{"vulnerability": "CVE-2024-38473", "sightings": [{"uuid": "5e2ea7ac-5610-48b0-abbd-c1939d7e14b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/cKure/16348", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 \u2604\ufe0fApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n\n\ud83d\udd25https://github.com/mrmtwoj/apache-vulnerability-testing", "creation_timestamp": "2026-04-24T21:42:08.000000Z"}, {"uuid": "457b75a6-1ab4-45c7-a220-4ccf7150bb9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/a23cbcad-e890-4df8-8736-9332ed4c3d47", "content": "", "creation_timestamp": "2024-07-17T12:43:59.267734Z"}, {"uuid": "bda7686f-f7a7-4bde-a7d8-a126226eb282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/12337", "content": "\u200aCVE-2024-38473 Nuclei Template : Mastering Apache ACL Bypass Techniques\n\nhttps://kalilinuxtutorials.com/cve-2024-38473-nuclei-template/", "creation_timestamp": "2024-09-08T17:47:03.000000Z"}, {"uuid": "27b8ebaa-0d93-4a6a-85f8-1b323f1c1709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8339", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aNuclei template to detect Apache servers vulnerable to CVE-2024-38473\nURL\uff1ahttps://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-23T14:04:28.000000Z"}, {"uuid": "7307ca41-19f6-4b2b-a73d-e8e0836c5495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8332", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aNuclei template to detect Apache servers vulnerable to CVE-2024-38473\nURL\uff1ahttps://github.com/juanschallibaum/Prueba-Repo\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-23T04:51:07.000000Z"}, {"uuid": "b0a96d8e-afc3-4531-b918-e8d27468e79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8689", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 ,  CVE-2024-38473 , CVE-2023-38709\nURL\uff1ahttps://github.com/mrmtwoj/apache-vulnerability-testing\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-05T20:59:37.000000Z"}, {"uuid": "dfa33c5f-4e00-42f4-bc84-f0ed6f6146a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/AGENTZSECURITY/1246", "content": "https://github.com/szybnev/nuclei-custom\nhttps://github.com/microphone-mathematics/custom-nuclei-templates\nhttps://github.com/wearetyomsmnv/llm_integrated_nuclei_templates\nhttps://github.com/valaDevs/nuclei-backupfile-finder\nhttps://github.com/imhunterand/nuclei-custom-templates\nhttps://github.com/HernanRodriguez1/ScanReflectedSSTI\nhttps://github.com/praetorian-inc/zeroqlik-detect\nhttps://github.com/anmolksachan/nuclei-templates\nhttps://github.com/kernel-krunch/nuclei-templates\nhttps://github.com/schooldropout1337/nuclei-templates\nhttps://github.com/reewardius/nuclei-templates\nhttps://github.com/Dalaho-bangin/my_nuclei_templates\nhttps://github.com/reewardius/nuclei-special-templates\nhttps://github.com/nicholasaleks/NucleiGPT\nhttps://github.com/Tykerdestroy/Bug-bounty-custom-templates\nhttps://github.com/Mr-B0hl00l/nuclei-templates\nhttps://github.com/zerbaliy3v/custom-nuclei-templates\nhttps://github.com/bhataasim1/PersonalTemplates.git\nhttps://github.com/themastersunil/nucleiDB\nhttps://github.com/Linuxinet/nuclei-templates\nhttps://github.com/Aituglo/nuclei-templates\nhttps://github.com/0XParthJ/Nuclei-Templates\nhttps://github.com/JoshMorrison99/url-based-nuclei-templates\nhttps://github.com/pikpikcu/my-nuclei-templates\nhttps://github.com/SirBugs/Priv8-Nuclei-Templates\nhttps://github.com/projectdiscovery/nuclei-templates\nhttps://github.com/Linuxinet/mobile-nuclei-templates\nhttps://github.com/thelabda/labdanuclei\nhttps://github.com/mosesrenegade/nuclei-templates\nhttps://github.com/kh4sh3i/nuclei-templates\nhttps://github.com/projectdiscovery/fuzzing-templates\nhttps://github.com/PedroF-369/nuclei_templates\nhttps://github.com/0x727/ObserverWard\nhttps://github.com/0xSojalSec/nuclei-templates-websphere-portal-preauth-ssrf\nhttps://github.com/0xSojalSec/Nuclei-TemplatesNuclei-Templates-CVE-2017-17736\nhttps://github.com/0xSojalSec/kenzer-templates\nhttps://github.com/0xSojalSec/my-nuclei-templates-1\nhttps://github.com/0xSojalSec/nuclei-templates-5\nhttps://github.com/0xSojalSec/nuclei-templates-4\nhttps://github.com/0xSojalSec/templatesallnuclei\nhttps://github.com/0xSojalSec/Nuclei-Templates-Collection\nhttps://github.com/0xSojalSec