{"vulnerability": "cve-2024-1168", "sightings": [{"uuid": "80fe0c24-0759-427a-8f3c-cce3e85dfed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113555895039105218", "content": "", "creation_timestamp": "2024-11-27T16:37:29.902426Z"}, {"uuid": "5f616cdf-8a35-4573-babf-2b925cd3dd39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-11680", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/113596165396421062", "content": "", "creation_timestamp": "2024-12-04T19:18:46.521263Z"}, {"uuid": "8fb2a2fc-5206-4521-8bb5-167087200ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11687", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605140768693029", "content": "", "creation_timestamp": "2024-12-06T09:21:20.715578Z"}, {"uuid": "44d83f62-6f2f-452f-8ca1-80fc3b24afc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113589530243414084", "content": "", "creation_timestamp": "2024-12-03T15:11:22.669831Z"}, {"uuid": "9d8948a0-50f4-44d0-a03b-fd5d4da3ebd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2813839", "content": "", "creation_timestamp": "2024-12-03T16:46:13.749802Z"}, {"uuid": "b7a9a956-2442-431a-b9a0-41d88b5bc4f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113595833220359528", "content": "", "creation_timestamp": "2024-12-04T17:54:18.297746Z"}, {"uuid": "4362e3d9-0bbd-472d-b6f2-081978cca20e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113548665618022004", "content": "", "creation_timestamp": "2024-11-26T09:58:57.520933Z"}, {"uuid": "227eb7ee-2c4a-43ea-b546-2932d6aaab29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11684", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559778984666815", "content": "", "creation_timestamp": "2024-11-28T09:05:14.110682Z"}, {"uuid": "e0cbe2a2-c28d-46a7-b35e-37d4960a5bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11685", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559778998749159", "content": "", "creation_timestamp": "2024-11-28T09:05:14.405317Z"}, {"uuid": "b7d8350e-fc6a-4c68-8f6e-d97102f9308d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11683", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637866613444526", "content": "", "creation_timestamp": "2024-12-12T04:03:57.071444Z"}, {"uuid": "c494ee4c-99c7-4cc0-8e87-a8cc96a17990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11689", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637925616482478", "content": "", "creation_timestamp": "2024-12-12T04:18:57.103443Z"}, {"uuid": "ae15669c-1362-4644-ab23-6dd80e4131be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-12-12T15:10:03.000000Z"}, {"uuid": "efe915c0-0758-4931-92a2-43c52fbcc06d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-11680", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/113640732823226365", "content": "", "creation_timestamp": "2024-12-12T16:12:51.685638Z"}, {"uuid": "2dea6d7a-0349-4ed8-a2fa-78517545c3dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11688", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113690099350888598", "content": "", "creation_timestamp": "2024-12-21T09:27:25.035891Z"}, {"uuid": "dad11b98-f3bd-4a42-9483-6b23ea76c810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11682", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689564888332357", "content": "", "creation_timestamp": "2024-12-21T07:11:29.905815Z"}, {"uuid": "64c33457-ae04-4764-beec-a00085192d73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11682", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse5nr2pk22", "content": "", "creation_timestamp": "2024-12-21T07:15:30.228236Z"}, {"uuid": "211600d9-aeb2-4e7f-a5dc-a1c37aee0916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11688", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso74mgtn2o", "content": "", "creation_timestamp": "2024-12-21T10:15:17.003027Z"}, {"uuid": "be1ace53-1969-48bb-a42b-f17818fa2c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11682", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689577468651324", "content": "", "creation_timestamp": "2024-12-21T07:14:41.871712Z"}, {"uuid": "bb9aa2fa-8184-40b1-92da-8087d6c1520d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11681", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5wwhu6vk2m", "content": "", "creation_timestamp": "2025-01-07T15:15:59.055188Z"}, {"uuid": "b7762c97-df29-4fbe-8f1d-bc1ce8a80586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11686", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113798105127356069", "content": "", "creation_timestamp": "2025-01-09T11:14:43.260693Z"}, {"uuid": "b37a64cd-3200-4d0b-9184-a4380aec037e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11686", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckgbfuhs2f", "content": "", "creation_timestamp": "2025-01-09T11:15:29.505267Z"}, {"uuid": "8e4942db-8dc9-418e-ad4a-74c16573f7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11681", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf5zb3gnyz2k", "content": "", "creation_timestamp": "2025-01-07T15:57:43.114161Z"}, {"uuid": "c21eebd6-998b-4993-8307-e6f5ff40fdfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "60d6e035-9634-42e3-a4c8-0bc2755483f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:02.000000Z"}, {"uuid": "164ffd7e-7e7b-4d42-b394-008a9917113d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:59.000000Z"}, {"uuid": "6f976415-9487-4d45-89ba-28319bbee6ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "exploited", "source": "https://t.me/itsec_news/4855", "content": "\u200b\u26a1\ufe0f\u041d\u0435\u0431\u0440\u0435\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u043b\u0438 \u043f\u0440\u043e\u0441\u0447\u0451\u0442? \u0422\u044b\u0441\u044f\u0447\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 ProjectSend \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430\n\n\ud83d\udcac \u0412 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c Open Source \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 ProjectSend \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c VulnCheck, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0433\u0434\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0439 \u0441\u043e\u0444\u0442, \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2024-11680 \u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u043e\u043c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (CVSS: 9.8) \u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u043c\u043c\u0438\u0442\u0430 \u043d\u0430 GitHub \u0435\u0449\u0451 \u0432 \u043c\u0430\u0435 2023 \u0433\u043e\u0434\u0430. \u041e\u0434\u043d\u0430\u043a\u043e \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0435\u0435 \u0431\u0440\u0435\u0448\u044c, \u0441\u0442\u0430\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2024 \u0433\u043e\u0434\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 r1720.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Synacktiv, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2023 \u0433\u043e\u0434\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 ProjectSend \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u0430\u043a \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044e \u043d\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u0432 \u0431\u0435\u043b\u043e\u043c \u0441\u043f\u0438\u0441\u043a\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 PHP-\u043a\u043e\u0434.\n\n\u0421 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2024 \u0433\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b VulnCheck \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043e\u0442 Project Discovery \u0438 Rapid7 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b ProjectSend. \u042d\u0442\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0430\u0442\u0430\u043a\u0438, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e JavaScript.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0414\u0436\u0435\u0439\u043a\u043e\u0431 \u0411\u0435\u0439\u043d\u0441 \u0438\u0437 VulnCheck \u043e\u0442\u043c\u0435\u0442\u0438\u043b, \u0447\u0442\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0442\u044c\u0441\u044f \u0432 \u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u044b\u0445 \u043c\u0435\u0441\u0442\u0430\u0445, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f upload/files/ \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0422\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043e\u0431\u043b\u0435\u0433\u0447\u0430\u0435\u0442 \u043f\u043e\u0438\u0441\u043a \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u043e\u043a\u043e\u043b\u043e 4 000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u044b\u0445 \u043a \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443, \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u043b\u0438\u0448\u044c 1% \u0438\u0437 \u043d\u0438\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e ProjectSend. \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0441\u0438\u0441\u0442\u0435\u043c \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u0440\u0435\u043b\u0438\u0437\u0430\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044e r1605, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u0443\u044e \u0435\u0449\u0451 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0440\u0430\u0441\u0442\u0443\u0449\u0435\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043e\u0442 \u0430\u0442\u0430\u043a.