{"vulnerability": "cve-2024-46049", "sightings": [{"uuid": "152954ca-5196-4dce-a4a3-4bc3ca1f6120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46049", "type": "seen", "source": "https://t.me/cyber_hsecurity/1615", "content": "\u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644:\n- \u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0627\u0644\u0625\u0635\u0644\u0627\u062d\u060c \u064a\u0645\u0643\u0646 \u0627\u0644\u0627\u0637\u0644\u0627\u0639 \u0639\u0644\u0649 [\u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0641\u064a GitHub](https://github.com/discourse/discourse/commit/188cb58daa833839c54c266ce22db150a3f3a210).\n\nALSED404:\nGG CISCO\n\u0627\u0633\u062a\u063a\u0644\u062a \u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u0635\u064a\u0646\u060c Velvet Ant\u060c \u200b\u200b\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 (CVE-2024-20399) \u0641\u064a \u0645\u0641\u0627\u062a\u064a\u062d Cisco \u0628\u0627\u0639\u062a\u0628\u0627\u0631\u0647\u0627 \u064a\u0648\u0645\u064b\u0627 \u0635\u0641\u0631\u064a\u064b\u0627 \u0644\u0644\u0633\u064a\u0637\u0631\u0629 \u0648\u0627\u0644\u062a\u0647\u0631\u0628 \u0645\u0646 \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html\n\nPayload:\nsite.tld/xyz/xyz/xyz/?path=../../../../../../../../../etc/passwd\n============================\n#ALSED404\n\n\u0643\u0634\u0641\u062a \u0634\u0631\u0643\u0629 \u062c\u0648\u062c\u0644 \u0639\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0646\u0634\u0637 \u0644\u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0645\u062a\u0635\u0641\u062d \u0643\u0631\u0648\u0645\u060c CVE-2024-7965\u060c \u0648\u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0635\u062d\u064a\u062d\u0647\u0627 \u0627\u0644\u0623\u0633\u0628\u0648\u0639 \u0627\u0644\u0645\u0627\u0636\u064a.\n\n\u0642\u062f \u064a\u0624\u062f\u064a \u0647\u0630\u0627 \u0627\u0644\u062e\u0644\u0644 \u0641\u064a \u0645\u062d\u0631\u0643 V8 \u0627\u0644\u062e\u0627\u0635 \u0628\u0645\u062a\u0635\u0641\u062d Chrome \u0625\u0644\u0649 \u062a\u0645\u0643\u064a\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0646 \u0628\u0639\u062f.\n\u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0632\u064a\u062f: https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html\n\u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b \u0645\u062a\u0635\u0641\u062d\u0643 \u0625\u0644\u0649 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0623\u062d\u062f\u062b.\n\nThe Smart Shadow:\n\ud83c\udd98CVE -2024-41109\n\u062a\u0648\u0641\u0631 \u062d\u0632\u0645\u0629 Admin Classic Bundle \u0645\u0646 Pimcore \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u062e\u0644\u0641\u064a\u0629 \u0644\u0628\u0631\u0646\u0627\u0645\u062c Pimcore. \u064a\u0624\u062f\u064a \u0627\u0644\u0627\u0646\u062a\u0642\u0627\u0644 \u0625\u0644\u0649 /admin/index/statistics \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0633\u062a\u062e\u062f\u0645 Pimcore \u0645\u0633\u062c\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u062a\u062b\u0628\u064a\u062a Pimcore \u0648\u0625\u0635\u062f\u0627\u0631 PHP \u0648\u0625\u0635\u062f\u0627\u0631 MYSQL \u0648\u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u0645\u062b\u0628\u062a\u0629 \u0648\u062c\u0645\u064a\u0639 \u062c\u062f\u0627\u0648\u0644 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0639\u062f\u062f \u0635\u0641\u0648\u0641\u0647\u0627 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645. \u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a 1.5.2 \u06481.4.6 \u06481.3.10.\n\n\ud83c\udd98CVE -2024-4188\n\u0642\u062f \u062a\u0633\u0645\u062d \u062b\u063a\u0631\u0629 \u0627\u0644\u0646\u0642\u0644 \u063a\u064a\u0631 \u0627\u0644\u0645\u062d\u0645\u064a \u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0641\u064a OpenText\u2122 Documentum\u2122 Server \u0628\u062d\u0634\u0648 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0639\u0644\u0649 Documentum\u2122 Server: \u0645\u0646 16.7 \u0625\u0644\u0649 23.4.\n\n\ud83d\udea8CVE -2024-34149\n\u0641\u064a Bitcoin Core \u062d\u062a\u0649 27.0 \u0648Bitcoin Knots \u0642\u0628\u0644 25.1.knots20231115\u060c \u064a\u0641\u062a\u0642\u0631 tapscript \u0625\u0644\u0649 \u0641\u062d\u0635 \u062d\u062f \u062d\u062c\u0645 \u0627\u0644\u0633\u064a\u0627\u0633\u0629\u060c \u0648\u0647\u064a \u0645\u0634\u0643\u0644\u0629 \u0645\u062e\u062a\u0644\u0641\u0629 \u0639\u0646 CVE-2023-50428. \u0645\u0644\u0627\u062d\u0638\u0629: \u062a\u0639\u0627\u0631\u0636 \u0628\u0639\u0636 \u0627\u0644\u0623\u0637\u0631\u0627\u0641 \u0641\u062d\u0635 \u0627\u0644\u062d\u062f \u0627\u0644\u062c\u062f\u064a\u062f \u0647\u0630\u0627 (\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0644\u0623\u0646\u0647\u0645 \u064a\u062a\u0641\u0642\u0648\u0646 \u0645\u0639 \u0627\u0644\u0647\u062f\u0641 \u0644\u0643\u0646\u0647\u0645 \u064a\u062e\u062a\u0644\u0641\u0648\u0646 \u0645\u0639 \u0627\u0644\u0622\u0644\u064a\u0629 \u0627\u0644\u0641\u0646\u064a\u0629\u060c \u0623\u0648 \u0644\u0623\u0646 \u0644\u062f\u064a\u0647\u0645 \u0647\u062f\u0641\u064b\u0627 \u0645\u062e\u062a\u0644\u0641\u064b\u0627).