{"vulnerability": "CVE-2024-4267", "sightings": [{"uuid": "742fbeee-46d4-462b-b5bc-5078a2355c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42677", "type": "seen", "source": "https://t.me/cvedetector/3243", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42677 - Huizhi Enterprise Resource Management System File Handle Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-42677 \nPublished : Aug. 15, 2024, 2:15 p.m. | 30\u00a0minutes ago \nDescription : An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T16:48:14.000000Z"}, {"uuid": "1f0acc6e-2768-4246-9142-1fe972545a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42671", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh2is5r2k42e", "content": "", "creation_timestamp": "2025-01-31T17:15:25.996370Z"}, {"uuid": "c0d949ab-f5db-4758-a723-2e2098e70827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42671", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh2xd72dfv2k", "content": "", "creation_timestamp": "2025-01-31T21:35:31.615278Z"}, {"uuid": "cc6fb8af-fdb7-4864-a83e-ef97005ff318", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42671", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8162", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-42671\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities.\n\ud83d\udccf Published: 2025-01-31T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T20:44:15.425Z\n\ud83d\udd17 References:\n1. https://github.com/abbisQQ/Appointment-Scheduler-Host-Header-Poisoning-Open-Redirect/blob/main/README.md\n2. https://github.com/slabiak/AppointmentScheduler/issues/53", "creation_timestamp": "2025-03-19T21:18:35.000000Z"}, {"uuid": "f7e2af15-d127-4b7b-9a8e-853a045d418d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42676", "type": "seen", "source": "https://t.me/cvedetector/3242", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42676 - Huizhi Enterprise Resource Management System File Upload Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42676 \nPublished : Aug. 15, 2024, 2:15 p.m. | 30\u00a0minutes ago \nDescription : File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T16:48:14.000000Z"}, {"uuid": "6d22fe8d-ed56-4f7c-a7fa-7ee385df35d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42671", "type": "seen", "source": "https://t.me/cvedetector/16964", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42671 - Slabiak Appointment Scheduler Host Header Poisoning Open Redirect Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42671 \nPublished : Jan. 31, 2025, 5:15 p.m. | 46\u00a0minutes ago \nDescription : A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T19:34:22.000000Z"}, {"uuid": "6fceaca5-7110-408c-945b-300f9a8bb671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42678", "type": "seen", "source": "https://t.me/cvedetector/3241", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42678 - Super easy Enterprise Management System Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-42678 \nPublished : Aug. 15, 2024, 2:15 p.m. | 30\u00a0minutes ago \nDescription : Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T16:48:10.000000Z"}, {"uuid": "50cbfa18-7732-4776-9fb0-2229b046638d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42679", "type": "seen", "source": "https://t.me/cvedetector/3239", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42679 - Super Easy Enterprise Management System SQL Injection RCE\", \n  \"Content\": \"CVE ID : CVE-2024-42679 \nPublished : Aug. 15, 2024, 2:15 p.m. | 30\u00a0minutes ago \nDescription : SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T16:48:08.000000Z"}]}