Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 20:50:20 +0000 01a09d10-7e0c-477c-8ca2-4dbc3264711d https://vulnerability.circl.lu/sighting/01a09d10-7e0c-477c-8ca2-4dbc3264711d/export {"uuid": "01a09d10-7e0c-477c-8ca2-4dbc3264711d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8173", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is a small proof of concept for CVE-2024-41958\nURL\uff1ahttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-05T19:13:47.000000Z"} {"uuid": "01a09d10-7e0c-477c-8ca2-4dbc3264711d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8173", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is a small proof of concept for CVE-2024-41958\nURL\uff1ahttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-05T19:13:47.000000Z"} https://vulnerability.circl.lu/sighting/01a09d10-7e0c-477c-8ca2-4dbc3264711d/export Mon, 05 Aug 2024 19:13:47 +0000 0f5695f6-1118-47b5-bfb0-a2076ec4e4a5 https://vulnerability.circl.lu/sighting/0f5695f6-1118-47b5-bfb0-a2076ec4e4a5/export {"uuid": "0f5695f6-1118-47b5-bfb0-a2076ec4e4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "seen", "source": "https://t.me/cvedetector/2489", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-41958 - mailcow: dockerized Two-Factor Authentication Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-41958 \nPublished : Aug. 5, 2024, 8:15 p.m. | 38\u00a0minutes ago \nDescription : mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By leveraging these credentials, the attacker can circumvent the 2FA process and gain access to the protected account. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-05T23:06:43.000000Z"} {"uuid": "0f5695f6-1118-47b5-bfb0-a2076ec4e4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "seen", "source": "https://t.me/cvedetector/2489", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-41958 - mailcow: dockerized Two-Factor Authentication Bypass Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-41958 \nPublished : Aug. 5, 2024, 8:15 p.m. | 38\u00a0minutes ago \nDescription : mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwise secured with 2FA. To exploit this vulnerability, the attacker must first have access to an account within the system and possess the credentials of the target account that has 2FA enabled. By leveraging these credentials, the attacker can circumvent the 2FA process and gain access to the protected account. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-05T23:06:43.000000Z"} https://vulnerability.circl.lu/sighting/0f5695f6-1118-47b5-bfb0-a2076ec4e4a5/export Mon, 05 Aug 2024 23:06:43 +0000 9a6020f6-8e31-4e8c-bcd9-a125c898a402 https://vulnerability.circl.lu/sighting/9a6020f6-8e31-4e8c-bcd9-a125c898a402/export {"uuid": "9a6020f6-8e31-4e8c-bcd9-a125c898a402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2144", "content": "\ud83d\udea8PoC Released for CVE-2024-41958\n\nhttps://darkwebinformer.com/poc-released-for-cve-2024-41958/\n\nLink: https://github.com/OrangeJuiceHU/CVE-2024-41958-PoC\n\n\"This is a small proof of concept for CVE-2024-41958.\n\nIt is possible to bypass the TFA authentication on the admin panel.\n\nAffected versions: < 2024-07\n\nPrerequisites needed for the CVE to function:\n\nPassword and username for an account without TFA.\nPassword and username for an account which has TFA enabled.\nMailcow version below 2024-07.\nHow to use the poc:\n\nInstall the dependency\npip install -r requirements.txt\nFill in the necessary informations in the sript\nURL\nPassword and username for the user who does not have TFA enabled\nPassword and username for the user who has TFA enabled\nRun the script\npython poc.py\nThe output if the script works fine:\n\nPoC works!\n\nPHPSESSID=6cd6779a5e499a0e7708aed3aae9d3a4\n\nCopy the PHPSESSID and set the cookie in your browser\nRefresh the page\n\nYou are now logged in as the user with TFA enabled\"", "creation_timestamp": "2024-08-06T15:30:55.000000Z"} {"uuid": "9a6020f6-8e31-4e8c-bcd9-a125c898a402", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2144", "content": "\ud83d\udea8PoC Released for CVE-2024-41958\n\nhttps://darkwebinformer.com/poc-released-for-cve-2024-41958/\n\nLink: https://github.com/OrangeJuiceHU/CVE-2024-41958-PoC\n\n\"This is a small proof of concept for CVE-2024-41958.\n\nIt is possible to bypass the TFA authentication on the admin panel.\n\nAffected versions: < 2024-07\n\nPrerequisites needed for the CVE to function:\n\nPassword and username for an account without TFA.\nPassword and username for an account which has TFA enabled.\nMailcow version below 2024-07.\nHow to use the poc:\n\nInstall the dependency\npip install -r requirements.txt\nFill in the necessary informations in the sript\nURL\nPassword and username for the user who does not have TFA enabled\nPassword and username for the user who has TFA enabled\nRun the script\npython poc.py\nThe output if the script works fine:\n\nPoC works!