/templates-nuclei-Oracle-OAM---XSS\nhttps://github.com/0xSojalSec/Nuclei-Templates-API-Linkfinder\nhttps://github.com/0xSojalSec/nuclei_templates-SymfonyRCE\nhttps://github.com/pdelteil/BugBountyReportTemplates\nhttps://github.com/AshiqurEmon/nuclei_templates\nhttps://github.com/freakyclown/Nuclei_templates\nhttps://github.com/rix4uni/BugBountyTips\nhttps://github.com/bug-vs-me/nuclei\nhttps://github.com/themastersunil/Nuclei-TamplatesBackup\nhttps://github.com/rzizah/private-nuclei-template\nhttps://github.com/Christbowel/CVE-2024-25600_Nuclei-Template\nhttps://github.com/linuxadi/40k-nuclei-templates\nhttps://github.com/Sachinart/manual-nuclei-templates\nhttps://github.com/N-N33/Community-Nuclei-Templates\nhttps://github.com/freelancermijan/custom-nuclei-templates\nhttps://github.com/jhonnybonny/nuclei-templates-bitrix\nhttps://github.com/emadshanab/nuclei-templates25\nhttps://github.com/yueyejian13/personal-nuclei-templates\nhttps://github.com/kathuluman/Custom-Nuclei-Templates\nhttps://github.com/rahul-nakum14/Recon\nhttps://github.com/exploit-io/nuclei-fuzz-templates\nhttps://github.com/emadshanab/custom-nuclei-template-Subdomain_Takeover_Checker\nhttps://github.com/Anja-dhnd/templates4nuclei\nhttps://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template\nhttps://github.com/Sachinart/manual-nuclei-templates\nhttps://github.com/N-N33/Community-Nuclei-Templates\nhttps://github.com/freelancermijan/custom-nuclei-templates\nhttps://github.com/jhonnybonny/nuclei-templates-bitrix\nhttps://github.com/exploit-io/nuclei-templates\nhttps://github.com/yueyejian13/personal-nuclei-templates\nhttps://github.com/kathuluman/Custom-Nuclei-Templates\nhttps://github.com/rahul-nakum14/Recon", "creation_timestamp": "2025-04-22T02:52:21.000000Z"}, {"uuid": "4e308b05-6fd5-48d0-84e6-8523e23539ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/ton618cyber/5262", "content": "#exploit\n1. CVE-2024-45409:\nRuby-SAML/GitLab Authentication Bypass\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200:\nMario Kart 8 Deluxe's \"KartLANPwn\" BoF\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n// CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709", "creation_timestamp": "2024-10-08T16:16:09.000000Z"}, {"uuid": "5be7d3c3-1b84-4833-b687-e229fb424bfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/AGENTZSECURITY/1253", "content": "https://github.com/toramanemre/log4j-rce-detect-waf-bypass\nhttps://github.com/trickest/log4j\nhttps://github.com/twseptian/custom-nuclei-templates\nhttps://github.com/umityn/my-nuclei-templates\nhttps://github.com/v3l4r10/Nuclei-Templates\nhttps://github.com/valaDevs/env-js-nuclei\nhttps://github.com/valaDevs/nuclei-backupfile-finder\nhttps://github.com/vidocsecurity/templates\nhttps://github.com/vishal12300/all_nuclei_templatess\nhttps://github.com/vsh00t/nuclei-templates\nhttps://github.com/vulnspace/nuclei-templates\nhttps://github.com/wasp76b/nuclei-templates\nhttps://github.com/wearetyomsmnv/llm_integrated_nuclei_templates\nhttps://github.com/websecresearch/nucleirecordloginsession\nhttps://github.com/windyGarlic/my-nuclei-templates\nhttps://github.com/windyGarlic/nuclei-templates\nhttps://github.com/wr00t/templates\nhttps://github.com/xelemental/Nuclei-Templates\nhttps://github.com/xinZa1/template\nhttps://github.com/xjhonly/nuclei-templates\nhttps://github.com/yarovit-developer/nuclei-templates\nhttps://github.com/yavolo/nuclei-templates\nhttps://github.com/z3bd/nuclei-templates\nhttps://github.com/zer0yu/Open-PoC\nhttps://github.com/zinminphyo0/KozinTemplates\nhttps://github.com/zodmagus/z0ds3c-Nuclei-Templates\nhttps://github.com/Christbowel/CVE-2024-25600_Nuclei-Template\nhttps://github.com/0xr2r/templates-nucleir2r\nhttps://github.com/al00000000al/my_nuclei_templates\nhttps://github.com/JohnDoeAnonITA/NucleiTemplatePRV\nhttps://github.com/emo-crab/scap-rs\nhttps://github.com/blackvitasoy/nuclei_templates\nhttps://github.com/BattalFaikAktas/custom-nuclei-templates\nhttps://github.com/0xc4sper0/Nuclei-templates\nhttps://github.com/abletsoff/custom-nuclei-templates\nhttps://github.com/rzizah/private-nuclei-template\nhttps://github.com/0xPugal/my-nuclei-templates\nhttps://github.com/jhonnybonny/nuclei-templates-bitrix\nhttps://github.com/Anja-dhnd/templates4nuclei\nhttps://