{"vulnerability": "CVE-2023-3758", "sightings": [{"uuid": "7eaba608-bd64-4d51-b1e8-c79d8b58e5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "Telegram/HN-xN_IUXNfAYyLxX2TTYoAqpZF7jtPAPnohXnkE0RKdqQ", "content": "", "creation_timestamp": "2023-11-16T18:48:28.000000Z"}, {"uuid": "0b3679eb-0f20-4eb9-8fcb-8eefb3e40511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "https://t.me/KomunitiSiber/1084", "content": "Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups\nhttps://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html\n\nA zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.\n\"Most of this activity occurred after the initial fix became public on GitHub,\" Google Threat Analysis Group (TAG)\u00a0said\u00a0in a report shared with The Hacker News.\nThe flaw, tracked as\u00a0CVE-2023-37580\u00a0(CVSS score:", "creation_timestamp": "2023-11-16T17:59:39.000000Z"}, {"uuid": "2894bdea-80ca-4ccd-b43d-714a73ee848a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "Telegram/rrQgemzze4xJUOHyyN8K0bc2BcTV6JphfrZTGQGNYc8dgw", "content": "", "creation_timestamp": "2023-07-15T14:46:28.000000Z"}, {"uuid": "c274b21a-3d5f-4c98-afe9-9cf62484b7cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3122", "content": "\u200b\u200bGitHub Logs\n\nExtracting #OSINT Insights from 15TB of GitHub Event Logs.\n\nhttps://github.com/trickest/github-logs\n\n#cybersecurity #infosec\n\n\u200b\u200bWeb Hacker's Weapons\n\nA collection of cool tools used by Web hackers.\n\nhttps://github.com/hahwul/WebHackersWeapons\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200b\ud83d\udc27 Awesome Linux Rootkits\n\nBest linux rootkits resources.\n\nhttps://github.com/milabs/awesome-linux-rootkits\n\n#infosec #pentesting #redteam\n\nglit\n\nA little #OSINT tool to retrieve all mails of user related to a git repository, a git user or a git organization.\n\nhttps://github.com/shadawck/glit\n\n#cybersecurity #infosec\n\n\u200b\u200bCoWitness\n\nA powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.\n\nhttps://github.com/stolenusername/cowitness\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bLinux Kernel Factory\n\nLinux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.\n\nhttps://github.com/bsauce/kernel-exploit-factory\n\n#infosec #pentesting #redteam\n\n\u200b\u200bdocleaner\n\nA web service to clean #documents from potentially privacy-invasive #metadata.\n\nhttps://github.com/TUD-CERT/docleaner\n\n\u200b\u200bHadesLdr\n\nShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.\n\n\u2022 Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.\n\u2022 API Hashing by resolving modules &amp; APIs base address from PEB by hashes\n\u2022 Fileless Chunked RC4 Shellcode retrieving using Winsock2\n\nhttps://github.com/CognisysGroup/HadesLdr\n\nDetails:\nhttps://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLOLAPPS \n\nKind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.\n\nhttps://github.com/LOLAPPS-Project/LOLAPPS\n\nWeb:\nhttps://lolapps-project.github.io/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-36884\n\nOffice/Windows HTML RCE Vulnerability\n\nhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bRWXfinder\n\nWindows-specific tool written in C which uses Windows API functions to traverse through directories and look for DLL files with an RWX section in memory.\n\nhttps://github.com/pwnsauc3/RWXFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bPlumHound \n\nBloodHoundAD Report Engine for Security Teams\n\nhttps://github.com/PlumHound/PlumHound\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLolDriverScan\n\nA golang tool that allows users to discover vulnerable drivers on their system. This tool fetches the loldriverscan.io list from their APIs and scans the system for any vulnerable drivers This project is implemented in Go and does not require elevated privileges to run.\n\nhttps://github.com/FourCoreLabs/loldriverscan\n\n#cybersecurity #infosec\n\n\u200b\u200bJayFinder\n\nWhether you knew Process Mockingjay since ever or you just got to know it, this tool helps you to find DLLs with RWX section. This is done parsing the PE Section Headers and checking the \"Characteristics\" attribute of each section.\n\nhttps://github.com/oldboy21/JayFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-37582\n\nApache RocketMQ Arbitrary File Write Vulnerability #Exploit.\n\nhttps://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\n#cybersecurity #infosec\n\n\u200b\u200bUDP Protocol Scanner\n\nA tool for identifying UDP services running on remote hosts. This tool may be of use to those performing security testing - e.g. during penetration testing, vulnerability assessments or while pivoting.