{"vulnerability": "CVE-2024-2814", "sightings": [{"uuid": "7d5c07de-ae7e-410d-9d45-b3e2214214b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28140", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113634979328314715", "content": "", "creation_timestamp": "2024-12-11T15:49:40.857345Z"}, {"uuid": "6d0ca4e0-ebe6-4adb-a5c7-4282e1540ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28141", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635027305143777", "content": "", "creation_timestamp": "2024-12-11T16:01:52.267967Z"}, {"uuid": "8464ec86-3cc3-43f0-affe-24c98482c20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28142", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113639929934122414", "content": "", "creation_timestamp": "2024-12-12T12:48:40.468617Z"}, {"uuid": "26d31509-afc6-41bb-97f9-1bc6330c69e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28144", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113640101712655643", "content": "", "creation_timestamp": "2024-12-12T13:32:21.591816Z"}, {"uuid": "9e9827c3-2ab5-4084-af16-ec9856db5cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28145", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113640145030708581", "content": "", "creation_timestamp": "2024-12-12T13:43:22.495117Z"}, {"uuid": "337e28ed-d845-4e72-9f3e-c8218c8fae6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28143", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113640193636487541", "content": "", "creation_timestamp": "2024-12-12T13:55:44.318981Z"}, {"uuid": "41571813-50f2-47f3-b0e1-1c3c6f1cb3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28146", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113640193651131353", "content": "", "creation_timestamp": "2024-12-12T13:55:44.545627Z"}, {"uuid": "2dddf6a9-2003-4f22-9205-d9276c4d82c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28146", "type": "seen", "source": "https://t.me/cvedetector/12792", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28146 - Cisco Hard-Coded Credentials Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-28146 \nPublished : Dec. 12, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : The application uses several hard-coded credentials\u00a0to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T16:20:51.000000Z"}, {"uuid": "604b3d27-2d7e-4363-a775-15c8a7fab6bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28145", "type": "seen", "source": "https://t.me/cvedetector/12791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28145 - Apache HTTP Server SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-28145 \nPublished : Dec. 12, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php\u00a0file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter \"field\" with the UNION keyword. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T16:20:49.000000Z"}, {"uuid": "ab75a4fe-a9a6-4615-84ec-61b833d8aebd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28144", "type": "seen", "source": "https://t.me/cvedetector/12790", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28144 - Apache Session Hijacking\", \n  \"Content\": \"CVE ID : CVE-2024-28144 \nPublished : Dec. 12, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T16:20:48.000000Z"}, {"uuid": "3d64a2df-dd7c-47c3-a2d7-a898550c5f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28143", "type": "seen", "source": "https://t.me/cvedetector/12789", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28143 - Apache HTTP Server Password Change Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-28143 \nPublished : Dec. 12, 2024, 2:15 p.m. | 44\u00a0minutes ago \nDescription : The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter\u00a0for a user without knowing the old password, e.g. by exploiting a CSRF issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T16:20:46.000000Z"}, {"uuid": "f94871c5-528a-49c3-b9a2-fee62ad08fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28141", "type": "seen", "source": "https://t.me/cvedetector/12639", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28141 - Netflix CSRF (Cross-Site Request Forgery)\", \n  \"Content\": \"CVE ID : CVE-2024-28141 \nPublished : Dec. 11, 2024, 4:15 p.m. | 25\u00a0minutes ago \nDescription : The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T17:44:50.000000Z"}, {"uuid": "59cdde3c-0541-4cfe-92db-0eec89120fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28140", "type": "seen", "source": "https://t.me/cvedetector/12638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28140 - \"Scan2Net Browser Elevation of Privileges Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-28140 \nPublished : Dec. 11, 2024, 4:15 p.m. | 25\u00a0minutes ago \nDescription : The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user.\u00a0This can be confirmed by running \"ps aux\" as the root user and observing the output. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T17:44:49.000000Z"}, {"uuid": "e368d781-903c-4b76-a91a-bf9e08762665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28142", "type": "seen", "source": "https://t.me/cvedetector/12787", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-28142 - Apache Struts Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-28142 \nPublished : Dec. 12, 2024, 1:15 p.m. | 23\u00a0minutes ago \nDescription : Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The \"File Name\" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the \"file name\" and wildcard character input field. By exploiting the wildcard character feature, attackers are able to store arbitrary Javascript code which is being triggered if the page is viewed afterwards, e.g. by higher privileged users such as admins.  \n  \n  \n  \n  \n  \n  \n  \n  \n  \nThis attack can even be performed without being logged in because the affected functions are not fully protected. Without logging in, only the file name parameter of the \"Default\" User can be changed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T14:40:27.000000Z"}, {"uuid": "b7890abf-55bd-483b-8b7b-6a8a6a46aa80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28149", "type": "seen", "source": "https://t.me/ctinow/201723", "content": "https://ift.tt/iaJDm9P\nCVE-2024-28149", "creation_timestamp": "2024-03-06T19:56:35.000000Z"}, {"uuid": "3eb685f7-6e8e-47b8-9f79-41b380937f55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28149", "type": "seen", "source": "https://t.me/ctinow/201620", "content": "https://ift.tt/8YodQH4\nCVE-2024-28149", "creation_timestamp": "2024-03-06T18:26:46.000000Z"}]}