github.com/andersonmv/Nuclei_Templates\nhttps://github.com/pushpak-11/nuclei-templates\nhttps://github.com/chudamax/custom_nuclei_templates\nhttps://github.com/emadshanab/nuclei-bitrix-templates\nhttps://github.com/Sachinart/manual-nuclei-templates\nhttps://github.com/exploit-io/nuclei-fuzz-templates\nhttps://github.com/hackersupcoming/Nuclei_Templates\nhttps://github.com/DiabloHTB/Nuclei-Template-CVE-2024-1561\nhttps://github.com/niranc/Nuclei-personal-templates\nhttps://github.com/Loftven/BIZONE_WAF_DETECt\nhttps://github.com/YashVardhanTrip/nuclei-templates-initial-access\nhttps://github.com/Saitle/Yamilicious\nhttps://github.com/SalehLardhi/nuclei-wp-config-php\nhttps://github.com/c3rrberu5/CVE-2024-24919\nhttps://github.com/0x20c/CVE-2024-4577-nuclei\nhttps://github.com/xungzzz/CVE-2024-4956\nhttps://github.com/ZephrFish/CVE-2024-4577-PHP-RCE\nhttps://github.com/Term1N8/nuclei-templates\nhttps://github.com/KhukuriRimal/CustomNucleiTemplates\nhttps://github.com/stuxctf/nuclei-templates-stux\nhttps://github.com/megamindmeg/Templates\nhttps://github.com/TolgaTD/Nuclei-Custom-Templates\nhttps://github.com/adibarsyad/nuclei-ios\nhttps://github.com/Sysc4ll3r/CVE-2024-4577\nhttps://github.com/adibarsyad/nuclei-jsp-source-code-review\nhttps://github.com/edoardottt/RFDos-Scanner\nhttps://github.com/banditzCyber0x/template\nhttps://github.com/sardine-web/polaris-web-reflected-xss.git\nhttps://github.com/Josekutty-K/nuclei-templates\nhttps://github.com/Mamilate/3-Nuclei-Templates\nhttps://github.com/ReksySec/3Nucleit-Templates\nhttps://github.com/Mohsenalmamun/Nuclei-Template\nhttps://github.com/K3ysTr0K3R/Custom-Nuclei-Templates\nhttps://github.com/br0wnst4n11/Custom_Nuclei_Templates\nhttps://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template\nhttps://github.com/fa-rrel/Nuclei-templates-xd \nhttps://github.com/superhexa/nuclei-templates\nhttps://github.com/ts4rin4/templates4nuclei\nhttps://github.com/jhonnybonny/nuclei-templates", "creation_timestamp": "2025-04-22T02:52:22.000000Z"}, {"uuid": "cae4c63a-c3f4-4660-96a2-31dfa678b0b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/dilagrafie/3789", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:18.000000Z"}, {"uuid": "763af48c-1536-4b5e-b22d-4f39116f2885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1139", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:55.000000Z"}, {"uuid": "9fe91038-1083-476c-af3c-789ec4d1a736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/772", "content": "Nuclei template designed to detect Apache servers vulnerable to CVE-2024-38473. It first identifies servers running Apache < 2.4.60 with default PHP-FPM settings. Then, it fuzzes for potential PHP files protected by ACLs that might be bypassed due to this vulnerability.\n\nhttps://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template", "creation_timestamp": "2024-08-29T05:51:15.000000Z"}, {"uuid": "df880247-bed4-4748-a7bb-a767d21dd140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/CyberDilara/1055", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:00.000000Z"}, {"uuid": "024d10a2-01f5-45b7-9aac-c22d61a9ce2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23574", "content": "Nuclei template designed to detect Apache servers vulnerable to CVE-2024-38473. It first identifies servers running Apache < 2.4.60 with default PHP-FPM settings. Then, it fuzzes for potential PHP files protected by ACLs that might be bypassed due to this vulnerability.\n\nhttps://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template", "creation_timestamp": "2024-08-29T05:51:31.000000Z"}, {"uuid": "827c8afa-12b9-4adc-8f71-782cf9038b76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/InfoSecInsider/24253", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:40.000000Z"}, {"uuid": "b2e2807d-72da-4389-a7ba-7fb41ff07947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/InfoSecInsider/24061", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:11.000000Z"}, {"uuid": "6d7f07fa-5367-48bd-905e-74cec5da8416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8948", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:31:33.000000Z"}, {"uuid": "925c2437-1437-4e63-9859-bc652270a4a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/GrayHatsHack/8873", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:05.000000Z"}, {"uuid": "979e6c0d-944f-481b-ba26-b8d7fead44ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11240", "content": "#exploit\n1. CVE-2024-45409:\nRuby-SAML/GitLab