\n\nhttps://github.com/CiscoCXSecurity/udpy_proto_scanner\n\n#cybersecurity #infosec #pentesting\n\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-07-15T21:16:53.000000Z"}, {"uuid": "cbafa7c5-6d75-4c10-ac40-4932d6041db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1626", "content": "CVE-2023-37582 EXPLOIT\nApache RocketMQ \n*\n\u0414\u043b\u044f \u0442\u0435\u0441\u0442\u0430 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 RocketMQ environment via Docker\n*\nexploit\n*\n#apache #exploit #docker", "creation_timestamp": "2023-07-15T10:35:02.000000Z"}, {"uuid": "1ba9a1ff-9b98-47ed-a9e6-5d61ce8b9aed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "https://t.me/true_secator/5097", "content": "0-day \u0432 \u041f\u041e Zimbra \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0447\u0435\u0442\u044b\u0440\u044c\u043c\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u043c\u0438 \u0433\u0440\u0443\u043f\u043f\u0430\u043c\u0438 \u0432 \u0445\u043e\u0434\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a \u0442\u0430\u043a\u0438\u043c \u0432\u044b\u0432\u043e\u0434\u0430\u043c \u043f\u0440\u0438\u0448\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Google Threat Analysis Group (TAG), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u043e\u043b\u043d \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 29 \u0438\u044e\u043d\u044f 2023 \u0433\u043e\u0434\u0430, \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0437\u0430 \u0434\u0432\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Zimbra \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435.\n\n\u0422\u0440\u0438 \u0438\u0437 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438\u0441\u044c \u0434\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043f\u0430\u0442\u0447\u0430, \u0430 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u043c\u0435\u0441\u044f\u0446 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.\n\nCVE-2023-37580\u00a0(\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 6,1) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439\u00a0XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e 8.8.15 \u043f\u0430\u0442\u0447\u0430 41. \u041e\u043d\u0430 \u0431\u044b\u043b\u0430\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430\u00a0Zimbra \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043e\u0442 25 \u0438\u044e\u043b\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0432 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b, \u043f\u0440\u043e\u0441\u0442\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0432 \u0438\u0445 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u043c\u0443 URL-\u0430\u0434\u0440\u0435\u0441\u0443.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0432 \u0413\u0440\u0435\u0446\u0438\u0438, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 URL-\u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041f\u0440\u0438 \u043d\u0430\u0436\u0430\u0442\u0438\u0438 \u043d\u0430 \u043d\u0438\u0445 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0440\u0430\u043d\u0435\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c \u0432 \u0445\u043e\u0434\u0435 \u0434\u0440\u0443\u0433\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 EmailThief, \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 2022 \u0433\u043e\u0434\u0430, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0430 Volexity, \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u0432 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f TEMP_HERETIC.\n\n\u0412\u0442\u043e\u0440\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u043c\u0441\u044f CVE-2023-37580, \u0441\u0442\u0430\u043b\u0430 Winter Vivern, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u041c\u043e\u043b\u0434\u043e\u0432\u0435 \u0438 \u0422\u0443\u043d\u0438\u0441\u0435 \u0432\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a 5 \u0438\u044e\u043b\u044f \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u043d\u0430 GitHub.\n\n13 \u0438\u044e\u043b\u044f Zimbra \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044e \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d 25 \u0438\u044e\u043b\u044f, Google \u043d\u0430\u0442\u043a\u043d\u0443\u043b\u0430\u0441\u044c \u043d\u0430 \u0442\u0440\u0435\u0442\u044c\u044e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u043e \u0412\u044c\u0435\u0442\u043d\u0430\u043c\u0435.\n\n\u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0432\u0435\u0441\u0442\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u0443\u044e \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u043f\u043e\u0447\u0442\u044b.\n\n\u041d\u0430\u043a\u043e\u043d\u0435\u0446, 25 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u0432 \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0430\u0441\u044c \u0430\u0442\u0430\u043a\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0442\u043e\u043a\u0435\u043d \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Zimbra \u0443\u0448\u0435\u043b \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u043c\u0435\u043d ntcpk[.]org.