\n\nPHPSESSID=6cd6779a5e499a0e7708aed3aae9d3a4\n\nCopy the PHPSESSID and set the cookie in your browser\nRefresh the page\n\nYou are now logged in as the user with TFA enabled\"", "creation_timestamp": "2024-08-06T15:30:55.000000Z"} https://vulnerability.circl.lu/sighting/9a6020f6-8e31-4e8c-bcd9-a125c898a402/export Tue, 06 Aug 2024 15:30:55 +0000 84d0802d-c7b7-4362-9fe8-1f483b4c1ef9 https://vulnerability.circl.lu/sighting/84d0802d-c7b7-4362-9fe8-1f483b4c1ef9/export {"uuid": "84d0802d-c7b7-4362-9fe8-1f483b4c1ef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6067", "content": "\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Mailcow \u0438 Roundcube \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u0430\u0443\u0434\u0438\u0442\u043e\u0440\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041c\u044d\u0440 \u041f\u0430\u0442\u0440\u0438\u043a \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b PoC \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Mailcow, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2024-41958 \u0438 \u0438\u043c\u0435\u044e\u0449\u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 6.6.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041e\u043d \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 2FA, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u044f\u043c, \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c 2FA.\n\n\u0427\u0442\u043e\u0431\u044b \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043e\u0431\u043b\u0430\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 2FA.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 2024-07. \u0412\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435. \u0418\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u0442.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sonarsource \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0434\u0432\u0435 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-42009 \u0438 CVE-2024-42008 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Roundcube.\n\n\u041e\u043d\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 JavaScript \u0432\u043d\u0443\u0442\u0440\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430 Roundcube.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-42009 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u043a\u0440\u043e\u043c\u0435 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2024-42008 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u0449\u0435\u043b\u0447\u043a\u0430 \u043c\u044b\u0448\u0438 \u0436\u0435\u0440\u0442\u0432\u044b, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0435\u043e\u0447\u0435\u0432\u0438\u0434\u043d\u044b\u043c \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0410\u0442\u0430\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0438 \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0441 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Roundcube \u0441\u043b\u0435\u0434\u0443\u0435\u0442\u00a0\u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 1.6.8 \u0438\u043b\u0438 1.5.8.", "creation_timestamp": "2024-08-07T15:40:04.000000Z"} {"uuid": "84d0802d-c7b7-4362-9fe8-1f483b4c1ef9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6067", "content": "\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Mailcow \u0438 Roundcube \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u0440\u0430\u0442\u0438\u0442 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0442\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u0430\u0443\u0434\u0438\u0442\u043e\u0440\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041c\u044d\u0440 \u041f\u0430\u0442\u0440\u0438\u043a \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b PoC \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Mailcow, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2024-41958 \u0438 \u0438\u043c\u0435\u044e\u0449\u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 6.6.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041e\u043d \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u0443 2FA, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u044f\u043c, \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c 2FA.\n\n\u0427\u0442\u043e\u0431\u044b \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043e\u0431\u043b\u0430\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 2FA.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u044b\u043f\u0443\u0441\u043a\u0435 2024-07. \u0412\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435. \u0418\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u0442.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sonarsource \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0434\u0432\u0435 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-42009 \u0438 CVE-2024-42008 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Roundcube.\n\n\u041e\u043d\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 JavaScript \u0432\u043d\u0443\u0442\u0440\u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u044f\u0449\u0438\u043a\u0430 Roundcube.