{"vulnerability": "CVE-2024-49681", "sightings": [{"uuid": "3beb3939-7fad-4b22-8720-b4bdade5e6b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/GrayHatsHack/9113", "content": "Tools - Hackers Factory \n\n#Purple_Team_Exercises\n\nPurple Team Exercise Framework (PTEF)\n\nhttps://github.com/scythe-io/purple-team-exercise-framework\n\nA new sandbox escape vulnerabilities at #POC2024\n \nblog post: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/\n\nSlides:\nhttps://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf\n\n#exploit\n\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\n\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\n\nhttps://github.com/imnotcha0s/CVE-2024-10914\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK\u00ae framework.\n\nhttps://github.com/cisagov/decider\n\n#HackersFactory", "creation_timestamp": "2024-12-10T04:28:56.000000Z"}, {"uuid": "01d702ff-31b1-4c9f-936a-2cfcdfc4fca4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/GrayHatsHack/7706", "content": "Tools - Hackers Factory \n\n#Purple_Team_Exercises\n\nPurple Team Exercise Framework (PTEF)\n\nhttps://github.com/scythe-io/purple-team-exercise-framework\n\nA new sandbox escape vulnerabilities at #POC2024\n \nblog post: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/\n\nSlides:\nhttps://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf\n\n#exploit\n\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\n\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\n\nhttps://github.com/imnotcha0s/CVE-2024-10914\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK\u00ae framework.\n\nhttps://github.com/cisagov/decider\n\n#HackersFactory", "creation_timestamp": "2024-12-10T04:28:56.000000Z"}, {"uuid": "c50a117a-1ea9-4259-9dc7-f21d905ff24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11414", "content": "#exploit\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\nhttps://github.com/imnotcha0s/CVE-2024-10914\n]-> Exploitation + Fix\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\nhttps://github.com/RandomRobbieBF/CVE-2024-50483", "creation_timestamp": "2025-01-15T00:36:56.000000Z"}, {"uuid": "8e457089-1bb6-4d5a-a35b-f2a80e9490d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/CyberDilara/1286", "content": "Tools - Hackers Factory \n\n#Purple_Team_Exercises\n\nPurple Team Exercise Framework (PTEF)\n\nhttps://github.com/scythe-io/purple-team-exercise-framework\n\nA new sandbox escape vulnerabilities at #POC2024\n \nblog post: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/\n\nSlides:\nhttps://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf\n\n#exploit\n\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\n\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\n\nhttps://github.com/imnotcha0s/CVE-2024-10914\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK\u00ae framework.\n\nhttps://github.com/cisagov/decider\n\n#HackersFactory", "creation_timestamp": "2024-12-08T03:36:04.000000Z"}, {"uuid": "9ebe82b2-4755-4e0a-a003-5bf753ac9cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/GrayHatsHack/7705", "content": "Tools - Hackers Factory \n\n#Purple_Team_Exercises\n\nPurple Team Exercise Framework (PTEF)\n\nhttps://github.com/scythe-io/purple-team-exercise-framework\n\nA new sandbox escape vulnerabilities at #POC2024\n \nblog post: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/\n\nSlides:\nhttps://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf\n\n#exploit\n\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\n\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\n\nhttps://github.com/imnotcha0s/CVE-2024-10914\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK\u00ae framework.\n\nhttps://github.com/cisagov/decider\n\n#HackersFactory", "creation_timestamp": "2024-12-08T03:49:57.000000Z"}, {"uuid": "f96d79dc-6a82-4807-8c75-ba87ad5ccd26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/cvedetector/8796", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49681 - SWIT WP Sessions Time Monitoring Full Automatic SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49681 \nPublished : Oct. 24, 2024, 12:15 p.m. | 39\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-24T15:08:51.000000Z"}, {"uuid": "e0e1571c-b168-40b3-ab14-6e5474188db0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/GrayHatsHack/9111", "content": "Tools - Hackers Factory \n\n#Purple_Team_Exercises\n\nPurple Team Exercise Framework (PTEF)\n\nhttps://github.com/scythe-io/purple-team-exercise-framework\n\nA new sandbox escape vulnerabilities at #POC2024\n \nblog post: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/\n\nSlides:\nhttps://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf\n\n#exploit\n\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\n\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\n\nhttps://github.com/imnotcha0s/CVE-2024-10914\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK\u00ae framework.\n\nhttps://github.com/cisagov/decider\n\n#HackersFactory", "creation_timestamp": "2024-12-08T03:49:57.000000Z"}, {"uuid": "c5df7ef2-819b-42bb-8f23-617a4c50fe10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49681", "type": "seen", "source": "https://t.me/dilagrafie/3963", "content": "Tools - Hackers Factory \n\n#Purple_Team_Exercises\n\nPurple Team Exercise Framework (PTEF)\n\nhttps://github.com/scythe-io/purple-team-exercise-framework\n\nA new sandbox escape vulnerabilities at #POC2024\n \nblog post: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/\n\nSlides:\nhttps://github.com/jhftss/jhftss.github.io/blob/main/res/slides/A%20New%20Era%20of%20macOS%20Sandbox%20Escapes.pdf\n\n#exploit\n\n1. CVE-2024-49681:\nWP Sessions Time Monitoring Full Automatic <=1.0.9 - Unauthenticated SQLI\n\nhttps://github.com/RandomRobbieBF/CVE-2024-49681\n\n2. CVE-2024-10914:\nD-Link NAS Command Injection\n\nhttps://github.com/imnotcha0s/CVE-2024-10914\n\n3. CVE-2024-50483:\nWP Meetup 0.1 Authentication Bypass\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK\u00ae framework.\n\nhttps://github.com/cisagov/decider\n\n#HackersFactory", "creation_timestamp": "2024-12-08T03:37:01.000000Z"}]}