{"vulnerability": "CVE-2024-3957", "sightings": [{"uuid": "5284500c-9690-4bab-8843-daa5595687ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/cKure/16348", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 \u2604\ufe0fApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n\n\ud83d\udd25https://github.com/mrmtwoj/apache-vulnerability-testing", "creation_timestamp": "2026-04-24T21:42:08.000000Z"}, {"uuid": "b33147ab-3a05-4546-8167-97da02a33c45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/a23cbcad-e890-4df8-8736-9332ed4c3d47", "content": "", "creation_timestamp": "2024-07-17T12:43:59.267734Z"}, {"uuid": "f79fb1ee-0f8b-46a8-b1a8-b1e482be87b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39578", "type": "seen", "source": "https://t.me/cvedetector/4568", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39578 - Dell PowerScale OneFS Symlink Following Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39578 \nPublished : Aug. 31, 2024, 8:15 a.m. | 28\u00a0minutes ago \nDescription : Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-31T10:52:45.000000Z"}, {"uuid": "f9976cda-7ec9-4c7d-b4a1-4499f865a6fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8689", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 ,  CVE-2024-38473 , CVE-2023-38709\nURL\uff1ahttps://github.com/mrmtwoj/apache-vulnerability-testing\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-05T20:59:37.000000Z"}, {"uuid": "c0e10d03-32e6-4545-8482-7ccd8d172c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39579", "type": "seen", "source": "https://t.me/cvedetector/4567", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39579 - Dell PowerScale OneFS Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39579 \nPublished : Aug. 31, 2024, 8:15 a.m. | 28\u00a0minutes ago \nDescription : Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-31T10:52:44.000000Z"}, {"uuid": "1590fb06-e905-4cfc-ae85-c12c71191abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39576", "type": "seen", "source": "https://t.me/cvedetector/3876", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39576 - Dell Power Manager Incorrect Privilege Assignment Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39576 \nPublished : Aug. 22, 2024, 3:15 a.m. | 41\u00a0minutes ago \nDescription : Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:59:07.000000Z"}, {"uuid": "758a7b71-bdbc-4ea9-a688-557e7d197e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39574", "type": "seen", "source": "https://t.me/cvedetector/5202", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39574 - Dell PowerScale InsightIQ Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39574 \nPublished : Sept. 10, 2024, 9:15 a.m. | 17\u00a0minutes ago \nDescription : Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T11:43:29.000000Z"}, {"uuid": "dfcdc739-2525-42a1-9e61-10accea9657e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3957", "type": "seen", "source": "Telegram/AhYANTJDxK4Zf6nYhcevXO_ofXO3rUwo1XS88qq31GFsKPND", "content": "", "creation_timestamp": "2025-02-06T02:40:18.000000Z"}, {"uuid": "5746dab7-a564-4668-b377-2b0fa65e9cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39570", "type": "seen", "source": "https://t.me/cvedetector/343", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39570 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39570 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:42.000000Z"}, {"uuid": "0bcc35ad-4cc3-40c6-bb04-f58104e00342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39571", "type": "seen", "source": "https://t.me/cvedetector/342", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39571 - A vulnerability has been identified in SINEMA Remo\", \n  \"Content\": \"CVE ID : CVE-2024-39571 \nPublished : July 9, 2024, 12:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability has been identified in SINEMA Remote Connect Server (All versions Severity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T14:46:41.000000Z"}, {"uuid": "1d00d5a8-0b1b-4190-b6b5-884f2140a341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/144", "content": "#Offensive_security\nConfusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server (CVE-2024-38472, CVE-2024-39573)\nhttps://blog.orange.tw/2024/08/confusion-attacks-en.html", "creation_timestamp": "2024-08-10T06:12:20.000000Z"}, {"uuid": "86abd2f1-cf55-44fb-865d-7d2ca49e704f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/ton618cyber/5262", "content": "#exploit\n1. CVE-2024-45409:\nRuby-SAML/GitLab Authentication Bypass\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200:\nMario Kart 8 Deluxe's \"KartLANPwn\" BoF\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n// CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709", "creation_timestamp": "2024-10-08T16:16:09.000000Z"}, {"uuid": "ea147d75-dcb8-4d4a-9c23-ee95492b4029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1139", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:55.000000Z"}, {"uuid": "9f7b9975-fcfc-4309-b05f-f670615cec78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8948", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:31:33.000000Z"}, {"uuid": "82d54cab-f54c-4753-978f-a93df91dfa39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "Telegram/tsGqiIILbovTakNpXk7OulM6WSVqTkWfqnXzKHZ7DL7J8wc", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}, {"uuid": "63f6487d-2e3e-47a9-9e9b-7a751a9c3963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/CyberDilara/1055", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:00.000000Z"}, {"uuid": "cbfc1a7f-d56f-40e3-911a-d384c2f02895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/InfoSecInsider/24253", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:40.000000Z"}, {"uuid": "8cbfa08f-cefd-4f5c-a428-7b1ca6921e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/GrayHatsHack/8873", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:05.000000Z"}, {"uuid": "c82420eb-6e48-435e-855f-d90f9e724b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/InfoSecInsider/24061", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:11.000000Z"}, {"uuid": "971234c8-386b-445a-a6c1-2db90460efde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4094", "content": "#GitHub #Tools \n\nAutorizePro\u662f\u4e00\u6b3e\u5f3a\u5927\u8d8a\u6743\u68c0\u6d4b Burp \u63d2\u4ef6\uff0c\u901a\u8fc7\u589e\u52a0 AI \u8f85\u52a9\u5206\u6790 && \u8fdb\u4e00\u6b65\u4f18\u5316\u68c0\u6d4b\u903b\u8f91\uff0c\u5927\u5e45\u964d\u4f4e\u8bef\u62a5\u7387\uff0c\u63d0\u5347\u8d8a\u6743\u6f0f\u6d1e\u68c0\u51fa\u6548\u7387\u3002 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.\n\nhttps://github.com/sule01u/AutorizePro\n\nA security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities.\n\nhttps://github.com/PShlyundin/GPOHunter\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nExploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise.\n\nhttps://github.com/MWR-CyberSec/AD-CS-Forest-Exploiter\n\nNotes about attacking Jenkins servers\n\nhttps://github.com/gquere/pwn_jenkins\n\n#HackersFactory", "creation_timestamp": "2025-01-19T10:41:44.000000Z"}, {"uuid": "85d52975-828d-406a-8e9c-90e0aaf378af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3843", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:20.000000Z"}, {"uuid": "2bd84ba0-dac0-4453-8ce1-a8417da96297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/dilagrafie/3789", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:18.000000Z"}, {"uuid": "1148e39e-1d85-4ade-8b6c-46aa6ad9f141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7573", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:31:33.000000Z"}, {"uuid": "fb4df843-dfab-450f-a3d6-d150aa4e8286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/GrayHatsHack/7509", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:05.000000Z"}, {"uuid": "65d401f4-e1e9-4b10-9059-d53a1c2e2bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7922", "content": "#GitHub #Tools \n\nAutorizePro\u662f\u4e00\u6b3e\u5f3a\u5927\u8d8a\u6743\u68c0\u6d4b Burp \u63d2\u4ef6\uff0c\u901a\u8fc7\u589e\u52a0 AI \u8f85\u52a9\u5206\u6790 && \u8fdb\u4e00\u6b65\u4f18\u5316\u68c0\u6d4b\u903b\u8f91\uff0c\u5927\u5e45\u964d\u4f4e\u8bef\u62a5\u7387\uff0c\u63d0\u5347\u8d8a\u6743\u6f0f\u6d1e\u68c0\u51fa\u6548\u7387\u3002 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.\n\nhttps://github.com/sule01u/AutorizePro\n\nA security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities.\n\nhttps://github.com/PShlyundin/GPOHunter\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nExploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise.\n\nhttps://github.com/MWR-CyberSec/AD-CS-Forest-Exploiter\n\nNotes about attacking Jenkins servers\n\nhttps://github.com/gquere/pwn_jenkins\n\n#HackersFactory", "creation_timestamp": "2025-01-19T10:41:51.000000Z"}, {"uuid": "f2425319-4847-4bb4-bad3-a03d6010e114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3285", "content": "https://github.com/mrmtwoj/apache-vulnerability-testing\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709\n#github #exploit", "creation_timestamp": "2024-10-06T03:39:45.000000Z"}, {"uuid": "c4c06151-9b1d-4d52-9f04-9ce410349755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/10963", "content": "#Offensive_security\nConfusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server (CVE-2024-38472, CVE-2024-39573)\nhttps://blog.orange.tw/2024/08/confusion-attacks-en.html", "creation_timestamp": "2024-08-12T11:45:27.000000Z"}, {"uuid": "abb4df49-4740-4eb4-8c15-4aea168f68a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/InfoSecInsider/492", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:11.000000Z"}, {"uuid": "b3ff555c-460c-40a5-ae18-1fd493a45173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11240", "content": "#exploit\n1. CVE-2024-45409:\nRuby-SAML/GitLab Authentication Bypass\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200:\nMario Kart 8 Deluxe's \"KartLANPwn\" BoF\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n// CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709", "creation_timestamp": "2024-10-06T14:45:15.000000Z"}, {"uuid": "f6206013-4218-4655-96cf-aa533d960a87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/605", "content": "Apache HTTP Server Vulnerability Testing Tool\n\nApache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "creation_timestamp": "2024-11-02T06:39:49.000000Z"}, {"uuid": "6a563346-47d0-4b77-b38d-f26f882d6fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39573", "type": "seen", "source": "https://t.me/Rootsec_2/3752", "content": "#Offensive_security\nConfusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server (CVE-2024-38472, CVE-2024-39573)\nhttps://blog.orange.tw/2024/08/confusion-attacks-en.html", "creation_timestamp": "2024-08-16T11:23:45.000000Z"}]}