{"vulnerability": "CVE-2024-38024", "sightings": [{"uuid": "785a6a72-e411-4620-8584-99b286b92f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1534/", "content": "", "creation_timestamp": "2024-11-20T05:00:00.000000Z"}, {"uuid": "72c87a2d-3eb8-4098-9ab8-c9f9bf8cca8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-website/wp-login.php\"\n    payload = {\n        \"username\": \"attacker_username\",\n        \"password\": \"attacker_password\"\n    }\n    response = requests.post(url, data=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-camera-ip/api/exploit\"\n    payload = {\"command\": \"switch_network\"}\n    response = requests.post(url, json=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    import requests\n\n    url = \"http://target-hugegraph-server\"\n    payload = {\"exploit\": \"malicious_code_here\"}\n    response = requests.post(url, json=payload)\n    print(response.text)\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n    Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n   \n    curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n    \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"}, {"uuid": "4c9b74a4-7398-4c43-944c-2e2f661ebf22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmifnearov2e", "content": "", "creation_timestamp": "2025-04-10T21:02:20.531167Z"}, {"uuid": "cd06c61f-5ea4-4721-937d-d277a6edfb34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/706", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:27.000000Z"}, {"uuid": "6b24aff7-8640-40bb-91a1-203e41ef6888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4205", "content": "\ud83d\uddbc\ufe0f Microsoft SharePoint Server 20219 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\n\ud83d\udd17 Source:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-10T09:41:41.000000Z"}, {"uuid": "94805a8f-b179-4a0d-9757-4aefd35407f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/sycebrex/191", "content": "\u0414\u0430\u0432\u0435\u0447\u0430 \u0437\u0430\u043b\u0438\u043b\u0438 \u043d\u0430 GitHub \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0434\u043b\u044f \nMicrosoft SharePoint Server 2019\n\n\u0417\u0430\u043b\u0438\u0432\u0448\u0438\u0439 \u043f\u043e\u043a\u0430\u0437\u0430\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0440\u0430\u0437\u0443 \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: \n\ud83c\udf53 CVE-2024-38094\n\ud83c\udf53 CVE-2024-38024\n\ud83c\udf53 CVE-2024-38023\n\n\u0428\u0442\u043e\u0448. \u041d\u0435 \u0443\u0434\u0438\u0432\u043b\u044e\u0441\u044c, \u0435\u0441\u043b\u0438 \u0443\u0436\u0435 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442 \u0433\u0434\u0435-\u0442\u043e \u0447\u0442\u043e-\u0442\u043e \u0442\u044b\u043a\u0430\u0442\u044c \u0431\u0435\u0437\u0431\u043e\u0436\u043d\u043e. \u0410 \u043a\u0442\u043e-\u0442\u043e \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0436\u0435 \u00ab\u0437\u0430\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u00bb \u044d\u0442\u043e \u0432 \u0431\u043e\u0435\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u0414\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u0441\u043a\u043e\u0440\u043e \u0431\u0443\u0434\u0435\u0442 \u0432 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u0445 \n\n\u041c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0430 \u0432\u0438\u0434\u0435\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u043b\u0438 \u0441\u0442\u0430\u0440\u044b\u0439 \u043f\u0441\u0438\u0445\u043e\u0434\u0435\u043b\u0438\u0447\u043d\u044b\u0439 \u043a\u043b\u0438\u043f Chemical Brothers \u043d\u0430 \u043e\u0434\u0438\u043d \u0438\u0437 \u043b\u044e\u0431\u0438\u043c\u0435\u0439\u0448\u0438\u0445 \u0442\u0440\u0435\u043a\u043e\u0432 The Test (\u0442\u0430\u043c \u043a\u0441\u0442\u0430\u0442\u0438 \u0432\u043e\u043a\u0430\u043b \u0420\u0438\u0447\u0430\u0440\u0434\u0430 \u042d\u0448\u043a\u0440\u043e\u0444\u0442\u0430 \u0438\u0437 The Verve)", "creation_timestamp": "2024-07-11T11:22:38.000000Z"}, {"uuid": "4bb9bdbf-9641-4dc1-bcfe-0abcc62d945b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/rootdr_research/19", "content": "CVE-2024-38094 / CVE-2024-38024 / CVE-2024-38023\n\nMicrosoft SharePoint RCE\n\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nFor more join to channel (:\nhttps://t.me/rootdr_research\n\n#CVE \n#Exploit", "creation_timestamp": "2024-07-10T13:41:51.000000Z"}, {"uuid": "c06b882c-18c2-42c3-8d67-3ea101081a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/malwaremanzero/204", "content": "\u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0627\u0644\u0644\u064a \u0628\u064a\u0637\u0644\u0642 \u0639\u0644\u064a\u0647\u0627 CVE-2024-38024 \u0647\u064a \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0623\u0645\u0627\u0646 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a \u0645\u0646\u062a\u062c\u0627\u062a \u0645\u0627\u064a\u0643\u0631\u0648\u0633\u0648\u0641\u062a \u0648\u0628\u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0639\u0646 \u0628\u0639\u062f \u0639\u0644\u0649 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u0635\u0627\u0628\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062a\u0639\u062a\u0628\u0631 \u0645\u0646 \u0646\u0648\u0639 Remote Code Execution \u0623\u0648 RCE \u064a\u0639\u0646\u064a \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0642\u062f\u0631 \u064a\u0646\u0641\u0630 \u0643\u0648\u062f \u0636\u0627\u0631 \u0639\u0646 \u0628\u0639\u062f \u0628\u062f\u0648\u0646 \u0645\u0627 \u064a\u0643\u0648\u0646 \u0639\u0646\u062f\u0647 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0627\u062a\u0639\u0631\u0641\u062a \u0644\u0623\u0648\u0644 \u0645\u0631\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0641\u0631\u064a\u0642 \u0628\u062d\u062b\u064a \u0623\u0645\u0646\u064a \u0645\u062a\u062e\u0635\u0635 \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u062a\u062d\u0644\u064a\u0644\u0647\u0627 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u0623\u062b\u0631 \u0639\u0644\u0649 \u0623\u0646\u0638\u0645\u0629 \u062a\u0634\u063a\u064a\u0644 \u0648\u064a\u0646\u062f\u0648\u0632 \u0648\u0628\u062a\u062a\u0648\u0627\u062c\u062f \u0641\u064a \u0645\u0643\u0648\u0646 \u0645\u0639\u064a\u0646 \u0645\u0646 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0644\u064a \u0628\u064a\u0643\u0648\u0646 \u0645\u0633\u0624\u0648\u0644 \u0639\u0646 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u062a\u062d\u0642\u0642 \u0635\u062d\u064a\u062d \u0645\u0646 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0644\u0642\u0649 \u0645\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u062e\u0627\u0631\u062c\u064a\u0629 \u0648\u062f\u0647 \u0628\u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u062d\u0642\u0646 \u0643\u0648\u062f \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u064a\u062e\u0644\u064a\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0644\u064a \u0639\u0627\u064a\u0632\u0647\u0627\n\n\u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0643\u0627\u0646 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u062d\u0644\u064a\u0644 \u062d\u0632\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u0648\u0635\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0648\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u0641\u064a\u0647\u0627 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062f\u064a \u0627\u0644\u0641\u0631\u064a\u0642 \u0627\u0644\u0628\u062d\u062b\u064a \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0634\u0628\u0643\u0627\u062a \u0648\u0628\u0631\u0627\u0645\u062c \u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u062e\u0637\u0627\u0621 \u0644\u0644\u0648\u0635\u0648\u0644 \u0644\u0646\u0642\u0637\u0629 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0643\u0645\u0627\u0646 \u0627\u0633\u062a\u062e\u062f\u0645\u0648\u0627 \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0647\u0646\u062f\u0633\u0629 \u0627\u0644\u0639\u0643\u0633\u064a\u0629 \u0644\u0641\u0647\u0645 \u0643\u064a\u0641\u064a\u0629 \u0639\u0645\u0644 \u0627\u0644\u0645\u0643\u0648\u0646 \u0627\u0644\u0644\u064a \u0641\u064a\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0634\u0643\u0644 \u0623\u0639\u0645\u0642 \u0648\u0644\u0645\u0627 \u062a\u0623\u0643\u062f\u0648\u0627 \u0645\u0646 \u0648\u062c\u0648\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0642\u0627\u0645\u0648\u0627 \u0628\u062a\u062c\u0647\u064a\u0632 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 \u0623\u0648 Proof of Concept \u0627\u0644\u0644\u064a \u0628\u064a\u0628\u064a\u0646\u0648\u0627 \u0641\u064a\u0647 \u0625\u0632\u0627\u064a \u0645\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0634\u0643\u0644 \u0639\u0645\u0644\u064a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062a\u0645 \u0643\u062a\u0627\u0628\u062a\u0647 \u0628\u0644\u063a\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u0629 Python \u0627\u0644\u0644\u064a \u0628\u062a\u0639\u062a\u0628\u0631 \u0645\u0646 \u0627\u0644\u0644\u063a\u0627\u062a \u0627\u0644\u0642\u0648\u064a\u0629 \u0648\u0627\u0644\u0645\u0631\u0646\u0629 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0627\u0644\u0644\u064a \u0627\u062a\u0643\u062a\u0628\u062a \u0628\u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u0646\u0642\u0637\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0628\u062a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0625\u0631\u0633\u0627\u0644 \u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0639\u064a\u0646\u0629 \u0644\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0636\u062d\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u064a\u062a\u0645 \u0645\u0639\u0627\u0644\u062c\u062a\u0647\u0627 \u0628\u0634\u0643\u0644 \u063a\u064a\u0631 \u0635\u062d\u064a\u062d \u0648\u0628\u062a\u0633\u0645\u062d \u0628\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631\n\n\u0645\u0646 \u0627\u0644\u0646\u0627\u062d\u064a\u0629 \u0627\u0644\u0639\u0644\u0645\u064a\u0629 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0632\u064a \u062f\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u062d\u0627\u062c\u0627\u062a \u0632\u064a Buffer Overflow \u0623\u0648 Heap Spraying \u0627\u0644\u0644\u064a \u0647\u0645\u0627 \u062a\u0642\u0646\u064a\u0627\u062a \u0628\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0645\u0646 \u062a\u062c\u0627\u0648\u0632 \u062d\u062f\u0648\u062f \u0627\u0644\u0630\u0627\u0643\u0631\u0629 \u0648\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062a\u062d\u062f\u064a\u062f\u064b\u0627 \u0628\u062a\u0633\u062a\u063a\u0644 \u0646\u0642\u0637\u0629 \u0641\u064a \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0644\u064a \u0628\u062a\u0648\u0635\u0644 \u0644\u0644\u0646\u0638\u0627\u0645 \u0648\u0628\u062a\u062e\u0644\u064a\u0647 \u064a\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062f\u064a \u0643\u0623\u0646\u0647\u0627 \u0635\u0627\u0644\u062d\u0629 \u0648\u064a\u0628\u062f\u0623 \u064a\u0646\u0641\u0630\u0647\u0627 \u0628\u062f\u0648\u0646 \u062a\u062d\u0642\u0642 \u0643\u0627\u0641\u064a \u0645\u0646 \u0635\u062d\u062a\u0647\u0627 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0628\u0627\u0644\u0634\u0643\u0644 \u062f\u0647 \u0628\u064a\u062a\u0637\u0644\u0628 \u0641\u0647\u0645 \u0639\u0645\u064a\u0642 \u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0648\u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0648\u062f\u064a \u062d\u0627\u062c\u0627\u062a \u0645\u0634 \u0633\u0647\u0644\u0629 \u0644\u0643\u0646 \u0627\u0644\u0641\u0631\u0642 \u0627\u0644\u0628\u062d\u062b\u064a\u0629 \u0628\u062a\u0643\u0648\u0646 \u0645\u062a\u0645\u0631\u0633\u0629 \u0641\u064a \u0627\u0644\u062d\u0627\u062c\u0627\u062a \u062f\u064a \u0648\u0628\u062a\u0639\u0631\u0641 \u0625\u0632\u0627\u064a \u062a\u0643\u062a\u0634\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0648\u062a\u0633\u062a\u063a\u0644\u0647\u0627 \u0628\u0634\u0643\u0644 \u0641\u0639\u0627\u0644\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0640CVE", "creation_timestamp": "2024-07-25T10:22:21.000000Z"}, {"uuid": "e6d94ed7-c2ed-422d-b67e-1601fd555ba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/123", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-07T05:34:10.000000Z"}, {"uuid": "1a403f63-55a5-49aa-a000-27d9b156ddf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/veIOHsbV5kLZGnQksJSl1JOrCFYfC-6sYrwF7hGdBF9KK0en", "content": "", "creation_timestamp": "2024-07-23T18:28:14.000000Z"}, {"uuid": "6e6229be-4e94-405b-bc23-5e62ab2702da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/JdMoVB3Dk4QWIjoir-XpoF425YxCOG6rpGYbwBE_Oz6Y8AE", "content": "", "creation_timestamp": "2024-08-09T09:36:15.000000Z"}, {"uuid": "6d9d1cb5-6db6-4ef4-a9c0-a1b6afc4dea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/dc_main/6434", "content": "Microsoft SharePoint Server 2019 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\nSource:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-08-15T04:59:17.000000Z"}, {"uuid": "44ab3d7c-6ba3-494d-ac90-e0d2c2d12c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/mLuXIhkdQoQwPvwhDsS4ApxxO_4ER5M9JWf4bsHNwYwF5rU", "content": "", "creation_timestamp": "2024-07-20T19:49:10.000000Z"}, {"uuid": "841ff440-43f8-4b52-9041-96366d772b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "Telegram/DOvVBYl81gcQnEx0SnDYShnK_l00AQ-j6ykpGr0q_-DsSYc", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}, {"uuid": "175738c1-deb9-40a5-aff5-e9b91f66cc6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2156", "content": "CVE-2024-38094 / CVE-2024-38024 / CVE-2024-38023\n*\nMicrosoft SharePoint RCE\n*\nVIDEO\n*\nPOC exploit", "creation_timestamp": "2024-07-10T11:45:05.000000Z"}, {"uuid": "5cf2165f-bfa6-4769-84b5-d9617e58d0f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/44", "content": "Microsoft SharePoint Server 2019 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\nSource:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-11T03:45:26.000000Z"}, {"uuid": "ad83a2ef-8692-4bd4-ad27-e74623667370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5978", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T13:08:33.000000Z"}, {"uuid": "86d2dde0-eb6a-487f-9ba4-13c27b527bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1516", "content": "RCE \u0447\u0435\u0440\u0435\u0437 Microsoft SharePoint Server 2019\n\nMicrosoft SharePoint \u2014 \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u0435.