{"vulnerability": "CVE-2024-4367", "sightings": [{"uuid": "90f1f910-ca4f-45a5-b718-3487444bc818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-4367", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3letdul2acl2l", "content": "", "creation_timestamp": "2025-01-03T10:08:16.697339Z"}, {"uuid": "860c4d83-ff98-422b-a441-19815a707f6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/hasegawa.bsky.social/post/3letfm3nxls2q", "content": "", "creation_timestamp": "2025-01-03T10:39:22.534770Z"}, {"uuid": "2bf6838a-22c2-4ded-bb54-f7d595d0ac48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3letfrhbngk25", "content": "", "creation_timestamp": "2025-01-03T10:42:20.121751Z"}, {"uuid": "3517ee15-1d7a-4a35-b040-25fb13eaa58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lq4mqal7ra2b", "content": "", "creation_timestamp": "2025-05-27T02:18:01.253513Z"}, {"uuid": "3498d12b-6654-4f83-9c18-609fe0b4cf64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lj6s25vawi2f", "content": "", "creation_timestamp": "2025-02-27T21:02:06.581428Z"}, {"uuid": "97f8d892-1000-4f22-91a8-264bcac60dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://infosec.exchange/users/adulau/statuses/114575915221540133", "content": "", "creation_timestamp": "2025-05-26T20:02:03.506838Z"}, {"uuid": "c5fc8ea1-ed2c-4694-be63-66863e472af6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lq3xqqcxdy26", "content": "", "creation_timestamp": "2025-05-26T20:02:28.845801Z"}, {"uuid": "18da794c-4c11-4fee-8516-25291fe82417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/adulau.infosec.exchange.ap.brid.gy/post/3lq3xqhpcodg2", "content": "", "creation_timestamp": "2025-05-26T20:03:05.248658Z"}, {"uuid": "1a54ac94-78dc-479e-b175-62646aa0a89b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://gist.github.com/EduardoCorpay/fdaeb4ec65cc4a1c8fcd2fb0162de09c", "content": "", "creation_timestamp": "2025-06-11T15:29:00.000000Z"}, {"uuid": "f3263494-acc9-445e-acdf-f58a5f4a4163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnj3ph3k5y2t", "content": "", "creation_timestamp": "2025-04-23T21:02:24.779648Z"}, {"uuid": "addefec8-0b53-4cb1-acb5-231e3c7a4b7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://bsky.app/profile/redteam-pentesting.de/post/3m75qw7zwu22j", "content": "", "creation_timestamp": "2025-12-04T10:23:34.008650Z"}, {"uuid": "b77beab0-c26d-475c-8315-245e7c403027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:27.000000Z"}, {"uuid": "5dc39f49-0faf-49a9-a3bd-3128b527f86c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7482", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367\nURL\uff1ahttps://github.com/clarkio/pdfjs-vuln-demo\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-31T20:00:29.000000Z"}, {"uuid": "7851680e-ffb9-41b3-aaf2-fb05d54f418f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7688", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367\nURL\uff1ahttps://github.com/snyk-labs/pdfjs-vuln-demo\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-17T11:41:43.000000Z"}, {"uuid": "831e6dab-7aee-42dc-a887-064a55532fbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7630", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367\nURL\uff1ahttps://github.com/Abo5/CVE-2024-4484\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-12T23:13:42.000000Z"}, {"uuid": "ce859b6b-7de5-4a59-a930-a2c0e59c0074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7714", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC - Prueba de Concepto de CVE-2024-4367 en conjunto al CVE-2023-38831 en un solo Script\nURL\uff1ahttps://github.com/UnHackerEnCapital/PDFernetRemotelo\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-19T23:26:06.000000Z"}, {"uuid": "9483757a-511c-4ffc-ac81-50f0ff0d550b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "cd6eba8f-a631-4b9d-a629-0d839048fa94", "vulnerability": "CVE-2024-4367", "type": "exploited", "source": "https://github.com/range42/range42-catalog/tree/main/03_container_layer/docker/_ctf/cve/web/pdfjs/CVE-2024-4367", "content": "", "creation_timestamp": "2026-04-15T14:28:37.394034Z"}, {"uuid": "a1bb0df5-f147-442e-a683-424754baabb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7733", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-4367\u590d\u73b0\nURL\uff1ahttps://github.com/Scivous/CVE-2024-4367-npm\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-21T08:21:24.000000Z"}, {"uuid": "88394c2e-5c99-4c5a-b437-245e000e6864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/cKure/12986", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2024-4367 \u2013 Arbitrary JavaScript execution in PDF.js\n\nhttps://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/", "creation_timestamp": "2024-05-27T13:01:33.000000Z"}, {"uuid": "a9f957a8-266e-4e44-be27-61f15f7beef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/NJ9nHeSjyVBN7SBgXLMvf-DAwTl6GvA0rPQzg42RPYkN4sg", "content": "", "creation_timestamp": "2025-08-25T15:00:05.000000Z"}, {"uuid": "16038423-fc2a-40d6-b74b-8746e9b8d50c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7379", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js\nURL\uff1ahttps://github.com/spaceraccoon/detect-cve-2024-4367\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-22T18:09:50.000000Z"}, {"uuid": "c3f4524c-2e98-4d0c-af90-5a617cd9a644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/BLETgmSECdsELe7SiMMG7bms6BodEHzI5VKt2H9vRFj39-4", "content": "", "creation_timestamp": "2025-08-03T21:00:04.000000Z"}, {"uuid": "4e01cc1e-7c30-4f01-b315-d9db48dd2b2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7632", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367\nURL\uff1ahttps://github.com/Abo5/CVE-2024-31210\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-13T00:26:55.000000Z"}, {"uuid": "7d66fbb9-e068-4997-8c8a-dafdb35c3c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7631", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367\nURL\uff1ahttps://github.com/Abo5/CVE-2024-27282\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-12T23:57:02.000000Z"}, {"uuid": "b6b0330a-c188-44f3-bddf-e2fe3d663a57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/VhjljfNhkzy27MAclYG8_ZdWA3MFufdW11JFY0LnzdcUII0", "content": "", "creation_timestamp": "2025-06-28T21:00:04.000000Z"}, {"uuid": "9806d210-9516-49b8-a8ae-c1b7cdd2bafc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7350", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-4367 Proof of Concept\nURL\uff1ahttps://github.com/LOURC0D3/CVE-2024-4367-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-20T10:07:13.000000Z"}, {"uuid": "7bc90896-6e00-4912-a4f2-20b962591bc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/CodeReview0o0/91", "content": "#\u0646\u06af\u0627\u0647_\u0646\u0641\u0648\u0630\u06af\u0631_\u0642\u0633\u0645\u062a_9\n\u062a\u0648 \u0627\u06cc\u0646 \u0642\u0633\u0645\u062a \u062f\u0631\u0645\u0648\u0631\u062f Stored XSS \u0627\u0632 \u0637\u0631\u06cc\u0642 PDF \u0648 \u062f\u0632\u062f\u06cc\u062f\u0646 \u06a9\u0648\u06a9\u06cc \u0647\u0627 \u0635\u062d\u0628\u062a \u0645\u06cc\u06a9\u0646\u06cc\u0645 \u0648 \u0645\u06cc\u0628\u06cc\u0646\u06cc\u0645 \u0622\u06cc\u0627 \u0622\u067e\u0644\u0648\u062f \u0641\u0627\u06cc\u0644 PDF \u0645\u06cc\u062a\u0648\u0646\u0647 \u0645\u0646\u062c\u0631 \u0628\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0634\u0647 \u06cc\u0627 \u0646\u0647.\n\n\u0644\u06cc\u0646\u06a9 \u0644\u0627\u0628\u0631\u0627\u062a\u0648\u0631 :\nhttps://github.com/maverick0o0/RealWorld-Labs/tree/main/PDF.js%20CVE\n\n\u0644\u06cc\u0646\u06a9 \u0646\u0648\u0634\u0646 : \nhttps://heady-hat-c49.notion.site/PDF-js-CVE-2024-4367-2d9db4803428805aac9ff472eb6e3c56?source=copy_link\n\n\u0648\u06cc\u062f\u06cc\u0648 :\nhttps://youtu.be/ptW0OAFAJSw", "creation_timestamp": "2026-01-01T20:49:01.000000Z"}, {"uuid": "7daf1cda-921b-4cb2-b7e6-632509747a6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7356", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-4367 arbitrary js execution in pdf js\nURL\uff1ahttps://github.com/s4vvysec/CVE-2024-4367-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-20T23:19:37.000000Z"}, {"uuid": "24679c6b-62db-4669-b528-6804446e93dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/538", "content": "https://github.com/rzte/pdf-exploit\n\npdf exploit \u96c6\u6210 \uff08CVE-2024-4367\uff09\n#github #exploit #tools", "creation_timestamp": "2024-07-14T12:19:38.000000Z"}, {"uuid": "effa9950-aac8-4f57-af1c-c3b508db82b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/_mb04GQDFMkSUEvLmFP_krYJPEj6Asa4dl-z5xHAcnkVfA", "content": "", "creation_timestamp": "2024-05-21T16:24:54.000000Z"}, {"uuid": "e82f651e-5bb4-447d-bf8b-f03c103a0570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/218", "content": "CVE-2024-4367-Arbitrary JavaScript Execution in PDF.JS\n\n- Built -in ranger in Firefox\n-node.js module pdfjs-dist\n- Sites with PDF pre -examination\n- Applications on Electron.