nCVE-2024-38023:\nMS SharePoint RCE\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n2. CVE-2024-33327:\nLumisXP XSS\nhttps://seclists.org/fulldisclosure/2024/Jul/9\n\n3. Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge RCE\nhttps://0reg.dev/blog/evernote-rce", "creation_timestamp": "2024-08-16T11:16:24.000000Z"}, {"uuid": "3cb94011-d73b-4679-a4d8-c2213ccf953a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3410", "content": "#exploit\n1. CVE-2024-38094,\nCVE-2024-38024,\nCVE-2024-38023:\nMS SharePoint RCE\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n2. CVE-2024-33327:\nLumisXP XSS\nhttps://seclists.org/fulldisclosure/2024/Jul/9\n\n3. Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge RCE\nhttps://0reg.dev/blog/evernote-rce", "creation_timestamp": "2024-08-16T11:16:24.000000Z"}, {"uuid": "d20c974b-5892-4c21-a04b-49b7bb831b55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3733", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-16T11:23:44.000000Z"}, {"uuid": "dc546441-64f2-4579-8158-4d1ba12f4776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38021", "type": "seen", "source": "https://t.me/club31337/2323", "content": "https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability\n\n#ZeroClick #RCE #Outlook\n\nUnlike the previously discovered vulnerability CVE-2024-30103 disclosed in June - which required authentication (at least an NTLM token) - this new vulnerability does not require any authentication. \nIt requires 0clicks for known senders else 1\n\n\u269c\ufe0f @club1337", "creation_timestamp": "2024-11-11T02:29:01.000000Z"}]}