{"vulnerability": "CVE-2024-46538", "sightings": [{"uuid": "c446d6fb-3d19-4ff7-9782-97f02f20ad21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-46538", "type": "seen", "source": "", "content": "", "creation_timestamp": "2024-11-05T12:24:03.827273Z"}, {"uuid": "1b7eda2f-dd2e-47e1-b070-a0e9d8c01085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/630", "content": "#exploit\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\nhttps://github.com/tandasat/CVE-2024-21305", "creation_timestamp": "2024-10-25T04:45:13.000000Z"}, {"uuid": "6e925d2a-4c5a-490e-a074-0bc478a31676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8817", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for CVE-2024-46538\nURL\uff1ahttps://github.com/EQSTLab/CVE-2024-46538\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-23T16:22:43.000000Z"}, {"uuid": "4ffba1b5-3c70-445a-b86f-9d8f17c5a366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "seen", "source": "https://t.me/cvedetector/8638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46538 - Pfsense XSS Permit\", \n  \"Content\": \"CVE ID : CVE-2024-46538 \nPublished : Oct. 22, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T20:28:40.000000Z"}, {"uuid": "4a7251b4-f1f5-47e3-a30c-f9aec28d4ba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "seen", "source": "Telegram/tU5p0bmXLikUG-iGebO8QMPEYdKoIsGSWKogBTjvVQ1ilA", "content": "", "creation_timestamp": "2024-11-04T19:03:25.000000Z"}, {"uuid": "b91ad4dd-3067-48c0-a7d4-116188746783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/6134", "content": "\ud83d\udea8PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538", "creation_timestamp": "2024-10-30T17:28:32.000000Z"}, {"uuid": "704c2f56-edd5-442b-b36e-f5ea1f570591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/610", "content": "https://github.com/EQSTLab/CVE-2024-46538\n\nPoC for CVE-2024-46538\n#github #exploit", "creation_timestamp": "2024-10-23T19:29:44.000000Z"}, {"uuid": "eb81cf1a-a1b4-4d33-a2ae-7ed60dc4c771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1195", "content": "Tools - Hackers Factory \n\nFrida Script Runner v1.3 is a versatile web-based tool designed for Android and iOS penetration testing purposes.\n\nhttps://github.com/z3n70/Frida-Script-Runner\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nEMBA v1.5.0 - SBOMdorado\n\nhttps://github.com/e-m-b-a/emba/releases/tag/v1.5.0-SBOMdorado\n\nCSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT)\n\nhttps://github.com/doyensec/CSPTPlayground\n\nCVE_2024_26926_Analysis.pdf\n\nhttps://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf\n\nDeobfuscate obfuscator.io, unminify and unpack bundled javascript\n\nhttps://github.com/j4k0xb/webcrack\n\nFree, open-source no-code web data extraction platform. Build custom robots to automate data scraping\n\nhttps://github.com/getmaxun/maxun\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-09T03:34:05.000000Z"}, {"uuid": "b1c63213-92f8-4601-a216-217521b883fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1134", "content": "Tools - Hackers Factory \n\nLTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper \n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\nA POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : \n\nhttps://github.com/ading2210/CVE-2024-6778-POC\n\nRecoverPy : Recover overwritten or deleted data : \n\nhttps://github.com/PabloLec/RecoverPy\n\nProjects for security students\n\nhttps://github.com/kurogai/100-redteam-projects\n\nIn-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.\n\nhttps://github.com/The-Osint-Toolbox/Telegram-OSINT\n\nGet Active Directory ports with PowerShell\n\nhttps://4sysops.com/archives/get-active-directory-ports-with-powershell/\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nBeginners intro to Linux kernel exploitation (CTF challenge)\n\nhttps://gum3t.xyz/posts/a-gau-hack-from-euskalhack/\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-01T04:23:04.000000Z"}, {"uuid": "e8013d95-3c08-4cd9-b22d-9c461cd38447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1130", "content": "PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n#CyberDilara", "creation_timestamp": "2024-10-31T10:46:57.000000Z"}, {"uuid": "f0b2d0ef-6e52-4518-b11f-f8ac1da33445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1119", "content": "Exploit\n\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\n\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\n\nhttps://github.com/tandasat/CVE-2024-21305\n\n#CyberDilara", "creation_timestamp": "2024-10-28T04:16:04.000000Z"}, {"uuid": "7fcc95ff-e5a6-427c-af9a-0c3eb26fc3e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8992", "content": "Tools - Hackers Factory \n\nFrida Script Runner v1.3 is a versatile web-based tool designed for Android and iOS penetration testing purposes.