\n\nAnd a bunch of places where you can operate XSS or RCE (in the case of Electron under certain conditions), in PDF.js.\n\nPOC: https://github.com/lourc0d3/cve-2024-4367-poc\n\nRESPER: https://codeanlabs.com/blog/research/cve-2024-4367-arry-js-js-in-pdf-js\n\ud83d\udcda ZeroEthical Course \ud83d\udc8e", "creation_timestamp": "2024-05-26T23:10:20.000000Z"}, {"uuid": "605dbc95-93bf-4a34-979f-3fb336ffa18d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/203", "content": "#exploit\n1. CVE-2024-32113:\nApache OFBiz Directory Traversal\nhttps://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit\n\n2. CVE-2024-4367:\nArbitrary JavaScript execution in PDF.js\nhttps://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js\n\n3. CVE-2024-33559:\nWordPress Theme XStore 9.3.8 - SQLi\nhttps://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection\n\n\ud83d\udcda ZeroEthical Course \ud83d\udc8e", "creation_timestamp": "2024-05-24T03:20:53.000000Z"}, {"uuid": "c221c612-d660-4a52-a11f-be4b7140aba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://t.me/HackingInsights/6029", "content": "\u200aFabasoft Tackles PDF.js Vulnerability (CVE-2024-4367), Safeguarding eGovernment and Enterprise Search Solutions\n\nhttps://securityonline.info/fabasoft-tackles-pdf-js-vulnerability-cve-2024-4367-safeguarding-egovernment-and-enterprise-search-solutions/", "creation_timestamp": "2024-07-14T12:38:47.000000Z"}, {"uuid": "a0e83ffe-0347-4f9d-a932-4bcfb8fc862f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/13053", "content": "https://github.com/rzte/pdf-exploit\n\npdf exploit \u96c6\u6210 \uff08CVE-2024-4367\uff09\n#exploit", "creation_timestamp": "2024-07-14T17:12:32.000000Z"}, {"uuid": "31f9bb6b-470b-4725-aabe-fca74243a7a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1260", "content": "https://github.com/rzte/pdf-exploit\n\npdf exploit \u96c6\u6210 \uff08CVE-2024-4367\uff09\n#exploit", "creation_timestamp": "2024-07-14T17:12:32.000000Z"}, {"uuid": "f55891e9-773c-4ef0-838b-a6d4ea4d8757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/368", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8PoC for CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE20244367 #CVE202434342 #Vulnerability \n\nhttps://x.com/DarkWebInformer/status/1793295146588459283", "creation_timestamp": "2024-05-22T18:12:14.000000Z"}, {"uuid": "9b59ebbb-938a-4ba0-972f-f2d6674a28be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/173", "content": "\u200aCVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users\n\nhttps://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/", "creation_timestamp": "2024-05-08T11:25:59.000000Z"}, {"uuid": "13374973-3620-4ef1-9343-29ccbd30e14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/425", "content": "Tools - Hackers Factory \n\nBloodHoundAD/BARK: BloodHound Attack Research Kit''\n\nhttps://github.com/BloodHoundAD/BARK\n\nCreate yourself #exp of CVE-2024-4367: PDF.js\n\nhttps://github.com/rzte/pdf-exploit\n\nCVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\n''GitHub - erebe/wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available''\n\nhttps://github.com/erebe/wstunnel\n\nOctoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk''\n\nhttps://github.com/Octoberfest7/MemFiles\n\nelastic/SWAT: Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.''\n\nhttps://github.com/elastic/SWAT\n\npmatula/Windows-Internals-Learning-Resources\n\nhttps://github.com/pmatula/Windows-Internals-Learning-Resources\n\nIntegration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.''\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\n0xEr3bus/RdpStrike: Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.''\n\nhttps://github.com/0xEr3bus/RdpStrike\n\nwh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).''\n\nhttps://github.com/wh0amitz/SharpADWS\n\nsrlabs/Certiception: An ADCS honeypot to catch attackers in your internal network.''