{"vulnerability": "CVE-2024-56249", "sightings": [{"uuid": "169e076d-58da-4b26-9b45-5f2d9fe99156", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2t523ks25", "content": "", "creation_timestamp": "2025-01-02T12:21:05.346623Z"}, {"uuid": "7dd8a500-f9e8-4d92-90af-fa52542d9d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ler3zoz32i2u", "content": "", "creation_timestamp": "2025-01-02T12:42:40.915318Z"}, {"uuid": "41a5a401-df89-4d14-b92b-24ec8597e818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113760627192794580", "content": "", "creation_timestamp": "2025-01-02T20:23:34.364881Z"}, {"uuid": "ec27f8c1-1c0b-4ced-82f4-20d97d58a4a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "seen", "source": "https://t.me/cvedetector/14136", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56249 - Webdeclic WPMasterToolKit Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-56249 \nPublished : Jan. 2, 2025, 12:15 p.m. | 36\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through 1.13.1. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T14:15:19.000000Z"}, {"uuid": "b81355c3-885f-4902-8a56-f35056c91ae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/201", "content": "\ud83d\udd27 CVE Exploitation Tools (2024\u20132025)\n\n1. CVE-2024-25600 \u2013 WordPress Bricks Builder RCE\n\n2. CVE-2024-24919 \u2013 Check Point Security Gateway RCE\n\n3. CVE-2024-29025 \u2013 Netty HttpPostRequestDecoder DoS\n\n4. CVE-2024-21525 \u2013 node-twain Buffer Overflow\n\n5. CVE-2024-3094 \u2013 XZ Backdoor Detector\n\n6. CVE-2024-21515 \u2013 OpenCart Reflected XSS\n\n7. CVE-2024-21552 \u2013 SuperAGI Arbitrary Code Execution\n\n8. CVE-2024-56249 \u2013 WordPress WPMasterToolKit Arbitrary File Upload\n\n9. CVE-2024-24919 \u2013 Check Point VPN Exploit\n\n10. CVE-2024-24919 \u2013 Python Exploit Script\n\nPython script to exploit CVE-2024-24919 vulnerability.\n\nGitHub: LucasKatashi/CVE-2024-24919\n\n11. CVE-2024-24919 \u2013 Exploit PoC\n\nProof-of-Concept for exploiting CVE-2024-24919.\n\nGitHub: seed1337/CVE-2024-24919-POC\n\n12. CVE-2024-24919 \u2013 Check Point Remote Access VPN Exploit\n\nScripts to exploit CVE-2024-24919 in Check Point VPNs.\n\nGitHub: Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN\n\n13. CVE-2024-25600 \u2013 Alternate Exploit Script\n\nAnother implementation to exploit Bricks Builder RCE.\n\nGitHub: meli0dasH4ck3r/cve-2024-25600\n\n14. CVE-2024-25600 \u2013 Exploit Script\n\nPython script to exploit Bricks Builder RCE vulnerability.\n\nGitHub: K3ysTr0K3R/CVE-2024-25600-EXPLOIT \n\n\n\ud83d\udd27 CVE Exploitation Tools & Frameworks\n\n1. trickest/cve\n\n\ud83d\udd17 https://github.com/trickest/cve\n\n2. PayloadsAllTheThings \u2013 CVE Exploits\n\n\ud83d\udd17 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits/README.md\n\n3. qazbnm456/awesome-cve-poc\n\n\ud83d\udd17 https://github.com/qazbnm456/awesome-cve-poc\n\n4. intel/cve-bin-tool\n\n\ud83d\udd17 https://github.com/intel/cve-bin-tool\n\n5. cve-search/cve-search\nN\n\n\ud83d\udd17 https://github.com/cve-search/cve-search\n\n6. vertoforce/CVE-Enrichment\n\n\ud83d\udd17 https://github.com/vertoforce/CVE-Enrichment\n\n7. TURROKS/CVE_Prioritizer\n\n\ud83d\udd17 https://github.com/TURROKS/CVE_Prioritizer\n\n8. clearlinux/cve-check-tool\n\n\ud83d\udd17 https://github.com/clearlinux/cve-check-tool\n\n9. cddmp/cvecheck\n\n\ud83d\udd17 https://github.com/cddmp/cvecheck\n\n10. center-for-threat-informed-defense/attack_to_cve\n\nMaps MITRE ATT&CK techniques to CVEs to characterize vulnerability impacts.