\n\nhttps://github.com/z3n70/Frida-Script-Runner\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nEMBA v1.5.0 - SBOMdorado\n\nhttps://github.com/e-m-b-a/emba/releases/tag/v1.5.0-SBOMdorado\n\nCSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT)\n\nhttps://github.com/doyensec/CSPTPlayground\n\nCVE_2024_26926_Analysis.pdf\n\nhttps://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf\n\nDeobfuscate obfuscator.io, unminify and unpack bundled javascript\n\nhttps://github.com/j4k0xb/webcrack\n\nFree, open-source no-code web data extraction platform. Build custom robots to automate data scraping\n\nhttps://github.com/getmaxun/maxun\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-09T04:45:10.000000Z"}, {"uuid": "c4b4a6fe-7837-4519-9c6c-c8594b5e4cca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8928", "content": "Exploit\n\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\n\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\n\nhttps://github.com/tandasat/CVE-2024-21305\n\n#CyberDilara", "creation_timestamp": "2024-10-28T04:16:24.000000Z"}, {"uuid": "8f8ecc60-5602-4892-9db9-8ecbbaaa16fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8943", "content": "Tools - Hackers Factory \n\nLTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper \n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\nA POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : \n\nhttps://github.com/ading2210/CVE-2024-6778-POC\n\nRecoverPy : Recover overwritten or deleted data : \n\nhttps://github.com/PabloLec/RecoverPy\n\nProjects for security students\n\nhttps://github.com/kurogai/100-redteam-projects\n\nIn-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.\n\nhttps://github.com/The-Osint-Toolbox/Telegram-OSINT\n\nGet Active Directory ports with PowerShell\n\nhttps://4sysops.com/archives/get-active-directory-ports-with-powershell/\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nBeginners intro to Linux kernel exploitation (CTF challenge)\n\nhttps://gum3t.xyz/posts/a-gau-hack-from-euskalhack/\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-01T04:43:04.000000Z"}, {"uuid": "f1da19a8-d333-496d-9f87-6261a4f0d741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8939", "content": "PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n#CyberDilara", "creation_timestamp": "2024-10-31T12:33:38.000000Z"}, {"uuid": "48209d64-1bf2-49ff-abef-97efce84f0d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3888", "content": "Tools - Hackers Factory \n\nFrida Script Runner v1.3 is a versatile web-based tool designed for Android and iOS penetration testing purposes.\n\nhttps://github.com/z3n70/Frida-Script-Runner\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nEMBA v1.5.0 - SBOMdorado\n\nhttps://github.com/e-m-b-a/emba/releases/tag/v1.5.0-SBOMdorado\n\nCSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT)\n\nhttps://github.com/doyensec/CSPTPlayground\n\nCVE_2024_26926_Analysis.pdf\n\nhttps://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf\n\nDeobfuscate obfuscator.io, unminify and unpack bundled javascript\n\nhttps://github.com/j4k0xb/webcrack\n\nFree, open-source no-code web data extraction platform. Build custom robots to automate data scraping\n\nhttps://github.com/getmaxun/maxun\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-09T03:35:05.000000Z"}, {"uuid": "1f0d1b6d-5da3-4444-98db-a8ff32b88874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24315", "content": "Tools - Hackers Factory \n\nFrida Script Runner v1.3 is a versatile web-based tool designed for Android and iOS penetration testing purposes.\n\nhttps://github.com/z3n70/Frida-Script-Runner\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nEMBA v1.5.0 - SBOMdorado\n\nhttps://github.com/e-m-b-a/emba/releases/tag/v1.5.0-SBOMdorado\n\nCSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT)\n\nhttps://github.com/doyensec/CSPTPlayground\n\nCVE_2024_26926_Analysis.pdf\n\nhttps://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf\n\nDeobfuscate obfuscator.io, unminify and unpack bundled javascript\n\nhttps://github.com/j4k0xb/webcrack\n\nFree, open-source no-code web data extraction platform. Build custom robots to automate data scraping\n\nhttps://github.com/getmaxun/maxun\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-09T04:45:16.000000Z"}, {"uuid": "dd841fb9-e926-44a7-8943-050d33194154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24248", "content": "Tools - Hackers Factory \n\nLTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper \n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\nA POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : \n\nhttps://github.com/ading2210/CVE-2024-6778-POC\n\nRecoverPy : Recover overwritten or deleted data : \n\nhttps://github.com/PabloLec/RecoverPy\n\nProjects for security students\n\nhttps://github.com/kurogai/100-redteam-projects\n\nIn-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.