\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0443\u0432\u0438\u0434\u0435\u043b \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 CVE \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u044d\u0442\u0443 \u0432\u0435\u0431-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443: \n\nCVE-2024-38094 \nCVE-2024-38024\nCVE-2024-38023\n\n\u0427\u0442\u043e\u0431\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c RCE, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0441\u043b\u043e\u0432\u0438\u0439, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e\n1) \u0421\u0435\u0442\u0435\u0432\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 SharePoint.\n2) \u0423\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 (\u043b\u043e\u0433/\u043f\u0430\u0441\u0441) \u0434\u043b\u044f NTLM \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 + \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u0434\u043e\u043b\u0436\u043d\u0430 \u0438\u043c\u0435\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u0430\u043f\u043e\u043a.\n\n\u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430: poc_filtered.py, poc_specific.py \u0438 poc_sub.py. \u0421\u0435\u0439\u0447\u0430\u0441 \u043a\u043e\u0440\u043e\u0442\u043a\u043e \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u0441\u0443\u0442\u044c \u0438 \u043a\u0430\u043a \u043e\u043d\u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442. \n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 NTLM \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a API SharePoint \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u0441\u0445\u043e\u0436\u0438\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f: \n\n\u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 SharePoint \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u0417\u0430\u0442\u0435\u043c \u043e\u043d\u0438 \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043f\u0430\u043f\u043a\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a BusinessDataMetadataCatalog, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f POST-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a API SharePoint \u043f\u043e \u043f\u0443\u0442\u0438 /api/web/Folders.\n\n\u0414\u0430\u043b\u0435\u0435 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0444\u0430\u0439\u043b \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 BDCMetadata.bdcm, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 SharePoint, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a GetCreatorView, GetDefaultValues, GetFilters \u0438 FindFiltered. \u042d\u0442\u0438 \u043c\u0435\u0442\u043e\u0434\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 SharePoint, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \n\n\u0422\u043e \u0435\u0441\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 poc_filtered.py \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u043e\u0432\u0430\u044f \u043f\u0430\u043f\u043a\u0430 BusinessDataMetadataCatalog, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 X-RequestDigest \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. X-RequestDigest \u2014 \u044d\u0442\u043e \u0442\u043e\u043a\u0435\u043d, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0449\u0438\u0439, \u0447\u0442\u043e \u0437\u0430\u043f\u0440\u043e\u0441 \u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043e\u0442 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u042d\u0442\u043e\u0442 \u0442\u043e\u043a\u0435\u043d \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438\u0445 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438. \u0417\u0430\u0442\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0444\u0430\u0439\u043b \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 BDCMetadata.bdcm \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0430\u043f\u043a\u0443. \u042d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0412 \u043a\u043e\u043d\u0446\u0435, \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 XML-\u0437\u0430\u043f\u0440\u043e\u0441 \u043a API SharePoint \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u041d\u043e \u043c\u0435\u0436\u0434\u0443 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438 \u0435\u0441\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0440\u0430\u0437\u043d\u0438\u0446\u0430, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u0430\u0445. \n\n1) poc_filtered.py \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 FindFiltered \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 SharePoint.\n2) poc_specific.py \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434 FindSpecific \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447 \u0438 \u043a\u043e\u043c\u0430\u043d\u0434.