\n\nhttps://github.com/srlabs/Certiception\n\nmertdas/SharpIncrease: A Tool that aims to evade av with binary padding''\n\nhttps://github.com/mertdas/SharpIncrease\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-18T08:55:28.000000Z"}, {"uuid": "9be64984-d6d2-41f7-9db0-7fae8581b23b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/155", "content": "Tools - Hackers Factory\n\nCross Site Scripting ( XSS ) Vulnerability Payload List \n\nhttps://github.com/payloadbox/xss-payload-list\n\nYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js \n\nhttps://github.com/spaceraccoon/detect-cve-2024-4367\n\nThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. \n\nhttps://github.com/0xInfection/XSRFProbe\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nAutomation for javascript recon in bug bounty. \n\nhttps://github.com/KathanP19/JSFScan.sh\n\nTempMail is a simple web application that allows you to generate temporary email addresses and view the emails received by these addresses. \n\nhttps://github.com/mehmetkahya0/temp-mail \n\nThis Repositories contains list of One Liners with Descriptions and Installation requirements \n\nhttps://github.com/thecybertix/One-Liner-Collections\n\nAutomatic SSRF fuzzer and exploitation tool \n\nhttps://github.com/swisskyrepo/SSRFmap\n\nA tool to fastly get all javascript sources/files \n\nhttps://github.com/003random/getJS\n\nServer-Side Request Forgery in Server Actions \n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\n\nInQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. \n\nhttps://github.com/doyensec/inql\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:00:55.000000Z"}, {"uuid": "b4488c68-ca8d-493a-a2dc-863164ed68ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/4430", "content": "Tools - Hackers Factory\n\nCross Site Scripting ( XSS ) Vulnerability Payload List \n\nhttps://github.com/payloadbox/xss-payload-list\n\nYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js \n\nhttps://github.com/spaceraccoon/detect-cve-2024-4367\n\nThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. \n\nhttps://github.com/0xInfection/XSRFProbe\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nAutomation for javascript recon in bug bounty. \n\nhttps://github.com/KathanP19/JSFScan.sh\n\nTempMail is a simple web application that allows you to generate temporary email addresses and view the emails received by these addresses. \n\nhttps://github.com/mehmetkahya0/temp-mail \n\nThis Repositories contains list of One Liners with Descriptions and Installation requirements \n\nhttps://github.com/thecybertix/One-Liner-Collections\n\nAutomatic SSRF fuzzer and exploitation tool \n\nhttps://github.com/swisskyrepo/SSRFmap\n\nA tool to fastly get all javascript sources/files \n\nhttps://github.com/003random/getJS\n\nServer-Side Request Forgery in Server Actions \n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\n\nInQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. \n\nhttps://github.com/doyensec/inql\n\n#HackersFactory", "creation_timestamp": "2024-05-25T15:33:16.000000Z"}, {"uuid": "68280262-f0e3-423e-94b9-52a83be877b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/YHR5LDl8bCoziN9wxHaTi6ArVs3jBR0B5N7TdotJGSgguKs", "content": "", "creation_timestamp": "2025-04-12T11:00:06.000000Z"}, {"uuid": "1b1818b0-bbf2-4ec9-bcd3-4f0a15ba44b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/3WDKzCztn6fhsFP0h502IW0gqJijz_QXvsQbayWM_ehdyuQ", "content": "", "creation_timestamp": "2025-04-14T05:00:07.000000Z"}, {"uuid": "f667ed7c-1992-4d4a-b843-3e3dd887e800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21550", "content": "Tools - Hackers Factory\n\nCross Site Scripting ( XSS ) Vulnerability Payload List \n\nhttps://github.com/payloadbox/xss-payload-list\n\nYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js \n\nhttps://github.com/spaceraccoon/detect-cve-2024-4367\n\nThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. \n\nhttps://github.com/0xInfection/XSRFProbe\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nAutomation for javascript recon in bug bounty. \n\nhttps://github.com/KathanP19/JSFScan.sh\n\nTempMail is a simple web application that allows you to generate temporary email addresses and view the emails received by these addresses. \n\nhttps://github.com/mehmetkahya0/temp-mail \n\nThis Repositories contains list of One Liners with Descriptions and Installation requirements \n\nhttps://github.com/thecybertix/One-Liner-Collections\n\nAutomatic SSRF fuzzer and exploitation tool \n\nhttps://github.com/swisskyrepo/SSRFmap\n\nA tool to fastly get all javascript sources/files \n\nhttps://github.com/003random/getJS\n\nServer-Side Request Forgery in Server Actions \n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\n\nInQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. \n\nhttps://github.com/doyensec/inql\n\n#HackersFactory", "creation_timestamp": "2024-05-25T15:30:30.000000Z"}, {"uuid": "6cba2c54-c30d-44bc-8058-aca7c9d08a3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8264", "content": "Tools - Hackers Factory \n\nBloodHoundAD/BARK: BloodHound Attack Research Kit''\n\nhttps://github.com/BloodHoundAD/BARK\n\nCreate yourself #exp of CVE-2024-4367: PDF.js\n\nhttps://github.com/rzte/pdf-exploit\n\nCVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\n''GitHub - erebe/wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available''\n\nhttps://github.com/erebe/wstunnel\n\nOctoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk''\n\nhttps://github.com/Octoberfest7/MemFiles\n\nelastic/SWAT: Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.''