{"vulnerability": "CVE-2024-45200", "sightings": [{"uuid": "233de6bf-3ca5-4737-b722-a635f0561eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8641", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aInformation & PoC for CVE-2024-45200, Mario Kart 8 Deluxe's \\\"KartLANPwn\\\" buffer overflow vulnerability\nURL\uff1ahttps://github.com/latte-soft/kartlanpwn\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-30T01:13:27.000000Z"}, {"uuid": "0db4f6d0-c825-4d59-8ac9-02263823f052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/cvedetector/6646", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45200 - Nintendo Pia Library Stack-Based Buffer Overflow in Mario Kart 8 Deluxe\", \n  \"Content\": \"CVE ID : CVE-2024-45200 \nPublished : Sept. 30, 2024, 8:15 a.m. | 29\u00a0minutes ago \nDescription : In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the \"Wireless Play\" (or \"LAN Play\") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T10:48:27.000000Z"}, {"uuid": "b424f8f5-7e8c-41a2-9a76-f27204ec107f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/InfoSecInsider/492", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:11.000000Z"}, {"uuid": "94c7d813-8163-48eb-881a-d78965f4c11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/ton618cyber/5262", "content": "#exploit\n1. CVE-2024-45409:\nRuby-SAML/GitLab Authentication Bypass\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200:\nMario Kart 8 Deluxe's \"KartLANPwn\" BoF\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n// CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709", "creation_timestamp": "2024-10-08T16:16:09.000000Z"}, {"uuid": "1fb75870-4b4c-477a-b7a1-a4b27754843f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/GrayHatsHack/8873", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:05.000000Z"}, {"uuid": "71217f9e-ecd8-4a3e-a44b-d0d257eb61dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/dilagrafie/3789", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:18.000000Z"}, {"uuid": "8a913d10-793a-43fe-8d20-856062debec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/true_secator/6274", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c \u0441 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438:\n\n1. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 PrivSec \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438 PoC \u0434\u043b\u044f CVE-2024-38200, \u043d\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 NTLM Relaying, \u0432\u043b\u0438\u044f\u044e\u0449\u0435\u0439 \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Office.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u0430\u043d\u043e\u043d\u0441\u0430 \u043d\u0430 DEFCON.\n\n2. GreyNoise \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0438\u044e\u043d\u044c\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SolarWinds Serv-U, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0443\u044e \u043a\u0430\u043a CVE-2024-28995.\n\n3. JetBrains \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 20 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 TeamCity CI/CD.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0427\u0430\u0440\u043b\u044c\u0437 \u0424\u043e\u043b \u0438\u0437 LEXFO \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u00a0\u0442\u0440\u0435\u0442\u044c\u044e (\u043f\u0435\u0440\u0432\u0430\u044f \u0438 \u0432\u0442\u043e\u0440\u0430\u044f) \u0447\u0430\u0441\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0437\u0430 CVE-2024-2961, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Glibc (CVE-2024-2961), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f RCE-\u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 PHP.\n\n5. \u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 LAN/LDN \u0432 Nintendo Mario Kart 8 Deluxe \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.0.3 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0442\u0435\u043a\u0430 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441\u0435\u0430\u043d\u0441\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u043e\u0431\u0437\u043e\u0440\u0430-\u043e\u0442\u0432\u0435\u0442\u0430, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043a\u0430\u043a KartLANPwn.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0436\u0435\u0440\u0442\u0432\u0435 \u043d\u0435 \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0442\u044c\u0441\u044f \u043a \u0438\u0433\u0440\u043e\u0432\u043e\u0439 \u0441\u0435\u0441\u0441\u0438\u0438 \u0441\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c. \u0414\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043c\u0435\u043d\u044e \u00abWireless Play\u00bb (\u0438\u043b\u0438 \u00abLAN Play\u00bb) \u043d\u0430 \u0442\u0438\u0442\u0443\u043b\u044c\u043d\u043e\u043c \u044d\u043a\u0440\u0430\u043d\u0435 \u0438\u0433\u0440\u044b, \u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0439\u0441\u044f \u043f\u043e\u0431\u043b\u0438\u0437\u043e\u0441\u0442\u0438 (LDN) \u0438\u043b\u0438 \u0432 \u0442\u043e\u0439 \u0436\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438, \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u043a\u043e\u043d\u0441\u043e\u043b\u044c \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0412\u0441\u0435 \u044d\u0442\u043e (CVE-2024-45200) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 DoS \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0433\u0440\u044b \u0438\u043b\u0438, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e, RCE \u043d\u0430 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n6. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Akamai \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0442\u0447\u0435\u0442 \u041c\u0430\u0440\u0433\u0430\u0440\u0438\u0442\u0435\u043b\u043b\u0438 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Common UNIX Printing System (CUPS) \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f DDoS-\u0430\u0442\u0430\u043a.