\n3) poc_sub.py \u0432 \u044d\u0442\u043e\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u0435\u0442\u043e\u0434 Subscribe \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0438 \u043d\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\nPoC \nPoC Video", "creation_timestamp": "2024-08-06T17:12:22.000000Z"}, {"uuid": "cfb172a1-cb30-4cb6-aabb-b492cb8cf59f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1509", "content": "\ud83d\uddbc\ufe0f Microsoft SharePoint Server 20219 \u2014 RCE \n\nPoC for: \n\u2014 CVE-2024-38094\n\u2014 CVE-2024-38024\n\u2014 CVE-2024-38023\n\n\ud83d\udd17 Source:\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n#sharepoint #poc #rce #cve", "creation_timestamp": "2024-07-10T11:35:17.000000Z"}, {"uuid": "8b78f60e-98f0-442e-8852-476e42cc238f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2958", "content": "https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\nCVE-2024-38094\nCVE-2024-38024\nCVE-2024-38023\n#github #poc", "creation_timestamp": "2024-08-07T06:18:21.000000Z"}, {"uuid": "6c2298c6-435b-4d11-b783-c5f70cb76865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "exploited", "source": "https://t.me/S_E_Reborn/4953", "content": "\u041f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043a\u0443\u0447\u043d\u043e.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 WPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Profile Builder \u0438 Profile Builder Pro.\n\n\u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10.\n\nClaroty\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Synology BC500, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 WAN \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 LAN.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u043c \u043a\u043e\u043d\u043a\u0443\u0440\u0441\u0435 Pwn2Own Toronto \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u00a0\u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 Apache HugeGraph.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-27348, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8/10 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0432 \u0430\u043f\u0440\u0435\u043b\u0435.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0\u0438\u00a0PoC\u00a0\u043d\u0430 GitHub.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438\u00a0\u0434\u043b\u044f \u0442\u0440\u0435\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 Microsoft SharePoint (CVE-2024-38023, CVE-2024-38024 \u0438 CVE-2024-38094).\n\nSonicwall \u0432\u0442\u0430\u0439\u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0432\u043e\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 SMA100. \n\n\u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 SSD \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SMA100 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Classic Mode, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e Sonicwall \u0443\u0434\u0430\u043b\u0438\u043b\u0430 Classic Mode \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SMA100 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u0432 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u0442 Sonicwall \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e, \u043d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u043b\u0430 CVE \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0438 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0441\u0442\u0430\u0440\u0443\u044e \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u0436\u0435 SSD \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0438 \u043a\u043e\u0434 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.", "creation_timestamp": "2024-07-17T19:33:17.000000Z"}, {"uuid": "4c90c79f-9660-4917-86d3-bcd8f2ec4e5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10820", "content": "#exploit\n1. CVE-2024-38094,\nCVE-2024-38024,\nCVE-2024-38023:\nMS SharePoint RCE\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n2. CVE-2024-33327:\nLumisXP XSS\nhttps://seclists.org/fulldisclosure/2024/Jul/9\n\n3. Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge RCE\nhttps://0reg.dev/blog/evernote-rce", "creation_timestamp": "2024-07-12T13:22:56.000000Z"}, {"uuid": "3cb94011-d73b-4679-a4d8-c2213ccf953a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3410", "content": "#exploit\n1. CVE-2024-38094,\nCVE-2024-38024,\nCVE-2024-38023:\nMS SharePoint RCE\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC\n\n2. CVE-2024-33327:\nLumisXP XSS\nhttps://seclists.org/fulldisclosure/2024/Jul/9\n\n3. Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge RCE\nhttps://0reg.dev/blog/evernote-rce", "creation_timestamp": "2024-08-16T11:16:24.000000Z"}, {"uuid": "d20c974b-5892-4c21-a04b-49b7bb831b55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38024", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3733", "content": "#exploit\n1. CVE-2024-39877:\nApache Airflow Arbitrary Code Execution\nhttps://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow\n\n2. CVE-2024-7395,\nCVE-2024-7396,\nCVE-2024-7397:\nInsufficient Authentication, Plaintext Communication, Unauthenticated CI\u00a0in Korenix JetPort\nhttps://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetport/index.html\n\n3. CVE-2024-38094,\nCVE-2024-38023,\nCVE-2024-38024:\nMS SharePoint RCEs\nhttps://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC", "creation_timestamp": "2024-08-16T11:23:44.000000Z"}]}