\n\nhttps://github.com/elastic/SWAT\n\npmatula/Windows-Internals-Learning-Resources\n\nhttps://github.com/pmatula/Windows-Internals-Learning-Resources\n\nIntegration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.''\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\n0xEr3bus/RdpStrike: Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.''\n\nhttps://github.com/0xEr3bus/RdpStrike\n\nwh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).''\n\nhttps://github.com/wh0amitz/SharpADWS\n\nsrlabs/Certiception: An ADCS honeypot to catch attackers in your internal network.''\n\nhttps://github.com/srlabs/Certiception\n\nmertdas/SharpIncrease: A Tool that aims to evade av with binary padding''\n\nhttps://github.com/mertdas/SharpIncrease\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-18T08:56:28.000000Z"}, {"uuid": "af98846e-2e02-4e19-88af-da15ec2931cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/3sM3oVD50m3NvoIQWG6DGAEVGmijitmKbRK6SaOWq032uLY", "content": "", "creation_timestamp": "2025-02-17T22:00:06.000000Z"}, {"uuid": "02c94fff-c76b-4544-98c7-d06305af93fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatCommunity/7800", "content": "Tools - Hackers Factory\n\nCross Site Scripting ( XSS ) Vulnerability Payload List \n\nhttps://github.com/payloadbox/xss-payload-list\n\nYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js \n\nhttps://github.com/spaceraccoon/detect-cve-2024-4367\n\nThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. \n\nhttps://github.com/0xInfection/XSRFProbe\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nAutomation for javascript recon in bug bounty. \n\nhttps://github.com/KathanP19/JSFScan.sh\n\nTempMail is a simple web application that allows you to generate temporary email addresses and view the emails received by these addresses. \n\nhttps://github.com/mehmetkahya0/temp-mail \n\nThis Repositories contains list of One Liners with Descriptions and Installation requirements \n\nhttps://github.com/thecybertix/One-Liner-Collections\n\nAutomatic SSRF fuzzer and exploitation tool \n\nhttps://github.com/swisskyrepo/SSRFmap\n\nA tool to fastly get all javascript sources/files \n\nhttps://github.com/003random/getJS\n\nServer-Side Request Forgery in Server Actions \n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\n\nInQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. \n\nhttps://github.com/doyensec/inql\n\n#HackersFactory", "creation_timestamp": "2024-05-25T15:32:53.000000Z"}, {"uuid": "e8a6dfed-ab80-468a-9fc3-21ae6c849d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3440", "content": "Tools - Hackers Factory \n\nBloodHoundAD/BARK: BloodHound Attack Research Kit''\n\nhttps://github.com/BloodHoundAD/BARK\n\nCreate yourself #exp of CVE-2024-4367: PDF.js\n\nhttps://github.com/rzte/pdf-exploit\n\nCVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\n''GitHub - erebe/wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available''\n\nhttps://github.com/erebe/wstunnel\n\nOctoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk''\n\nhttps://github.com/Octoberfest7/MemFiles\n\nelastic/SWAT: Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.''\n\nhttps://github.com/elastic/SWAT\n\npmatula/Windows-Internals-Learning-Resources\n\nhttps://github.com/pmatula/Windows-Internals-Learning-Resources\n\nIntegration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.''\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\n0xEr3bus/RdpStrike: Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.''\n\nhttps://github.com/0xEr3bus/RdpStrike\n\nwh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).''\n\nhttps://github.com/wh0amitz/SharpADWS\n\nsrlabs/Certiception: An ADCS honeypot to catch attackers in your internal network.''