\n\nhttps://github.com/The-Osint-Toolbox/Telegram-OSINT\n\nGet Active Directory ports with PowerShell\n\nhttps://4sysops.com/archives/get-active-directory-ports-with-powershell/\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nBeginners intro to Linux kernel exploitation (CTF challenge)\n\nhttps://gum3t.xyz/posts/a-gau-hack-from-euskalhack/\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-01T04:43:11.000000Z"}, {"uuid": "c29fff91-e3c1-4a52-8fed-a3f5124e1f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24238", "content": "PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n#CyberDilara", "creation_timestamp": "2024-10-31T12:33:48.000000Z"}, {"uuid": "fda935c2-9e55-437d-a65a-3834b7fa43f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24219", "content": "Exploit\n\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\n\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\n\nhttps://github.com/tandasat/CVE-2024-21305\n\n#CyberDilara", "creation_timestamp": "2024-10-29T12:21:04.000000Z"}, {"uuid": "97104d46-f202-459a-8662-a1ac60f5923b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3840", "content": "Tools - Hackers Factory \n\nLTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper \n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\nA POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : \n\nhttps://github.com/ading2210/CVE-2024-6778-POC\n\nRecoverPy : Recover overwritten or deleted data : \n\nhttps://github.com/PabloLec/RecoverPy\n\nProjects for security students\n\nhttps://github.com/kurogai/100-redteam-projects\n\nIn-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.\n\nhttps://github.com/The-Osint-Toolbox/Telegram-OSINT\n\nGet Active Directory ports with PowerShell\n\nhttps://4sysops.com/archives/get-active-directory-ports-with-powershell/\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nBeginners intro to Linux kernel exploitation (CTF challenge)\n\nhttps://gum3t.xyz/posts/a-gau-hack-from-euskalhack/\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-01T05:23:04.000000Z"}, {"uuid": "4c88e9ce-04e1-4cf2-b3d7-86225ccafb2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3837", "content": "PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n#CyberDilara", "creation_timestamp": "2024-10-31T12:33:29.000000Z"}, {"uuid": "5ef1e288-4cc6-44a5-85ac-cec8e37cb24d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3827", "content": "Exploit\n\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\n\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\n\nhttps://github.com/tandasat/CVE-2024-21305\n\n#CyberDilara", "creation_timestamp": "2024-10-29T04:16:04.000000Z"}, {"uuid": "756998a0-5372-46e5-aab4-722f453753ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2323", "content": "CVE-2024-46538\n*\nPfSense Stored XSS lead to RCE\n*\nPOC exploit", "creation_timestamp": "2024-10-23T17:44:48.000000Z"}, {"uuid": "5a5c572d-b626-4634-8076-841bf8558d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7617", "content": "Tools - Hackers Factory \n\nFrida Script Runner v1.3 is a versatile web-based tool designed for Android and iOS penetration testing purposes.\n\nhttps://github.com/z3n70/Frida-Script-Runner\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nEMBA v1.5.0 - SBOMdorado\n\nhttps://github.com/e-m-b-a/emba/releases/tag/v1.5.0-SBOMdorado\n\nCSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT)\n\nhttps://github.com/doyensec/CSPTPlayground\n\nCVE_2024_26926_Analysis.pdf\n\nhttps://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf\n\nDeobfuscate obfuscator.io, unminify and unpack bundled javascript\n\nhttps://github.com/j4k0xb/webcrack\n\nFree, open-source no-code web data extraction platform. Build custom robots to automate data scraping\n\nhttps://github.com/getmaxun/maxun\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-09T04:45:10.000000Z"}, {"uuid": "a0f71abc-a503-4ece-95b5-caa8fb0f40ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7565", "content": "PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n#CyberDilara", "creation_timestamp": "2024-10-31T12:33:38.000000Z"}, {"uuid": "d518c8f9-8b78-4cde-81f3-06b1fa46662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7554", "content": "Exploit\n\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\n\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\n\nhttps://github.com/tandasat/CVE-2024-21305\n\n#CyberDilara", "creation_timestamp": "2024-10-28T04:16:24.000000Z"}, {"uuid": "553e79fa-9d95-4239-a3c1-9dcd777b0dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7569", "content": "Tools - Hackers Factory \n\nLTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper \n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\nA POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : \n\nhttps://github.com/ading2210/CVE-2024-6778-POC\n\nRecoverPy : Recover overwritten or deleted data : \n\nhttps://github.com/PabloLec/RecoverPy\n\nProjects for security students\n\nhttps://github.com/kurogai/100-redteam-projects\n\nIn-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.