\n\n\u041e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 CVE-2023-37580 (\u0442\u0440\u0435\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 - \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0441\u0442\u0430\u043b\u0430 \u0434\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438), \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u044c \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a \u0441\u0432\u043e\u0438\u043c \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c.\n\n\u0412\u0441\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442, \u043a\u0430\u043a \u0447\u0435\u0442\u043a\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0433\u0434\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u043d\u043e \u0435\u0449\u0435 \u043d\u0435 \u0434\u043e\u0448\u043b\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.", "creation_timestamp": "2023-11-17T12:09:07.000000Z"}, {"uuid": "8b1ef9ad-bf67-4d20-9522-5d326f28f190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3898", "content": "\u2623\ufe0f\u2b50Nvidia Corporation Leak : https://system32.ink/nvidia-corporation-leak/\n\n\ud83d\udc7e\ud83d\udd30Rheinmetall Defence Leak : https://system32.ink/rheinmetall-defence-leak/\n\n\ud83c\udf2a\ufe0f\ud83d\udca9FA station Thailand Leak : https://system32.ink/fa-station-thailand-leak/\n\n\ud83d\udca5\u2623\ufe0fInvicti Enterprise 23.1 : https://system32.ink/invicti-enterprise-23.1-download-free/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fCVE-2023-37582 EXPLOIT Apache RocketMQ : https://system32.ink/cve-2023-37582-exploit-apache-rocketmq/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-15T14:45:28.000000Z"}, {"uuid": "0c4bdfa0-5e4c-4677-85b4-81d9f78b23fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37581", "type": "seen", "source": "https://t.me/cibsecurity/67828", "content": "\u203c CVE-2023-37581 \u203c\n\nInsufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-06T12:12:19.000000Z"}, {"uuid": "550fefcf-fd60-4fee-bbca-7bb307d1cc7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "seen", "source": "https://t.me/cibsecurity/66532", "content": "\u203c CVE-2023-37582 \u203c\n\nThe RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-15T16:57:00.000000Z"}, {"uuid": "ef7581e0-dcad-4063-a307-d6e7a19d4cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "https://t.me/cibsecurity/67484", "content": "\u203c CVE-2023-37580 \u203c\n\nZimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T20:37:54.000000Z"}, {"uuid": "f2ffe554-93cb-483f-a2b9-f4e108261850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "https://t.me/information_security_channel/51022", "content": "Zimbra Zero-Day Exploited to Hack Government Emails\nhttps://www.securityweek.com/zimbra-zero-day-exploited-to-hack-government-emails/\n\nGoogle says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails.\nThe post Zimbra Zero-Day Exploited to Hack Government Emails (https://www.securityweek.com/zimbra-zero-day-exploited-to-hack-government-emails/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2023-11-16T18:23:55.000000Z"}, {"uuid": "d9dd2fe3-7197-4aaf-8765-25c1060ea449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8677", "content": "#exploit\n1. CVE-2023-37582:\nApache RocketMQ Arbitrary File Write Vulnerability\nhttps://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\n2. CVE-2023-23397:\nMS Outlook Privilege Escalation\nhttps://github.com/Muhammad-Ali007/OutlookNTLM_CVE-2023-23397\n]-&gt; https://github.com/tiepologian/CVE-2023-23397\n\n3. CVE-2023-20110:\nCisco Smart Software Manager On-Prem SQL Injection Vulnerability\nhttps://github.com/redfr0g/CVE-2023-20110", "creation_timestamp": "2024-03-18T01:57:48.000000Z"}, {"uuid": "5c10580a-54cd-40af-a4dc-c83bb51e2539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-07-27T18:10:02.000000Z"}, {"uuid": "0fafb4f3-04d4-4f40-8686-175b816005e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/network/cves/2023/CVE-2023-37582.yaml", "content": "", "creation_timestamp": "2025-10-13T10:36:24.000000Z"}, {"uuid": "6ba88ba5-dbff-4bd1-9218-31bd12ab7e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/0da10821-b44c-47e5-b21c-b30ec7bcae81", "content": "", "creation_timestamp": "2026-02-02T12:26:54.161761Z"}, {"uuid": "c34118ba-a218-496a-9e69-89b296abec6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "https://t.me/BleepingComputer/18904", "content": "\u200aGoogle: Hackers exploited Zimbra zero-day in attacks on govt orgs\n\nHackers leveraged a medium-severity security issue now identified as\u00a0CVE-2023-37580 since June 29, nearly a\u00a0month before the vendor addressed it in version\u00a08.8.15 Patch 41of the software on July 25. [...]