{"vulnerability": "CVE-2024-40431", "sightings": [{"uuid": "0d9d032d-4e85-4ec0-97ae-8c7b683e1c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1225", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T08:10:56.000000Z"}, {"uuid": "2040c182-af32-4fe9-bbb3-769e6afba0e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "seen", "source": "https://t.me/cvedetector/8770", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40431 - Realtek SD Card Reader Driver Kernel Memory Corruption (Write Arbitrary)\", \n  \"Content\": \"CVE ID : CVE-2024-40431 \nPublished : Oct. 23, 2024, 10:15 p.m. | 31\u00a0minutes ago \nDescription : A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-24T00:55:55.000000Z"}, {"uuid": "8a6dccbd-1017-4be4-8bb1-793cc57f9663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8544", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK) ROUGHT SKELLETON ATM. WILL EVENTUALLY TURN IT INTO FULL EOP\nURL\uff1ahttps://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-17T06:30:40.000000Z"}, {"uuid": "cc6b2330-5b16-4006-bb2a-70759eb755c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3909", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T04:19:04.000000Z"}, {"uuid": "9adc5a5f-2019-47c8-a5cc-9477659c3a08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9041", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:58:58.000000Z"}, {"uuid": "2f59a8fc-732b-4702-83b9-a115599457d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24794", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:59:09.000000Z"}, {"uuid": "07683387-bc2c-444a-948b-d7e823773764", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7649", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:58:58.000000Z"}, {"uuid": "457332c2-fe84-491c-a1ef-30d5a6103f68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11344", "content": "#exploit\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512", "creation_timestamp": "2024-10-28T13:32:54.000000Z"}, {"uuid": "67204104-decc-4299-aad5-2d3eb7aa6c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/739", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:59:09.000000Z"}, {"uuid": "34efc0ed-c4be-4525-946d-a566a4a42cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40431", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4876", "content": "#exploit\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512", "creation_timestamp": "2024-10-27T16:49:25.000000Z"}]}