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-11-28T19:06:34.000000Z"}, {"uuid": "387c62ca-67e9-404a-9b9d-c64b3267116b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/projectsend_unauth_rce.rb", "content": "", "creation_timestamp": "2024-11-21T17:59:45.000000Z"}, {"uuid": "d83358f9-b172-4e73-8dfa-9b255908a2b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-11680", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/364fb652-efb8-4d43-98ae-bd053603f8d9", "content": "", "creation_timestamp": "2026-02-02T12:26:20.674895Z"}, {"uuid": "52218d29-cb09-4182-9098-31127c583fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9199", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-11680: Improper Authentication (CWE-287)\nURL\uff1ahttps://github.com/famixcm/CVE-2024-11680\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-27T13:38:57.000000Z"}, {"uuid": "c1db442b-f808-4a36-826a-c8b289072059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9389", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aVulnerabilidad CVE-2024-24926 afecta al tema Brooklyn de WordPress\nURL\uff1ahttps://github.com/D3N14LD15K/CVE-2024-11680_PoC_Exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-11T23:50:46.000000Z"}, {"uuid": "a211e034-88ca-4bbd-82c3-ee66546ff65c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "16392ee3-841c-441f-a851-1e5bc4356862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "Telegram/Us8JkcdKV6mNpmC49CCSXRO4qTVWF6cCKabwDZ5lsVeRzZU", "content": "", "creation_timestamp": "2026-03-31T15:00:07.000000Z"}, {"uuid": "0adb3ab8-a885-4332-a246-5b7692ea7f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/xatori_sec/665", "content": "CVE-2024-11680  ProjectSend r1605\n*\nExploit", "creation_timestamp": "2024-12-05T17:28:24.000000Z"}, {"uuid": "4d7ef096-3b86-4c88-b48b-afab9d035558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11686", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/937", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11686\n\ud83d\udd39 Description: The WhatsApp \ud83d\ude80 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-09T11:11:01.148Z\n\ud83d\udccf Modified: 2025-01-09T11:11:01.148Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7d623840-30d1-4599-a52d-08c28e190699?source=cve\n2. https://wordpress.org/plugins/manycontacts-bar/", "creation_timestamp": "2025-01-09T12:16:04.000000Z"}, {"uuid": "8a1d6462-cdc4-454e-be21-89b157039fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11681", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/443", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11681\n\ud83d\udd39 Description: A malicious or compromised MacPorts mirror can execute arbitrary commands as root\u00a0on the machine of a client running port selfupdate\u00a0against the mirror.\n\ud83d\udccf Published: 2025-01-07T14:35:52.723Z\n\ud83d\udccf Modified: 2025-01-07T15:04:25.786Z\n\ud83d\udd17 References:\n1. https://github.com/google/security-research/security/advisories/GHSA-2j38-pjh8-wfxw", "creation_timestamp": "2025-01-07T15:39:03.000000Z"}, {"uuid": "18459fa1-9e79-43f7-b3e1-eb2ed2e88c15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11681", "type": "seen", "source": "https://t.me/cvedetector/14546", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11681 - MacPorts Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11681 \nPublished : Jan. 7, 2025, 3:15 p.m. | 52\u00a0minutes ago \nDescription : A malicious or compromised MacPorts mirror can execute arbitrary commands as root\u00a0on the machine of a client running port selfupdate\u00a0against the mirror. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T17:13:11.000000Z"}, {"uuid": "6d1cb392-e8de-45c8-bfb9-6251885b686a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://t.me/CyberBulletin/1636", "content": "\u26a1\ufe0fCVE-2024-11680 (CVSS 9.8) ProjectSend Unauthenticated Configuration Modification.\n\nThis flaw allows attackers to alter server settings, enable unauthorized user registration, upload malicious web shells, and potentially inject harmful JavaScript. \n\n#CyberBulletin", "creation_timestamp": "2024-11-27T12:05:43.000000Z"}, {"uuid": "2a1fd333-f44e-41c0-a9d6-ca65e1d949e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11687", "type": "seen", "source": "https://t.me/cvedetector/12182", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11687 - The Next-Cart Store to WooCommerce Migration plugi\", \n  \"Content\": \"CVE ID : CVE-2024-11687 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:35:56.000000Z"}, {"uuid": "fa2380ed-841d-4e26-b185-ce0878c52a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11688", "type": "seen", "source": "https://t.me/cvedetector/13499", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11688 - WordPress LaTeX2HTML Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11688 \nPublished : Dec. 21, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T11:59:20.000000Z"}, {"uuid": "3f55ff22-b282-4b38-81d0-e353bdd63ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11682", "type": "seen", "source": "https://t.me/cvedetector/13486", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11682 - WordPress G Web Pro Store Locator Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11682 \nPublished : Dec. 21, 2024, 7:15 a.m. | 16\u00a0minutes ago \nDescription : The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T08:38:42.000000Z"}, {"uuid": "86b0cdfa-5196-4e58-a5c2-c2d14cfc20c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11689", "type": "seen", "source": "https://t.me/cvedetector/12695", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11689 - \"HQ Rental Software WordPress CSRF\"\", \n  \"Content\": \"CVE ID : CVE-2024-11689 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. This is due to missing or incorrect nonce validation on the displaySettingsPage() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:30.000000Z"}, {"uuid": "8008b152-b102-49a6-a6c6-36da8444ac03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11683", "type": "seen", "source": "https://t.me/cvedetector/12694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11683 - WordPress Newsletter Subscriptions Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11683 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:30.000000Z"}, {"uuid": "e09be33b-063c-485b-b522-af5e12374556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "Telegram/q18uh-tWYMfAH8aTzDHyKn6qBVdF-64uulyX9e-nMJS5xjel", "content": "", "creation_timestamp": "2024-12-05T10:03:19.000000Z"}, {"uuid": "1a3c0e7c-dd4a-4bd7-a526-581b671199b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/8776", "content": "\ud83d\udea8CVE-2024-11680 PoC Exploit in ProjectSend r1605 and Older Versions\n\nhttps://darkwebinformer.com/cve-2024-11680-poc-exploit-in-projectsend-r1605-and-older-versions/", "creation_timestamp": "2024-12-12T17:12:56.000000Z"}, {"uuid": "87253527-a4ab-441f-9d7d-077534116dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/8400", "content": "\ud83d\udea8Proof of Concept (PoC) Exploit for CVE-2024-11680, Critical Vulnerability in ProjectSend\n\nhttps://darkwebinformer.com/proof-of-concept-poc-exploit-for-cve-2024-11680-critical-vulnerability-in-projectsend/\n\nCredit (Twitter/X): @d3n14ld15k", "creation_timestamp": "2024-12-04T20:19:48.000000Z"}, {"uuid": "5627db9e-ae85-4462-9bdd-d8163e6c06f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/159754", "content": "CVE-2024-11680  ProjectSend r1605\n*\nExploit", "creation_timestamp": "2024-12-05T09:59:11.000000Z"}, {"uuid": "2f7bca23-cc7e-4ce4-8db1-2b72ac7b142b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/707", "content": "CVE-2024-11680  ProjectSend r1605\n*\nExploit", "creation_timestamp": "2024-12-05T09:59:11.000000Z"}, {"uuid": "aa4ee60c-ba71-4e7f-8f87-96e4245bafc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "exploited", "source": "https://t.me/thehackernews/5960", "content": "A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited. \n \nIt allows attackers to execute malicious code on vulnerable servers. \n \nDon\u2019t wait for an attack\u2014patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html", "creation_timestamp": "2024-11-27T17:07:37.000000Z"}, {"uuid": "5127e47e-d24a-4dfd-a172-37db72ac2f9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2407", "content": "CVE-2024-11680  ProjectSend r1605\n*\nExploit", "creation_timestamp": "2024-12-05T09:52:59.000000Z"}, {"uuid": "a2ae28d1-53f5-4e96-a1f5-f9c96ef5e875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "exploited", "source": "https://t.me/true_secator/6481", "content": "VulnCheck \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c ProjectSend.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u0443\u0442\u043e\u0440\u0430 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u043c\u043c\u0438\u0442\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e\u00a0\u0432 \u043c\u0430\u0435 2023 \u0433\u043e\u0434\u0430, \u0431\u044b\u043b\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2024 \u0433\u043e\u0434\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 r1720, \u0435\u0439 \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d  CVE-2024-11680 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,8.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a VulnCheck \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0421\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0430\u044f \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2023 \u0433\u043e\u0434\u0430 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Synacktiv \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0435\u0435 \u043a\u0430\u043a \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432 ProjectSend \u0432\u0435\u0440\u0441\u0438\u0438 r1605 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 PHP-\u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435.\n\n\u0412 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 NIST \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 options.php \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439, \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 JavaScript.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Synacktiv, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 PHP-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u043a\u043e\u0434\u0430, \u043f\u043e \u0441\u0443\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b ProjectSend, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u0430\u043b\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0433\u043e\u00a0Project Discovery \u0438 Rapid7.