\n\nhttps://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/", "creation_timestamp": "2023-11-17T19:31:16.000000Z"}, {"uuid": "31a85562-a13b-4196-b1eb-196e6b389d4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "exploited", "source": "https://t.me/BleepingComputer/19173", "content": "\u200aHackers target Apache RocketMQ servers vulnerable to RCE attacks\n\nSecurity researchers are detecting hundreds of IP addresses on a daily basis that scan\u00a0or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as\u00a0CVE-2023-33246 and\u00a0CVE-2023-37582. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-target-apache-rocketmq-servers-vulnerable-to-rce-attacks/", "creation_timestamp": "2024-01-05T18:42:26.000000Z"}, {"uuid": "f936bc5b-9e13-461a-b22b-b76777c9d6b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "https://t.me/ctinow/150935", "content": "https://ift.tt/NQK0XdC\nUnpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580)", "creation_timestamp": "2023-11-22T03:18:19.000000Z"}, {"uuid": "c60d835e-8a8a-4d06-8d1a-f5ac13cc5884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "https://t.me/ctinow/155850", "content": "https://ift.tt/AuH6wSK\nUnderstanding the Zimbra Cross-Site Scripting Flaw (CVE-2023-37580)", "creation_timestamp": "2023-12-18T12:37:06.000000Z"}, {"uuid": "80d563e5-d26b-4510-b86b-3dd0e5f8baef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971864", "content": "", "creation_timestamp": "2024-12-24T20:34:58.847797Z"}, {"uuid": "cac184ba-8493-4abf-bf1c-e308a8544d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:45.000000Z"}, {"uuid": "560d70a3-f5d0-4750-a9fa-9be9731788b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3g6ag34p22g", "content": "", "creation_timestamp": "2025-10-17T21:02:24.099528Z"}, {"uuid": "0248e69e-a400-40cc-8586-6f8fa505ac5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/0da10821-b44c-47e5-b21c-b30ec7bcae81", "content": "", "creation_timestamp": "2026-02-02T12:26:54.161761Z"}, {"uuid": "3f474cc8-f0fd-49bb-a491-6b0cd7c5b06a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37580", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef", "content": "", "creation_timestamp": "2024-10-14T15:50:35.983245Z"}, {"uuid": "061585cd-b588-4850-9617-82ef2263a2e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4333", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37582\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \n\nWhen NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \n\nIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n\ud83d\udccf Published: 2023-07-12T12:31:36Z\n\ud83d\udccf Modified: 2025-02-13T19:00:52Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37582\n2. https://github.com/apache/rocketmq\n3. https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc\n4. http://www.openwall.com/lists/oss-security/2023/07/12/1", "creation_timestamp": "2025-02-13T19:21:34.000000Z"}, {"uuid": "b8d0088d-9371-4c5f-b133-59177944deb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/65", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043e\u0431 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 CVE-2023-37582 \u0432 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 NameServer \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 Apache RocketMQ.\n\nApache RocketMQ - \u044d\u0442\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043e\u0442 Alibaba \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u043d\u0438\u0437\u043a\u0443\u044e \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0443, \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0435\u043c\u043a\u043e\u0441\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u0430\u043a \u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-33246 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 NameServer, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 tcp/9876 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Broker.\n\nPOC \u043d\u0438\u0436\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b\u0438\u043a \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u0434\u043b\u044f \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e\u0439 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438: \nbody = 'configStorePath=/tmp/pwned\\nproductEnvName=test/path\\\\ntest\\\\ntest'.encode('utf-8') \n\u0414\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0431\u043e\u0435\u0432\u043e\u0433\u043e RCE \u043c\u043e\u0436\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c payload \u0438 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0437\u0430\u043b\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 ssh-\u043a\u043b\u044e\u0447 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u0442 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0437\u0430\u043f\u0443\u0449\u0435\u043d RocketMQ \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83e\udeb2\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: Apache RocketMQ \u0434\u043e 4.9.6, 5.0.0-5.1.1\n\u2699\ufe0fPOC: https://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.1.11\n\n#CVE-2023-37582 #RCE #RocketMQ", "creation_timestamp": "2023-07-18T09:39:03.000000Z"}]}