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-42009 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u043a\u0440\u043e\u043c\u0435 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2024-42008 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u0449\u0435\u043b\u0447\u043a\u0430 \u043c\u044b\u0448\u0438 \u0436\u0435\u0440\u0442\u0432\u044b, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0435\u043e\u0447\u0435\u0432\u0438\u0434\u043d\u044b\u043c \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0410\u0442\u0430\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0438 \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0441 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c Roundcube \u0441\u043b\u0435\u0434\u0443\u0435\u0442\u00a0\u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 1.6.8 \u0438\u043b\u0438 1.5.8.", "creation_timestamp": "2024-08-07T15:40:04.000000Z"} https://vulnerability.circl.lu/sighting/84d0802d-c7b7-4362-9fe8-1f483b4c1ef9/export Wed, 07 Aug 2024 15:40:04 +0000 d1cbdae2-1baa-4ed0-8040-8dd1396082ac https://vulnerability.circl.lu/sighting/d1cbdae2-1baa-4ed0-8040-8dd1396082ac/export {"uuid": "d1cbdae2-1baa-4ed0-8040-8dd1396082ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/132", "content": "#exploit\n1. Code execution exploit for Tony Hawk's video game series\nhttps://github.com/grimdoomer/TonyHawksProStrcpy\n]-> https://icode4.coffee/?p=954\n\n2. CVE-2024-41958:\nMailcow Incorrect Comparison/2FA bypass\nhttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC", "creation_timestamp": "2024-08-08T06:27:44.000000Z"} {"uuid": "d1cbdae2-1baa-4ed0-8040-8dd1396082ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/132", "content": "#exploit\n1. Code execution exploit for Tony Hawk's video game series\nhttps://github.com/grimdoomer/TonyHawksProStrcpy\n]-> https://icode4.coffee/?p=954\n\n2. CVE-2024-41958:\nMailcow Incorrect Comparison/2FA bypass\nhttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC", "creation_timestamp": "2024-08-08T06:27:44.000000Z"} https://vulnerability.circl.lu/sighting/d1cbdae2-1baa-4ed0-8040-8dd1396082ac/export Thu, 08 Aug 2024 06:27:44 +0000 82dc3f0c-1bd7-4d48-a9fe-4e7d935f24f8 https://vulnerability.circl.lu/sighting/82dc3f0c-1bd7-4d48-a9fe-4e7d935f24f8/export {"uuid": "82dc3f0c-1bd7-4d48-a9fe-4e7d935f24f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10951", "content": "#exploit\n1. Code execution exploit for Tony Hawk's video game series\nhttps://github.com/grimdoomer/TonyHawksProStrcpy\n]-> https://icode4.coffee/?p=954\n\n2. CVE-2024-41958:\nMailcow Incorrect Comparison/2FA bypass\nhttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC", "creation_timestamp": "2024-08-08T11:02:34.000000Z"} {"uuid": "82dc3f0c-1bd7-4d48-a9fe-4e7d935f24f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10951", "content": "#exploit\n1. Code execution exploit for Tony Hawk's video game series\nhttps://github.com/grimdoomer/TonyHawksProStrcpy\n]-> https://icode4.coffee/?p=954\n\n2. CVE-2024-41958:\nMailcow Incorrect Comparison/2FA bypass\nhttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC", "creation_timestamp": "2024-08-08T11:02:34.000000Z"} https://vulnerability.circl.lu/sighting/82dc3f0c-1bd7-4d48-a9fe-4e7d935f24f8/export Thu, 08 Aug 2024 11:02:34 +0000 514b0510-c0af-4303-9725-eecc61e30f01 https://vulnerability.circl.lu/sighting/514b0510-c0af-4303-9725-eecc61e30f01/export {"uuid": "514b0510-c0af-4303-9725-eecc61e30f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2969", "content": "https://github.com/OrangeJuiceHU/CVE-2024-41958-PoC\n\nThis is a small proof of concept for CVE-2024-41958\n#github #poc", "creation_timestamp": "2024-08-08T14:25:38.000000Z"} {"uuid": "514b0510-c0af-4303-9725-eecc61e30f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2969", "content": "https://github.com/OrangeJuiceHU/CVE-2024-41958-PoC\n\nThis is a small proof of concept for CVE-2024-41958\n#github #poc", "creation_timestamp": "2024-08-08T14:25:38.000000Z"} https://vulnerability.circl.lu/sighting/514b0510-c0af-4303-9725-eecc61e30f01/export Thu, 08 Aug 2024 14:25:38 +0000 0ca94c62-1b87-4444-9c03-11312c05779e https://vulnerability.circl.lu/sighting/0ca94c62-1b87-4444-9c03-11312c05779e/export {"uuid": "0ca94c62-1b87-4444-9c03-11312c05779e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3740", "content": "#exploit\n1. Code execution exploit for Tony Hawk's video game series\nhttps://github.com/grimdoomer/TonyHawksProStrcpy\n]-> https://icode4.coffee/?p=954\n\n2. CVE-2024-41958:\nMailcow Incorrect Comparison/2FA bypass\nhttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC", "creation_timestamp": "2024-08-16T11:23:44.000000Z"} {"uuid": "0ca94c62-1b87-4444-9c03-11312c05779e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41958", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3740", "content": "#exploit\n1. Code execution exploit for Tony Hawk's video game series\nhttps://github.com/grimdoomer/TonyHawksProStrcpy\n]-> https://icode4.coffee/?p=954\n\n2. CVE-2024-41958:\nMailcow Incorrect Comparison/2FA bypass\nhttps://github.com/OrangeJuiceHU/CVE-2024-41958-PoC", "creation_timestamp": "2024-08-16T11:23:44.000000Z"} https://vulnerability.circl.lu/sighting/0ca94c62-1b87-4444-9c03-11312c05779e/export Fri, 16 Aug 2024 11:23:44 +0000