\n\nhttps://github.com/srlabs/Certiception\n\nmertdas/SharpIncrease: A Tool that aims to evade av with binary padding''\n\nhttps://github.com/mertdas/SharpIncrease\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-18T08:56:31.000000Z"}, {"uuid": "326139e1-8995-44c7-9c06-aa39ddc5e700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2524", "content": "https://github.com/s4vvysec/CVE-2024-4367-POC\n\nCVE-2024-4367 arbitrary js execution in pdf js\n#github #poc", "creation_timestamp": "2024-05-22T09:08:19.000000Z"}, {"uuid": "a5041dd2-ac54-4869-bb35-61256ebe2cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3248", "content": "Tools - Hackers Factory\n\nCross Site Scripting ( XSS ) Vulnerability Payload List \n\nhttps://github.com/payloadbox/xss-payload-list\n\nYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js \n\nhttps://github.com/spaceraccoon/detect-cve-2024-4367\n\nThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. \n\nhttps://github.com/0xInfection/XSRFProbe\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nAutomation for javascript recon in bug bounty. \n\nhttps://github.com/KathanP19/JSFScan.sh\n\nTempMail is a simple web application that allows you to generate temporary email addresses and view the emails received by these addresses. \n\nhttps://github.com/mehmetkahya0/temp-mail \n\nThis Repositories contains list of One Liners with Descriptions and Installation requirements \n\nhttps://github.com/thecybertix/One-Liner-Collections\n\nAutomatic SSRF fuzzer and exploitation tool \n\nhttps://github.com/swisskyrepo/SSRFmap\n\nA tool to fastly get all javascript sources/files \n\nhttps://github.com/003random/getJS\n\nServer-Side Request Forgery in Server Actions \n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\n\nInQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. \n\nhttps://github.com/doyensec/inql\n\n#HackersFactory", "creation_timestamp": "2024-05-25T15:30:14.000000Z"}, {"uuid": "5adb4a98-f636-42c9-93be-81be7bb6265f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "Telegram/B9nenhStHVu8HlrWPEr5ILddIW-5Ea6-Kyn0KKSaLy-wE28", "content": "", "creation_timestamp": "2024-05-24T19:16:19.000000Z"}, {"uuid": "c4733206-15ab-4d93-b009-cb8bd7cf5588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6965", "content": "Tools - Hackers Factory \n\nBloodHoundAD/BARK: BloodHound Attack Research Kit''\n\nhttps://github.com/BloodHoundAD/BARK\n\nCreate yourself #exp of CVE-2024-4367: PDF.js\n\nhttps://github.com/rzte/pdf-exploit\n\nCVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\n''GitHub - erebe/wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available''\n\nhttps://github.com/erebe/wstunnel\n\nOctoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk''\n\nhttps://github.com/Octoberfest7/MemFiles\n\nelastic/SWAT: Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.''\n\nhttps://github.com/elastic/SWAT\n\npmatula/Windows-Internals-Learning-Resources\n\nhttps://github.com/pmatula/Windows-Internals-Learning-Resources\n\nIntegration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.''\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\n0xEr3bus/RdpStrike: Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.''\n\nhttps://github.com/0xEr3bus/RdpStrike\n\nwh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).''\n\nhttps://github.com/wh0amitz/SharpADWS\n\nsrlabs/Certiception: An ADCS honeypot to catch attackers in your internal network.''\n\nhttps://github.com/srlabs/Certiception\n\nmertdas/SharpIncrease: A Tool that aims to evade av with binary padding''\n\nhttps://github.com/mertdas/SharpIncrease\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-18T08:56:28.000000Z"}, {"uuid": "da5313ec-3b73-4c34-8da1-6cb5fa2ab23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25308", "content": "Tools - Hackers Factory \n\nBloodHoundAD/BARK: BloodHound Attack Research Kit''\n\nhttps://github.com/BloodHoundAD/BARK\n\nCreate yourself #exp of CVE-2024-4367: PDF.js\n\nhttps://github.com/rzte/pdf-exploit\n\nCVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\n''GitHub - erebe/wstunnel: Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available''\n\nhttps://github.com/erebe/wstunnel\n\nOctoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk''\n\nhttps://github.com/Octoberfest7/MemFiles\n\nelastic/SWAT: Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework.''\n\nhttps://github.com/elastic/SWAT\n\npmatula/Windows-Internals-Learning-Resources\n\nhttps://github.com/pmatula/Windows-Internals-Learning-Resources\n\nIntegration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.''