{"vulnerability": "cve-2024-5173", "sightings": [{"uuid": "b0ba5662-16bc-4078-b453-38c0121d4ab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51739", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113431700097332580", "content": "", "creation_timestamp": "2024-11-05T18:13:05.275538Z"}, {"uuid": "df71b5ce-c37b-46e1-a83f-442ba14f87eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51736", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113437993660081025", "content": "", "creation_timestamp": "2024-11-06T20:53:37.350687Z"}, {"uuid": "d7083c67-31cb-4797-a031-c7a66bc1ce32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113793458635380791", "content": "", "creation_timestamp": "2025-01-08T15:33:02.927532Z"}, {"uuid": "e1d1fbfe-4916-435e-8df7-31154f59403e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfakqomnvl2k", "content": "", "creation_timestamp": "2025-01-08T16:15:59.045626Z"}, {"uuid": "7348d17c-346a-4e0f-96c0-d8bde68ba07a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfamb57ze32e", "content": "", "creation_timestamp": "2025-01-08T16:43:07.807117Z"}, {"uuid": "5f25826a-ac28-47a9-9477-24626d9b63be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51738", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861395498095406", "content": "", "creation_timestamp": "2025-01-20T15:30:16.734747Z"}, {"uuid": "7a1980d0-da53-4fdd-9f9a-fff6ebeebe40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51738", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lg6qdfx52j2n", "content": "", "creation_timestamp": "2025-01-20T16:15:48.642172Z"}, {"uuid": "1d5b3959-854f-483e-b727-a7735c45822d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51738", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg6siggj6t2k", "content": "", "creation_timestamp": "2025-01-20T16:54:24.741187Z"}, {"uuid": "738379db-3ef7-4941-a24f-0a4b0a2bf2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-51737\n\ud83d\udd39 Description: RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.\n\ud83d\udccf Published: 2025-01-08T15:27:15.780Z\n\ud83d\udccf Modified: 2025-01-08T15:43:17.211Z\n\ud83d\udd17 References:\n1. https://github.com/RediSearch/RediSearch/security/advisories/GHSA-p2pg-67m3-4c76\n2. https://github.com/RediSearch/RediSearch/commit/13a2936d921dbe5a2e3c72653e0bd7b26af3a6cb", "creation_timestamp": "2025-01-08T16:21:50.000000Z"}, {"uuid": "a99d1c64-2ad2-49c5-a6a5-ca642414769f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51739", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnvnzwvxal2h", "content": "", "creation_timestamp": "2025-04-28T21:02:19.887233Z"}, {"uuid": "f21661fd-b932-42db-8892-c7985c982593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51736", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mf2n76nw5322", "content": "", "creation_timestamp": "2026-02-17T13:10:06.866269Z"}, {"uuid": "4b6175f5-aa5c-43bd-b93a-99bb9cf6d33e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51738", "type": "seen", "source": "https://t.me/cvedetector/15897", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51738 - Sunshine/Moonlight Cross-Site Request Forgery and Man-in-the-Middle Attack Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51738 \nPublished : Jan. 20, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T18:23:23.000000Z"}, {"uuid": "d344c7fa-d351-4774-9bf2-95febb78b001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51737", "type": "seen", "source": "https://t.me/cvedetector/14694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51737 - RediSearch Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51737 \nPublished : Jan. 8, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T18:19:14.000000Z"}, {"uuid": "6a3a164c-160e-4a1f-b3b1-df6f5bede27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51734", "type": "seen", "source": "https://t.me/cvedetector/9792", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51734 - Zope AccessControl Lateral File Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51734 \nPublished : Nov. 4, 2024, 11:15 p.m. | 39\u00a0minutes ago \nDescription : Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T01:19:03.000000Z"}, {"uuid": "bd33a7e3-8f3f-43ed-b0ee-53259650aa16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51739", "type": "seen", "source": "https://t.me/cvedetector/9918", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51739 - \"Combodo iTop Unauthenticated User Enumeration\"\", \n  \"Content\": \"CVE ID : CVE-2024-51739 \nPublished : Nov. 5, 2024, 6:15 p.m. | 22\u00a0minutes ago \nDescription : Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry `\"UI:ResetPwd-Error-WrongLogin\"` through an extension and replace it with a generic message. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T19:44:19.000000Z"}, {"uuid": "c909c3e6-9f4e-4264-a22a-bcdfb568b9bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-51735", "type": "published-proof-of-concept", "source": "https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv", "content": "", "creation_timestamp": "2024-11-05T04:40:12.000000Z"}, {"uuid": "53998f94-ed08-4cb5-9111-f7f820af05f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51736", "type": "seen", "source": "https://t.me/cvedetector/10043", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51736 - Symphony Cmd.exe Hijacking vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51736 \nPublished : Nov. 6, 2024, 9:15 p.m. | 40\u00a0minutes ago \nDescription : Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T23:21:32.000000Z"}, {"uuid": "442dbaf4-81c5-483d-9438-e3bceae03f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51735", "type": "seen", "source": "https://t.me/cvedetector/9942", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51735 - Osmedeus Cross-Site Scripting (XSS) vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-51735 \nPublished : Nov. 5, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS. This may lead to commands executed on the host as well. This issue is not yet resolved. Users are advised to add their own filtering or to reach out to the developer to aid in developing a patch. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T21:25:44.000000Z"}]}