\n\n\u0420\u0430\u043d\u0435\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0447\u0442\u043e, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Red Hat, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043a\u0440\u0430\u0436\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0435\u0441\u043b\u0438 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u043e\u0448\u0438\u0431\u043e\u043a \u043f\u043e \u0447\u0430\u0441\u0442\u0438 RCE \u0431\u044b\u043b\u0430 \u0437\u0430\u0432\u044b\u0448\u0435\u043d\u0430, \u0442\u043e \u043f\u043e\u0437\u0434\u043d\u0435\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u00a0\u0443\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u043d\u043e \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u0440\u0435\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0435\u0433\u043e \u0432 \u0430\u0442\u0430\u043a\u0443 \u0441 \u043d\u0443\u043b\u0435\u0432\u044b\u043c \u0449\u0435\u043b\u0447\u043a\u043e\u043c.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Akamai \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u043c\u0430\u0441\u043b\u0430 \u0432 \u043e\u0433\u043e\u043d\u044c, \u043e\u0442\u043c\u0435\u0442\u0438\u0432, \u0447\u0442\u043e \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0446\u0435\u043b\u044c \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c, \u043d\u043e \u0438 \u0445\u043e\u0441\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 CUPS \u0442\u0430\u043a\u0436\u0435 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0436\u0435\u0440\u0442\u0432\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0435\u0442 \u0435\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u0443\u044e \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u043d\u0443\u044e \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0426\u041f.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Akamai \u0432\u044b\u044f\u0432\u0438\u043b \u0431\u043e\u043b\u0435\u0435 58\u00a0000 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 CUPS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 DDoS-\u0430\u0442\u0430\u043a.\n\n\u0418 \u0435\u0441\u043b\u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u0432\u0441\u0435 58\u00a0000+ \u0445\u043e\u0441\u0442\u043e\u0432 CUPS \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u044b \u0432 \u043e\u0434\u043d\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e, \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0442\u043e\u043a\u0443 \u0432 1 \u0413\u0411 \u0432\u0445\u043e\u0434\u044f\u0449\u0435\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u043f\u0430\u043a\u0435\u0442 UDP \u0438\u0437 \u043f\u0440\u0438\u043c\u0435\u0440\u0430 \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u0421\u0446\u0435\u043d\u0430\u0440\u0438\u0439 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0442\u043e\u043a\u0443 \u0432 6 \u0413\u0411.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u044d\u0442\u0438 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043e\u0448\u0435\u043b\u043e\u043c\u043b\u044f\u044e\u0449\u0438\u043c\u0438, \u043e\u043d\u0438 \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0443\u0442 \u043a \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0446\u0435\u043b\u044c\u044e \u043e\u043a\u043e\u043b\u043e 2,6 \u043c\u043b\u043d. TCP-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043b\u0435\u0433\u043a\u043e \u0438 \u043d\u0435 \u043d\u0430\u043a\u043b\u0430\u0434\u043d\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0442\u0430\u043a\u0443\u044e \u0430\u0442\u0430\u043a\u0443, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0441\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0445\u043e\u0441\u0442\u044b CUPS, \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u043a\u0443\u043d\u0434.", "creation_timestamp": "2024-10-02T17:30:06.000000Z"}, {"uuid": "0fd765c1-2747-4e39-a27f-ab4912a66094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/CyberDilara/1055", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:00.000000Z"}, {"uuid": "5b5bbeea-70e0-4c36-a755-8fded0129dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/InfoSecInsider/24061", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:11.000000Z"}, {"uuid": "64e0c8e0-c112-4100-b50c-beb5501d90b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/GrayHatsHack/7509", "content": "Tools - Hackers Factory \n\n#WebApp_Security\n#Offensive_security\n\nBounty Security Tools\n\n]-> GBounty Scanner:\n\nhttps://github.com/BountySecurity/gbounty\n\n]-> GBounty Multi-Step Profiles:\n\nhttps://github.com/BountySecurity/gbounty-profiles\n\n]-> GBounty Profiles Designer:\n\nhttps://github.com/BountySecurity/GBountyProfilesDesigner\n\nTest your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. \n\nhttps://github.com/promptfoo/promptfoo\n\nRepository for application-layer loop DoS \n\nhttps://github.com/cispa/loop-DoS\n\n#exploit\n\n1. CVE-2024-45409: Ruby-SAML/GitLab Authentication Bypass\n\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200: Mario Kart 8 Deluxe's \"KartLANPwn\" BoF\n\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\n\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n\nCVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-11T06:11:05.000000Z"}, {"uuid": "b8fbd582-1696-4351-8bbd-8cb643dac1df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3288", "content": "https://github.com/latte-soft/kartlanpwn\n\nInformation & PoC for CVE-2024-45200, Mario Kart 8 Deluxe's \"KartLANPwn\" buffer overflow vulnerability\n#github #poc", "creation_timestamp": "2024-10-06T17:38:11.000000Z"}, {"uuid": "235f57fb-05fb-48e6-8c9d-4412c7d56718", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-45200", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11240", "content": "#exploit\n1. CVE-2024-45409:\nRuby-SAML/GitLab Authentication Bypass\nhttps://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass\n\n2. CVE-2024-45200:\nMario Kart 8 Deluxe's \"KartLANPwn\" BoF\nhttps://github.com/latte-soft/kartlanpwn\n\n3. Apache HTTP Server Vulnerability Testing Tool\nhttps://github.com/mrmtwoj/apache-vulnerability-testing\n// CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709", "creation_timestamp": "2024-10-06T14:45:15.000000Z"}]}