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0435\u0449\u0435 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435.\n\n\u041d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 ProjectSend \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Censys \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043e\u043a\u043e\u043b\u043e 4000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 ProjectSend, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043b\u0438\u0448\u044c 1% \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e (r1750), \u0430 \u0432\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043b\u0438\u0431\u043e \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043b\u0438\u0431\u043e r1605, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0448\u043b\u0430 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u043e\u0441\u0438\u0442 \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 CVE-2024-11680.", "creation_timestamp": "2024-11-27T19:31:50.000000Z"}, {"uuid": "5f3405ae-f524-49d6-b29d-dbc9ecb2a44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "seen", "source": "https://t.me/CyberBulletin/26643", "content": "\u26a1\ufe0fCVE-2024-11680 (CVSS 9.8) ProjectSend Unauthenticated Configuration Modification.\n\nThis flaw allows attackers to alter server settings, enable unauthorized user registration, upload malicious web shells, and potentially inject harmful JavaScript. \n\n#CyberBulletin", "creation_timestamp": "2024-11-27T12:05:43.000000Z"}, {"uuid": "5c7e8c6e-5642-4575-944e-15467d75453b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11680", "type": "exploited", "source": "https://t.me/S_E_Reborn/5267", "content": "VulnCheck \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c ProjectSend.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u0443\u0442\u043e\u0440\u0430 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u043c\u043c\u0438\u0442\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e\u00a0\u0432 \u043c\u0430\u0435 2023 \u0433\u043e\u0434\u0430, \u0431\u044b\u043b\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2024 \u0433\u043e\u0434\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 r1720, \u0435\u0439 \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d  CVE-2024-11680 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,8.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a VulnCheck \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0421\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0430\u044f \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2023 \u0433\u043e\u0434\u0430 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Synacktiv \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0435\u0435 \u043a\u0430\u043a \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432 ProjectSend \u0432\u0435\u0440\u0441\u0438\u0438 r1605 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 PHP-\u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435.\n\n\u0412 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u0445 NIST \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443 options.php \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439, \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 JavaScript.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Synacktiv, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 PHP-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u043a\u043e\u0434\u0430, \u043f\u043e \u0441\u0443\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b ProjectSend, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0442\u0430\u043b\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0433\u043e\u00a0Project Discovery \u0438 Rapid7.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0435\u0449\u0435 \u0432 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435.\n\n\u041d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u043d\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 ProjectSend \u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Censys \u0432\u044b\u044f\u0432\u0438\u043b\u0430 \u043e\u043a\u043e\u043b\u043e 4000 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 ProjectSend, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043b\u0438\u0448\u044c 1% \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e (r1750), \u0430 \u0432\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043b\u0438\u0431\u043e \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043b\u0438\u0431\u043e r1605, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u044b\u0448\u043b\u0430 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u043e\u0441\u0438\u0442 \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 CVE-2024-11680.", "creation_timestamp": "2024-11-28T11:47:22.000000Z"}]}