{"vulnerability": "CVE-2024-2285", "sightings": [{"uuid": "102fda6d-48ff-4ce6-8e64-d13a1a84aa64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22855", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9086", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22855\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.\n\ud83d\udccf Published: 2024-06-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-27T14:23:42.076Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/52025", "creation_timestamp": "2025-03-27T14:27:17.000000Z"}, {"uuid": "013bd013-4642-47e6-96e8-ce33322c5cec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22857", "type": "seen", "source": "https://t.me/ctinow/202000", "content": "https://ift.tt/CQZMAmz\nCVE-2024-22857", "creation_timestamp": "2024-03-07T02:26:59.000000Z"}, {"uuid": "3aabfa5a-0b12-4071-8324-83ab7d8134f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22851", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11945", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22851\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.\n\ud83d\udccf Published: 2024-02-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-15T22:15:31.375Z\n\ud83d\udd17 References:\n1. https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851\n2. https://www.liveconfig.com/de/kb/cve/cve-2024-22851/\n3. https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html", "creation_timestamp": "2025-04-15T22:55:46.000000Z"}, {"uuid": "b20cb6ea-b6f8-41e1-b6da-5b693a954786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22853", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-22853\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.\n\ud83d\udccf Published: 2024-02-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T20:13:39.786Z\n\ud83d\udd17 References:\n1. https://www.dlink.com/en/security-bulletin/\n2. https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md", "creation_timestamp": "2025-06-20T20:44:20.000000Z"}, {"uuid": "b009ac24-917a-446d-9124-3a280bc33b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22859", "type": "seen", "source": "https://t.me/ctinow/191221", "content": "https://ift.tt/3GLiB2l\nCVE-2024-22859 | livewire up to 3.0.3 getCsrfToken cross-site request forgery", "creation_timestamp": "2024-02-22T22:21:40.000000Z"}, {"uuid": "17c4a254-1523-4c61-8660-417031222af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2285", "type": "seen", "source": "https://t.me/ctinow/203034", "content": "https://ift.tt/HEj9De4\nCVE-2024-2285", "creation_timestamp": "2024-03-08T04:26:17.000000Z"}, {"uuid": "a2ec9f01-1af3-41cf-8785-44f56980244b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22857", "type": "seen", "source": "https://t.me/ctinow/208329", "content": "https://ift.tt/YDSNjwL\nCVE-2024-22857 | Zlog heap-based overflow", "creation_timestamp": "2024-03-15T01:31:50.000000Z"}, {"uuid": "0f147746-132a-4ad4-a778-e8ffb90b5d15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2285", "type": "seen", "source": "https://t.me/ctinow/203078", "content": "https://ift.tt/k763wMI\nCVE-2024-2285 | boyiddha Automated-Mess-Management-System 1.0 /member/member_edit.php name cross site scripting", "creation_timestamp": "2024-03-08T06:51:55.000000Z"}, {"uuid": "14eb8bb4-44c6-4182-ba55-95218bb859f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2285", "type": "seen", "source": "https://t.me/ctinow/203028", "content": "https://ift.tt/HEj9De4\nCVE-2024-2285", "creation_timestamp": "2024-03-08T04:26:11.000000Z"}, {"uuid": "a7fc5ad9-e43a-4a6b-bfa4-5c93f20d495d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22853", "type": "seen", "source": "https://t.me/ctinow/196665", "content": "https://ift.tt/dEPpZnu\nCVE-2024-22853 | D-Link Go-RT-AC750 101b03 hard-coded password", "creation_timestamp": "2024-02-29T14:22:04.000000Z"}, {"uuid": "6ff69b3b-a6c7-4fc4-ba5f-40154fd63741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22852", "type": "seen", "source": "https://t.me/ctinow/196663", "content": "https://ift.tt/3NDoKzj\nCVE-2024-22852 | D-Link Go-RT-AC750 101b03 genacgi_main stack-based