\n\nhttps://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet\n\n0xEr3bus/RdpStrike: Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.''\n\nhttps://github.com/0xEr3bus/RdpStrike\n\nwh0amitz/SharpADWS: Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).''\n\nhttps://github.com/wh0amitz/SharpADWS\n\nsrlabs/Certiception: An ADCS honeypot to catch attackers in your internal network.''\n\nhttps://github.com/srlabs/Certiception\n\nmertdas/SharpIncrease: A Tool that aims to evade av with binary padding''\n\nhttps://github.com/mertdas/SharpIncrease\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-18T16:16:32.000000Z"}, {"uuid": "44cd60d8-a6b3-4d95-82b1-b4158a0f0b19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/8720", "content": "CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js \u2014 Codean Labs\n\nhttps://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/", "creation_timestamp": "2024-05-21T02:04:29.000000Z"}, {"uuid": "1b8a93d9-2057-4afa-bc13-401c455ca330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://t.me/proxy_bar/2165", "content": "pdf exploit\n*\n\u0421\u043e\u0437\u0434\u0430\u0442\u044c \u0441\u0432\u043e\u0439\n\n#CVE-2024-4367 #pdf", "creation_timestamp": "2024-07-14T08:20:16.000000Z"}, {"uuid": "c493cd32-45db-42d2-88af-8522de4830f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/7847", "content": "Tools - Hackers Factory\n\nCross Site Scripting ( XSS ) Vulnerability Payload List \n\nhttps://github.com/payloadbox/xss-payload-list\n\nYARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js \n\nhttps://github.com/spaceraccoon/detect-cve-2024-4367\n\nThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. \n\nhttps://github.com/0xInfection/XSRFProbe\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nAutomation for javascript recon in bug bounty. \n\nhttps://github.com/KathanP19/JSFScan.sh\n\nTempMail is a simple web application that allows you to generate temporary email addresses and view the emails received by these addresses. \n\nhttps://github.com/mehmetkahya0/temp-mail \n\nThis Repositories contains list of One Liners with Descriptions and Installation requirements \n\nhttps://github.com/thecybertix/One-Liner-Collections\n\nAutomatic SSRF fuzzer and exploitation tool \n\nhttps://github.com/swisskyrepo/SSRFmap\n\nA tool to fastly get all javascript sources/files \n\nhttps://github.com/003random/getJS\n\nServer-Side Request Forgery in Server Actions \n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\n\nInQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. \n\nhttps://github.com/doyensec/inql\n\n#HackersFactory", "creation_timestamp": "2024-05-25T15:33:16.000000Z"}, {"uuid": "721fee6f-a798-4666-b288-f6f6de03253c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "seen", "source": "https://t.me/true_secator/6347", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043d\u0430\u0447\u043d\u0435\u043c \u0441 \u00ab\u0442\u0440\u0435\u043d\u0434\u043e\u0432\u043e\u0439\u00bb.\n\n1. Trend Micro \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Cloud Edge \u0441 CVSS 9,8/10.\n\nCVE-2024-48904 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u043c\u0430\u043d\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u043b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0435 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435.\n\n2. VMware \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0432\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 vCenter Server, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0435\u0449\u0435 \u0432 \u0438\u044e\u043d\u0435 \u043d\u0430 Matrix Cup 2024 \u0432 \u041a\u041d\u0420.\n\n\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f vCenter, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 17 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430, \u043d\u0435 \u043f\u043e\u043b\u043d\u043e\u0439 \u043c\u0435\u0440\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 CVE-2024-38812 \u0441 CVSS 9,8/10, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u043f\u043e\u0432\u043e\u0434\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b/\u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440 (DCERPC) \u0432 vCenter Server.