{"vulnerability": "CVE-2024-5201", "sightings": [{"uuid": "ce027598-1e59-4ec3-b03d-3fd297657a53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "published-proof-of-concept", "source": "https://blog.securelayer7.net/cve-2024-52012-apache-solr-zip-slip-rce-attack/", "content": "", "creation_timestamp": "2026-04-09T04:00:00.000000Z"}, {"uuid": "f15534fe-9ba1-4777-b0db-6259fa734966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52014", "type": "seen", "source": "https://t.me/cvedetector/9883", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52014 - Netgear PPTP Stack Overflow DoS\", \n  \"Content\": \"CVE ID : CVE-2024-52014 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:12.000000Z"}, {"uuid": "83ba883e-a235-4059-8684-09b89b1dcbf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52019", "type": "seen", "source": "https://t.me/cvedetector/9880", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52019 - Netgear R8500 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52019 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:09.000000Z"}, {"uuid": "1ffab5db-ddd9-4d74-9d08-4ccccb522418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52017", "type": "seen", "source": "https://t.me/cvedetector/9886", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52017 - Netgear XR300 Stack Overflow DoS in Wireless Authentication\", \n  \"Content\": \"CVE ID : CVE-2024-52017 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:18.000000Z"}, {"uuid": "455c97f3-5d03-44fb-8e7c-a004c7aa7e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52013", "type": "seen", "source": "https://t.me/cvedetector/9884", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52013 - Netgear PPTP Stack Overflow DoS\", \n  \"Content\": \"CVE ID : CVE-2024-52013 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:16.000000Z"}, {"uuid": "728247d4-4acf-41f4-9f91-1252e50f76da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52018", "type": "seen", "source": "https://t.me/cvedetector/9879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52018 - Netgear XR300 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52018 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:08.000000Z"}, {"uuid": "e05b1ea6-c924-46c3-8fc9-ac622f5f65a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52016", "type": "seen", "source": "https://t.me/cvedetector/9878", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52016 - Netgear Netgear Multiple Stack Overflow Vulnerabilities\", \n  \"Content\": \"CVE ID : CVE-2024-52016 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:04.000000Z"}, {"uuid": "ac5a26b0-87ea-4cf1-9af7-25770f94ebb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52015", "type": "seen", "source": "https://t.me/cvedetector/9877", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52015 - Netgear PPTP Stack Overflow DoS\", \n  \"Content\": \"CVE ID : CVE-2024-52015 \nPublished : Nov. 5, 2024, 3:15 p.m. | 40\u00a0minutes ago \nDescription : Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T17:13:03.000000Z"}, {"uuid": "1827b1d2-5889-49b1-90cf-c50fe0729a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpm4e7jvk2r", "content": "", "creation_timestamp": "2025-01-27T09:15:32.515514Z"}, {"uuid": "a53dcaf0-d91f-40db-9164-965b418a7e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lgpx52oyws22", "content": "", "creation_timestamp": "2025-01-27T12:32:50.231480Z"}, {"uuid": "1b35919f-75b4-4104-b6db-7bc7c35d2e12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpy3rlhua2h", "content": "", "creation_timestamp": "2025-01-27T12:49:57.658070Z"}, {"uuid": "ea2527f4-0274-4c35-b263-5e051194b40f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113900760592649826", "content": "", "creation_timestamp": "2025-01-27T14:21:21.313816Z"}, {"uuid": "c0a60d09-323a-4b15-baa7-7ce06803bad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgni6bsoic22", "content": "", "creation_timestamp": "2025-01-26T12:59:42.580431Z"}, {"uuid": "e62226e8-a6cb-490e-8a1a-91fb51e3d700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://t.me/cvedetector/16447", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52012 - Apache Solr Relative Path Traversal Zip Slip\", \n  \"Content\": \"CVE ID : CVE-2024-52012 \nPublished : Jan. 27, 2025, 9:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Relative Path Traversal vulnerability in Apache Solr.  \n  \nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.\u00a0 Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.\u00a0\u00a0  \nThis issue affects Apache Solr: from 6.6 through 9.7.0.  \n  \nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.\u00a0 Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T11:48:52.000000Z"}, {"uuid": "3993dd36-8377-4772-8588-d10a61d7d958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52010", "type": "seen", "source": "https://t.me/cvedetector/10660", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52010 - Zoraxy Web SSH Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-52010 \nPublished : Nov. 12, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In HandleCreateProxySession the request to create an SSH session is handled. An attacker can exploit the username variable to escape from the bash command and inject arbitrary commands into sshCommand. This is possible, because, unlike hostname and port, the username is not validated or sanitized. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:53:43.000000Z"}, {"uuid": "478e8169-74be-4819-b766-db9f5b240fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52010", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470946887369739", "content": "", "creation_timestamp": "2024-11-12T16:34:03.849774Z"}, {"uuid": "4627832d-ae95-4f1a-8fa6-b1b458865880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lgsrkq7gq32n", "content": "", "creation_timestamp": "2025-01-28T15:31:03.281333Z"}, {"uuid": "7b20b084-269f-4f60-86dd-591b7b067a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7", "content": "", "creation_timestamp": "2026-06-03T18:51:02.000000Z"}, {"uuid": "08000e06-87df-4fab-8dd7-ac4b4dc8b60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7", "content": "", "creation_timestamp": "2026-06-03T19:00:57.000000Z"}, {"uuid": "21ebf5b9-8aba-4a33-a51a-1243b57c2df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113899482179871247", "content": "", "creation_timestamp": "2025-01-27T08:56:13.482898Z"}]}