\n\n\ud83d\udd17 https://github.com/center-for-threat-informed-defense/attack_to_cve\n\n\n\ud83e\uddea Specific CVE Exploit Tools\n\n11. CVE-2024-25600 Exploit Tool\n\nDesigned to exploit a vulnerability in the Bricks Builder plugin for WordPress.\n\n\ud83d\udd17 https://github.com/Chocapikk/CVE-2024-25600\n\n12. RevoltSecurities/CVE-2024-24919\n\nTool to detect and exploit CVE-2024-24919 vulnerability.\n\n\ud83d\udd17 https://github.com/RevoltSecurities/CVE-2024-24919\n\n13. ROCA Detection Tool\n\nDetects RSA keys vulnerable to the ROCA vulnerability (CVE-2017-15361).\n\n\ud83d\udd17 https://github.com/crocs-muni/roca\n\n\ud83d\udee0\ufe0f Additional Tools & Resources\n\n14. Goby\n\nA network security assessment tool that can scan for vulnerabilities and map attack surfaces.\n\n\ud83d\udd17 https://github.com/gobysec/Goby\n\n15. awesome-pentestu\n\nA curated list of penetration testing resources, including tools for CVE exploitation.\n\n\ud83d\udd17 https://github.com/enaqx/awesome-pentest\n\n16. awesome-bugbounty-tools\n\nA collection of tools useful for bug bounty hunting, some of which relate to CVE exploitation.\n\n\ud83d\udd17 https://github.com/vavkamil/awesome-bugbounty-tools\n\n17. cyberguideme/Tools\n\nA repository of various cybersecurity tools, including those for exploiting known vulnerabilities.\n\n\ud83d\udd17 https://github.com/cyberguideme/Tools\n\n\n#GrayHats", "creation_timestamp": "2025-04-18T19:33:22.000000Z"}, {"uuid": "143ca14c-7196-4ac8-a3fe-46dfca31b007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "published-proof-of-concept", "source": "Telegram/I7jR8-nuB9vORcoqYQEKVbRbgCypJUG-yRbHBYfDVMuFag4", "content": "", "creation_timestamp": "2025-03-18T16:00:16.000000Z"}, {"uuid": "25142e1a-7af7-4078-b212-637b5197b8c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "published-proof-of-concept", "source": "Telegram/zR3G7SfYkfnK69UNOpyls_8VYWA0vIOvRqvJArx2ZbPMEdo", "content": "", "creation_timestamp": "2025-03-18T10:00:06.000000Z"}, {"uuid": "65006031-f022-4573-a159-76b961bf5689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56249", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/28351", "content": "\ud83d\udd27 CVE Exploitation Tools (2024\u20132025)\n\n1. CVE-2024-25600 \u2013 WordPress Bricks Builder RCE\n\n2. CVE-2024-24919 \u2013 Check Point Security Gateway RCE\n\n3. CVE-2024-29025 \u2013 Netty HttpPostRequestDecoder DoS\n\n4. CVE-2024-21525 \u2013 node-twain Buffer Overflow\n\n5. CVE-2024-3094 \u2013 XZ Backdoor Detector\n\n6. CVE-2024-21515 \u2013 OpenCart Reflected XSS\n\n7. CVE-2024-21552 \u2013 SuperAGI Arbitrary Code Execution\n\n8. CVE-2024-56249 \u2013 WordPress WPMasterToolKit Arbitrary File Upload\n\n9. CVE-2024-24919 \u2013 Check Point VPN Exploit\n\n10. CVE-2024-24919 \u2013 Python Exploit Script\n\nPython script to exploit CVE-2024-24919 vulnerability.