Authentication Bypass\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200:\nMario Kart 8 Deluxe's \"KartLANPwn\" BoF\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n// CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709", "creation_timestamp": "2024-10-06T14:45:15.000000Z"}, {"uuid": "4138c389-be9f-4db9-b3bc-a07546ec1592", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7573", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:31:33.000000Z"}, {"uuid": "757ed3a4-48e3-49e1-9e3c-87429aef4b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/GrayHatsHack/7509", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:05.000000Z"}, {"uuid": "c5c58ed4-caba-4842-a324-82bd41b22b74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4094", "content": "#GitHub #Tools \n\nAutorizePro\u662f\u4e00\u6b3e\u5f3a\u5927\u8d8a\u6743\u68c0\u6d4b Burp \u63d2\u4ef6\uff0c\u901a\u8fc7\u589e\u52a0 AI \u8f85\u52a9\u5206\u6790 && \u8fdb\u4e00\u6b65\u4f18\u5316\u68c0\u6d4b\u903b\u8f91\uff0c\u5927\u5e45\u964d\u4f4e\u8bef\u62a5\u7387\uff0c\u63d0\u5347\u8d8a\u6743\u6f0f\u6d1e\u68c0\u51fa\u6548\u7387\u3002 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.\n\nhttps://github.com/sule01u/AutorizePro\n\nA security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities.\n\nhttps://github.com/PShlyundin/GPOHunter\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nExploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise.\n\nhttps://github.com/MWR-CyberSec/AD-CS-Forest-Exploiter\n\nNotes about attacking Jenkins servers\n\nhttps://github.com/gquere/pwn_jenkins\n\n#HackersFactory", "creation_timestamp": "2025-01-19T10:41:44.000000Z"}, {"uuid": "94f6c5c6-ad30-4e4f-b03a-28b1098a8807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3843", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:20.000000Z"}, {"uuid": "31b9d6ea-d57f-481c-bba6-4399e9b74305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7922", "content": "#GitHub #Tools \n\nAutorizePro\u662f\u4e00\u6b3e\u5f3a\u5927\u8d8a\u6743\u68c0\u6d4b Burp \u63d2\u4ef6\uff0c\u901a\u8fc7\u589e\u52a0 AI \u8f85\u52a9\u5206\u6790 && \u8fdb\u4e00\u6b65\u4f18\u5316\u68c0\u6d4b\u903b\u8f91\uff0c\u5927\u5e45\u964d\u4f4e\u8bef\u62a5\u7387\uff0c\u63d0\u5347\u8d8a\u6743\u6f0f\u6d1e\u68c0\u51fa\u6548\u7387\u3002 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.\n\nhttps://github.com/sule01u/AutorizePro\n\nA security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities.\n\nhttps://github.com/PShlyundin/GPOHunter\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nExploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise.\n\nhttps://github.com/MWR-CyberSec/AD-CS-Forest-Exploiter\n\nNotes about attacking Jenkins servers\n\nhttps://github.com/gquere/pwn_jenkins\n\n#HackersFactory", "creation_timestamp": "2025-01-19T10:41:51.000000Z"}, {"uuid": "002c7933-4010-4461-b11a-9370b9d63691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3285", "content": "https://github.com/mrmtwoj/apache-vulnerability-testing\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n#github #exploit", "creation_timestamp": "2024-10-06T03:39:45.000000Z"}, {"uuid": "d46ab769-cf7d-44f0-896e-35b8047fa820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/102", "content": "Nuclei template designed to detect Apache servers vulnerable to CVE-2024-38473. It first identifies servers running Apache < 2.4.60 with default PHP-FPM settings. Then, it fuzzes for potential PHP files protected by ACLs that might be bypassed due to this vulnerability.\n\nhttps://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template", "creation_timestamp": "2024-08-29T05:51:31.000000Z"}, {"uuid": "6ea3cb86-1fdb-4f49-ac25-030516c3f5cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/605", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:49.000000Z"}, {"uuid": "c04cfd18-0864-4e33-a8c3-1de41a51124f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38473", "type": "seen", "source": "https://t.me/InfoSecInsider/492", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:11.000000Z"}]}