\n\nhttps://github.com/The-Osint-Toolbox/Telegram-OSINT\n\nGet Active Directory ports with PowerShell\n\nhttps://4sysops.com/archives/get-active-directory-ports-with-powershell/\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nBeginners intro to Linux kernel exploitation (CTF challenge)\n\nhttps://gum3t.xyz/posts/a-gau-hack-from-euskalhack/\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-01T04:43:04.000000Z"}, {"uuid": "ab50f28f-0729-4e84-8a1d-b680ccac6da6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/597", "content": "PoC for CVE-2024-46538 PfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n#CyberDilara", "creation_timestamp": "2024-10-31T12:33:50.000000Z"}, {"uuid": "e672f12c-8742-4922-a1f8-98207d552427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3354", "content": "https://github.com/EQSTLab/CVE-2024-46538\n\nPoC for CVE-2024-46538\n#github #exploit", "creation_timestamp": "2024-10-23T17:46:21.000000Z"}, {"uuid": "28ca37a7-a898-4833-8b12-f76bed78c811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/5389", "content": "#exploit\n1. CVE-2024-46538:\nPfSense Stored XSS\nhttps://github.com/LauLeysen/CVE-2024-46538\n\n2. CVE-2024-35286/41713:\nMitel MiCollab SQLI / Path Traversal\nhttps://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day\n\n3. CVE-2023-6200:\nLinux Kernel ICMPv6 Race Condtion\nhttps://u1f383.github.io/linux/2024/12/04/linux-kernel-icmpv6-and-cve-2023-6200.html", "creation_timestamp": "2024-12-06T10:12:49.000000Z"}, {"uuid": "64ae2f77-220f-4720-a9a6-abbb9fb69257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11333", "content": "#exploit\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\nhttps://github.com/tandasat/CVE-2024-21305", "creation_timestamp": "2024-10-24T23:42:45.000000Z"}, {"uuid": "082ff62f-7043-41a2-bb37-c0dbaec4505e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11522", "content": "#exploit\n1. CVE-2024-46538:\nPfSense Stored XSS\nhttps://github.com/LauLeysen/CVE-2024-46538\n\n2. CVE-2024-35286/41713:\nMitel MiCollab SQLI / Path Traversal\nhttps://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day\n\n3. CVE-2023-6200:\nLinux Kernel ICMPv6 Race Condtion\nhttps://u1f383.github.io/linux/2024/12/04/linux-kernel-icmpv6-and-cve-2023-6200.html", "creation_timestamp": "2024-12-06T11:00:37.000000Z"}, {"uuid": "0a0faedf-da4b-4bc6-be07-7ea65e062aac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/587", "content": "Exploit\n\n1. CVE-2024-46538:\nPfSense Stored XSS lead to RCE\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\n2. CVE-2024-8353:\nGiveWP PHP Object Injection\n\nhttps://github.com/EQSTLab/CVE-2024-8353\n\n3. CVE-2024-21305:\nHypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability\n\nhttps://github.com/tandasat/CVE-2024-21305\n\n#CyberDilara", "creation_timestamp": "2024-10-29T12:21:04.000000Z"}, {"uuid": "87cf2f88-b9c9-42d8-a04b-b80e8395ab85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/651", "content": "Tools - Hackers Factory \n\nFrida Script Runner v1.3 is a versatile web-based tool designed for Android and iOS penetration testing purposes.\n\nhttps://github.com/z3n70/Frida-Script-Runner\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nEMBA v1.5.0 - SBOMdorado\n\nhttps://github.com/e-m-b-a/emba/releases/tag/v1.5.0-SBOMdorado\n\nCSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT)\n\nhttps://github.com/doyensec/CSPTPlayground\n\nCVE_2024_26926_Analysis.pdf\n\nhttps://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf\n\nDeobfuscate obfuscator.io, unminify and unpack bundled javascript\n\nhttps://github.com/j4k0xb/webcrack\n\nFree, open-source no-code web data extraction platform. Build custom robots to automate data scraping\n\nhttps://github.com/getmaxun/maxun\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-09T04:45:17.000000Z"}, {"uuid": "2a8043bd-3f0a-415a-90df-6d2108fbf170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/601", "content": "Tools - Hackers Factory \n\nLTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper \n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\nA POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : \n\nhttps://github.com/ading2210/CVE-2024-6778-POC\n\nRecoverPy : Recover overwritten or deleted data : \n\nhttps://github.com/PabloLec/RecoverPy\n\nProjects for security students\n\nhttps://github.com/kurogai/100-redteam-projects\n\nIn-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.\n\nhttps://github.com/The-Osint-Toolbox/Telegram-OSINT\n\nGet Active Directory ports with PowerShell\n\nhttps://4sysops.com/archives/get-active-directory-ports-with-powershell/\n\nProof-of-Concept for CVE-2024-46538\n\nhttps://github.com/EQSTLab/CVE-2024-46538\n\nBeginners intro to Linux kernel exploitation (CTF challenge)\n\nhttps://gum3t.xyz/posts/a-gau-hack-from-euskalhack/\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-11-01T04:43:11.000000Z"}, {"uuid": "dee09495-f694-4104-93f1-03d12b4835b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46538", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/132", "content": "https://github.com/LauLeysen/CVE-2024-46538\n\nCVE-2024-46538 : PfSense Stored XSS Vulnerability\n#github #exploit #xss", "creation_timestamp": "2024-12-21T15:55:06.000000Z"}]}