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a vCenter Server, \u043c\u043e\u0436\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043f\u0430\u043a\u0435\u0442, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u043e\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 VCenter Server \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-38813 (CVSS 7,5/10), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 EoP \u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u043c\u0443\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u043e\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430.\n\n3. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0430\u043d\u0442\u0438\u0447\u0438\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u044b BattlEye \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0430\u043d\u0438\u0442\u044c \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0438\u0433\u0440\u043e\u043a\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0441\u0440\u0430\u0437\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0433\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f PvP-\u0438\u0433\u0440\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a PUBG, Rainbow Six Siege \u0438 Escape from Tarkov.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442\u0430 \u0441\u0435\u0439\u0447\u0430\u0441 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438 \u0438\u0433\u0440 \u043d\u0430\u0434 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u00ab\u043a\u0440\u0438\u0432\u044b\u0445\u00bb \u0431\u0430\u043d\u043e\u0432.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0448\u0438\u0431\u043a\u0430 BattlEye \u0431\u044b\u043b\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Activision \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439\u00a0\u0431\u0430\u0433 \u0432 \u0430\u043d\u0442\u0438\u0447\u0438\u0442\u0435 Call of Duty.\n\n4. Atlassian \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Bitbucket, Confluence \u0438 Jira Service Management.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Bitbucket Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e CVE-2024-21147 \u0432 Java Runtime Environment (JRE), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u0438\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Confluence Data Center \u0438 Server \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0434\u0432\u0435 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0434\u0430\u0442 JavaScript Moment.js, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b \u0432 2022 \u0433\u043e\u0434\u0443.\n\nCVE-2022-24785 \u0438 CVE-2022-31129 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 ReDoS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-4367, \u043e\u0448\u0438\u0431\u043a\u0438 XSS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 HTML \u0438\u043b\u0438 JavaScript \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f CVE-2024-29131, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Apache Commons Configuration, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a DoS.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Jira Service Management Data Center \u0438 Server \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 CVE-2024-7254 - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 Protobuf, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0432\u043b\u0438\u044f\u0442\u044c \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441\u0430.\n\n\u0414\u0430\u043d\u043d\u044b\u0445 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043e, \u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430.", "creation_timestamp": "2024-10-22T18:30:05.000000Z"}, {"uuid": "534e7a11-e529-496b-ac5b-58318c3a2312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10540", "content": "#exploit\n1. CVE-2024-32113:\nApache OFBiz Directory Traversal\nhttps://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit\n]-> https://github.com/Mr-xn/CVE-2024-32113\n\n2. CVE-2024-4367:\nArbitrary JavaScript execution in PDF.js\nhttps://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js\n\n3. CVE-2024-33559:\nWordPress Theme XStore 9.3.8 - SQLi\nhttps://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection", "creation_timestamp": "2024-06-06T05:45:52.000000Z"}, {"uuid": "e1d555e9-f204-401d-962a-c550b3cebd36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4367", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2788", "content": "https://github.com/rzte/pdf-exploit\n\npdf exploit \u96c6\u6210 \uff08CVE-2024-4367\uff09\n#github #exploit #tools", "creation_timestamp": "2024-07-14T18:00:23.000000Z"}]}