\n\nGitHub: LucasKatashi/CVE-2024-24919\n\n11. CVE-2024-24919 \u2013 Exploit PoC\n\nProof-of-Concept for exploiting CVE-2024-24919.\n\nGitHub: seed1337/CVE-2024-24919-POC\n\n12. CVE-2024-24919 \u2013 Check Point Remote Access VPN Exploit\n\nScripts to exploit CVE-2024-24919 in Check Point VPNs.\n\nGitHub: Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN\n\n13. CVE-2024-25600 \u2013 Alternate Exploit Script\n\nAnother implementation to exploit Bricks Builder RCE.\n\nGitHub: meli0dasH4ck3r/cve-2024-25600\n\n14. CVE-2024-25600 \u2013 Exploit Script\n\nPython script to exploit Bricks Builder RCE vulnerability.\n\nGitHub: K3ysTr0K3R/CVE-2024-25600-EXPLOIT \n\n\n\ud83d\udd27 CVE Exploitation Tools & Frameworks\n\n1. trickest/cve\n\n\ud83d\udd17 https://github.com/trickest/cve\n\n2. PayloadsAllTheThings \u2013 CVE Exploits\n\n\ud83d\udd17 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits/README.md\n\n3. qazbnm456/awesome-cve-poc\n\n\ud83d\udd17 https://github.com/qazbnm456/awesome-cve-poc\n\n4. intel/cve-bin-tool\n\n\ud83d\udd17 https://github.com/intel/cve-bin-tool\n\n5. cve-search/cve-search\nN\n\n\ud83d\udd17 https://github.com/cve-search/cve-search\n\n6. vertoforce/CVE-Enrichment\n\n\ud83d\udd17 https://github.com/vertoforce/CVE-Enrichment\n\n7. TURROKS/CVE_Prioritizer\n\n\ud83d\udd17 https://github.com/TURROKS/CVE_Prioritizer\n\n8. clearlinux/cve-check-tool\n\n\ud83d\udd17 https://github.com/clearlinux/cve-check-tool\n\n9. cddmp/cvecheck\n\n\ud83d\udd17 https://github.com/cddmp/cvecheck\n\n10. center-for-threat-informed-defense/attack_to_cve\n\nMaps MITRE ATT&CK techniques to CVEs to characterize vulnerability impacts.\n\n\ud83d\udd17 https://github.com/center-for-threat-informed-defense/attack_to_cve\n\n\n\ud83e\uddea Specific CVE Exploit Tools\n\n11. CVE-2024-25600 Exploit Tool\n\nDesigned to exploit a vulnerability in the Bricks Builder plugin for WordPress.\n\n\ud83d\udd17 https://github.com/Chocapikk/CVE-2024-25600\n\n12. RevoltSecurities/CVE-2024-24919\n\nTool to detect and exploit CVE-2024-24919 vulnerability.\n\n\ud83d\udd17 https://github.com/RevoltSecurities/CVE-2024-24919\n\n13. ROCA Detection Tool\n\nDetects RSA keys vulnerable to the ROCA vulnerability (CVE-2017-15361).\n\n\ud83d\udd17 https://github.com/crocs-muni/roca\n\n\ud83d\udee0\ufe0f Additional Tools & Resources\n\n14. Goby\n\nA network security assessment tool that can scan for vulnerabilities and map attack surfaces.\n\n\ud83d\udd17 https://github.com/gobysec/Goby\n\n15. awesome-pentestu\n\nA curated list of penetration testing resources, including tools for CVE exploitation.\n\n\ud83d\udd17 https://github.com/enaqx/awesome-pentest\n\n16. awesome-bugbounty-tools\n\nA collection of tools useful for bug bounty hunting, some of which relate to CVE exploitation.\n\n\ud83d\udd17 https://github.com/vavkamil/awesome-bugbounty-tools\n\n17. cyberguideme/Tools\n\nA repository of various cybersecurity tools, including those for exploiting known vulnerabilities.\n\n\ud83d\udd17 https://github.com/cyberguideme/Tools\n\n\n#GrayHats", "creation_timestamp": "2025-04-18T21:33:21.000000Z"}]}