overflow", "creation_timestamp": "2024-02-29T14:22:02.000000Z"}, {"uuid": "c4fc2597-d5f0-4241-ab9e-192aa8033b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22854", "type": "seen", "source": "https://t.me/ctinow/186234", "content": "https://ift.tt/2hczYak\nCVE-2024-22854", "creation_timestamp": "2024-02-16T10:26:48.000000Z"}, {"uuid": "8751fba7-f2fe-4ff4-9205-94ef5bc27956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22851", "type": "seen", "source": "https://t.me/ctinow/192780", "content": "https://ift.tt/FlAxajG\nCVE-2024-22851 | LiveConfig up to 2.5.1 Request /static/ path traversal", "creation_timestamp": "2024-02-25T09:11:23.000000Z"}, {"uuid": "ba5c0aba-7534-4201-ac2a-af5adea4cad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22852", "type": "seen", "source": "https://t.me/ctinow/184201", "content": "https://ift.tt/vK672jJ\nCVE-2024-22852 Exploit", "creation_timestamp": "2024-02-13T21:16:52.000000Z"}, {"uuid": "ba97e32f-cbe0-441c-bcf2-da2bae85f32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22853", "type": "seen", "source": "https://t.me/ctinow/183407", "content": "https://ift.tt/hMnXu0K\nCVE-2024-22853 Exploit", "creation_timestamp": "2024-02-12T21:16:44.000000Z"}, {"uuid": "1f6dd47f-cf4e-42b5-8402-9f15f286f25a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22852", "type": "seen", "source": "https://t.me/ctinow/179700", "content": "https://ift.tt/DuFM9XB\nCVE-2024-22852", "creation_timestamp": "2024-02-06T03:26:40.000000Z"}, {"uuid": "6f831234-be06-4226-be50-cf97c886b2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22859", "type": "seen", "source": "https://t.me/ctinow/177378", "content": "https://ift.tt/wfUedVD\nCVE-2024-22859", "creation_timestamp": "2024-02-01T08:31:08.000000Z"}, {"uuid": "a34221bf-382f-4e11-bc51-e95fe032335c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22853", "type": "seen", "source": "https://t.me/ctinow/179701", "content": "https://ift.tt/0IftNrb\nCVE-2024-22853", "creation_timestamp": "2024-02-06T03:26:41.000000Z"}, {"uuid": "dd8df5e9-25f5-4dd4-b283-0dc58b1a031e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22857", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10140", "content": "#exploit\n1. CVE-2024-28120:\nAPI abuse in codeium-chrome\nhttps://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome\n\n2. CVE-2024-22857:\nArbitrary Code Execution in ZLOG\nhttps://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857", "creation_timestamp": "2024-03-13T15:53:39.000000Z"}, {"uuid": "4fa543f4-d9ff-4ffe-bf03-8c14237a5ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22851", "type": "seen", "source": "https://t.me/ctinow/178017", "content": "https://ift.tt/96ZD1fd\nCVE-2024-22851", "creation_timestamp": "2024-02-02T10:31:49.000000Z"}, {"uuid": "ec4e63c3-ac62-4161-b261-271b38662132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22859", "type": "seen", "source": "https://t.me/kasraone_com/652", "content": "\ud83d\udd34CVE\n\n     CVE-2024-22859\n\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Cross-Site Request Forgery (CSRF) \u062f\u0631 livewire \u0642\u0628\u0644 \u0627\u0632 \u0646\u0633\u062e\u0647 3.0.4\u060c \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u062a\u0627\u0628\u0639 getCsrfToken \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f. \u062a\u0648\u062c\u0647: \u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0628\u0627 \u0627\u06cc\u0646 \u0645\u0648\u0636\u0648\u0639 \u0645\u062e\u0627\u0644\u0641\u062a \u0645\u06cc \u06a9\u0646\u062f \u0632\u06cc\u0631\u0627 commit 5d88731 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 \u0642\u0627\u0628\u0644\u06cc\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 (\u06a9\u062f\u0647\u0627\u06cc \u0648\u0636\u0639\u06cc\u062a HTTP 419 \u0628\u0631\u0627\u06cc \u0641\u0639\u0627\u0644\u06cc\u062a \u0645\u0634\u062a\u0631\u06cc \u0642\u0627\u0646\u0648\u0646\u06cc) \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u0645\u06cc \u06a9\u0646\u062f\u060c \u0646\u0647 \u06cc\u06a9 \u0645\u0634\u06a9\u0644 \u0627\u0645\u0646\u06cc\u062a\u06cc.\n\n\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2661 \u2800\u2800 \u3007\u2800\u00a0 \u2800 \u2399\u2800\u200c \u200c \u2332\u2063 \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u02e1\u2071\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 K1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kasraone", "creation_timestamp": "2024-02-13T21:53:24.000000Z"}]}