{"vulnerability": "CVE-2024-39205", "sightings": [{"uuid": "aaec14f8-8b32-484e-a046-1924c01b7214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "seen", "source": "https://t.me/cvedetector/9181", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39205 - Vulnerability Title: Pyload-ng Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-39205 \nPublished : Oct. 28, 2024, 8:15 p.m. | 42\u00a0minutes ago \nDescription : An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T22:01:38.000000Z"}, {"uuid": "8df4398d-00ad-4d12-bc76-aa5201a19fee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1225", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T08:10:56.000000Z"}, {"uuid": "1fb7dd00-cf3e-4184-a716-7a0401720950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/154237", "content": "CVE-2024-39205\n*\nPyload (\u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Python3.11 \u0438\u043b\u0438 \u043d\u0438\u0436\u0435) \u0443\u044f\u0437\u0432\u0438\u043c \u043a RCE\n*\nExploit", "creation_timestamp": "2024-11-01T11:56:41.000000Z"}, {"uuid": "972a55e8-a5e9-4b55-a5a9-bd6fef4631da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24794", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:59:09.000000Z"}, {"uuid": "481167c6-c1ef-4cf7-ba7a-e88bda686cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/607", "content": "CVE-2024-39205\n*\nPyload (\u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Python3.11 \u0438\u043b\u0438 \u043d\u0438\u0436\u0435) \u0443\u044f\u0437\u0432\u0438\u043c \u043a RCE\n*\nExploit", "creation_timestamp": "2024-11-01T11:56:41.000000Z"}, {"uuid": "0a018848-5363-439f-86b2-59befd523742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4876", "content": "#exploit\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512", "creation_timestamp": "2024-10-27T16:49:25.000000Z"}, {"uuid": "634d7de9-fc69-454d-8b3a-0bda35ec573b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb", "content": "", "creation_timestamp": "2024-11-15T14:30:41.000000Z"}, {"uuid": "c4c1696d-b2b4-4c31-ae5f-73a749a41df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "Telegram/L38WC5Z6StDAbVGWur3J1et47qVqp8n45yINKLUpuArTxNY", "content": "", "creation_timestamp": "2025-12-23T15:00:07.000000Z"}, {"uuid": "583d286b-4e46-4b60-ad4d-34cd80f20f0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8488", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPyload Remote RCE via js2py sandbox escape\nURL\uff1ahttps://github.com/Marven11/CVE-2024-39205-Pyload-Remote-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-09T02:35:15.000000Z"}, {"uuid": "4fe7cbc9-d9ac-46b8-bd83-34baab7c8953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "seen", "source": "https://packetstormsecurity.com/files/182692/pyload_js2py_cve_2024_39205.rb.txt", "content": "", "creation_timestamp": "2024-11-18T14:11:17.000000Z"}, {"uuid": "46e84e71-ffee-4847-b1e7-fac0621b7e1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:03.000000Z"}, {"uuid": "111a11b3-75fa-438b-b71e-af3cb3231239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/9041", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:58:58.000000Z"}, {"uuid": "998cbe8a-76f2-4ed4-857a-d0cd31d0af8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3909", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T04:19:04.000000Z"}, {"uuid": "c7b69f1a-2a5f-4daf-9c4d-003ca4adc7a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2354", "content": "CVE-2024-39205\n*\nPyload (\u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Python3.11 \u0438\u043b\u0438 \u043d\u0438\u0436\u0435) \u0443\u044f\u0437\u0432\u0438\u043c \u043a RCE\n*\nExploit", "creation_timestamp": "2024-11-01T05:09:28.000000Z"}, {"uuid": "eae763e4-ee33-416a-bea0-28450dddd669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7649", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:58:58.000000Z"}, {"uuid": "1a5fa2ae-f7f1-42e1-abc2-d9335c8e8e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3366", "content": "https://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\nRemote code execution by download to /.pyload/scripts using /flashgot API CVE-2024-39205\n\n#github #poc #exploit", "creation_timestamp": "2024-10-27T12:18:42.000000Z"}, {"uuid": "2ddcc11b-7db8-4920-bb70-d43fdc6b99fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11344", "content": "#exploit\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512", "creation_timestamp": "2024-10-28T13:32:54.000000Z"}, {"uuid": "2e0cbac1-d2f8-409f-8b6d-aed2ffe40f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/739", "content": "Tools - Hackers Factory \n\nDetect It Easy, or abbreviated \"DIE\" is a program for determining types of files.\n\nhttps://github.com/horsicq/Detect-It-Easy\n\n#Exploit\n\n1. CVE-2024-39205:\nPyload RCE with js2py sandbox escape\nhttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n2. CVE-2024-40431,\nCVE-2022-25477 - 25480:\nVulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver)\nhttps://github.com/zwclose/realteksd\n\n3. CVE-2024-1512:\nSQLI in MasterStudy LMS WP Plugin\nhttps://github.com/rat-c/CVE-2024-1512\n\nSemi-automatic OSINT framework and package manager\n\nhttps://github.com/kpcyrd/sn0int\n\nAn Instagram tracker that logs any changes to an Instagram account (followers, following, posts, and bio)\n\nhttps://github.com/ibnaleem/instatracker\n\n#HackersFactory", "creation_timestamp": "2024-11-21T07:59:09.000000Z"}, {"uuid": "7f6996e0-1ee8-47bc-93f5-c508a3e0bd87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "2555b1b7-aab5-4464-b04d-bfb3f1be496b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:03.000000Z"}, {"uuid": "5af755f9-f599-480b-9157-af9a0f0bbaab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-39205", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8843", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPyload RCE with js2py sandbox escape \nURL\uff1ahttps://github.com/Marven11/CVE-2024-39205-Pyload-RCE\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-10-26T01:04:05.000000Z"}]}