\n\n\ud83d\udea8CVE -2024-6904\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \u062d\u0631\u062c\u0629 \u0641\u064a SourceCodester Record Management System 1.0. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u062c\u0632\u0621 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 sort2_user.php. \u064a\u0624\u062f\u064a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062a\u0623\u0647\u064a\u0644 \u0627\u0644\u0648\u0633\u064a\u0637\u0629 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL. \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0628\u062f\u0621 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0646 \u0628\u0639\u062f. \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0639\u0627\u0645\u0629 \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u062a\u0645 \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0641 VDB-271929 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629.\n\nALSED404:\n\u062a\u0633\u062a\u063a\u0644 \u0645\u062c\u0645\u0648\u0639\u0629 Mustang Panda APT \u0628\u0631\u0646\u0627\u0645\u062c VS Code \u0644\u0627\u0633\u062a\u0647\u062f\u0627\u0641 \u062d\u0643\u0648\u0645\u0627\u062a \u062c\u0646\u0648\u0628 \u0634\u0631\u0642 \u0622\u0633\u064a\u0627. \u0648\u064a\u0633\u0645\u062d \u0647\u0630\u0627 \u0644\u0644\u0645\u062a\u0633\u0644\u0644\u064a\u0646 \u0628\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0646\u0634\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0639\u0628\u0631 \u0648\u0627\u062c\u0647\u0629 VS Code \u0627\u0644\u0639\u0643\u0633\u064a\u0629.\n\u0627\u0642\u0631\u0623 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2024/09/chinese-hackers-exploit-visual-studio.html\n\u0642\u0645 \u0628\u062a\u0639\u0632\u064a\u0632 \u0627\u0644\u062f\u0641\u0627\u0639\u0627\u062a \u0627\u0644\u0622\u0646 - \u0631\u0627\u0642\u0628 \u0647\u0630\u0647 \u0627\u0644\u062a\u0643\u062a\u064a\u0643\u0627\u062a!\n\nThe Smart Shadow:\n\ud83d\udea8CVE -2024-6904\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u0645 \u062a\u0635\u0646\u064a\u0641\u0647\u0627 \u0639\u0644\u0649 \u0623\u0646\u0647\u0627 \u062d\u0631\u062c\u0629 \u0641\u064a SourceCodester Record Management System 1.0. \u062a\u0624\u062b\u0631 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u062c\u0632\u0621 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641 \u0645\u0646 \u0627\u0644\u0645\u0644\u0641 sort2_user.php. \u064a\u0624\u062f\u064a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062a\u0623\u0647\u064a\u0644 \u0627\u0644\u0648\u0633\u064a\u0637\u0629 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL. \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0628\u062f\u0621 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0646 \u0628\u0639\u062f. \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0639\u0627\u0645\u0629 \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627. \u062a\u0645 \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0641 VDB-271929 \u0644\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629.\n\n\u062a\u0640\u0640\u0634\u0640\u0640\u0627\u0631\u0648\u0646\u1d9c\u02b0\u1d43\u02b3\u1d52\u207f\ud81a\udd54\u0f04:\n- CVE-2024-46049 - Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.\n\n- CVE-2024-46049 - \u064a\u062d\u062a\u0648\u064a \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u062b\u0627\u0628\u062a Tenda O6 V3.0 V1.0.0.7(2054) \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u062a\u062c\u0627\u0648\u0632 \u0633\u0639\u0629 \u0627\u0644\u0645\u0643\u062f\u0633 \u0641\u064a \u0648\u0638\u064a\u0641\u0629 formexeCommand.\n\nALSED404:\nCVE-2023-26324: \u062b\u063a\u0631\u0629 \u062a\u0646\u0641\u064a\u0630 \u0643\u0648\u062f \u0641\u064a \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps\n\u0645\u0627 \u0647\u064a \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n\u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 XiaomiGetApps\u060c \u0648\u0647\u0648 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0631\u0633\u0645\u064a \u0644\u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0639\u0644\u0649 \u0647\u0648\u0627\u062a\u0641 \u0634\u0627\u0648\u0645\u064a. \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0646\u0641\u064a\u0630 \u0623\u064a \u0643\u0648\u062f \u062e\u0628\u064a\u062b \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0636\u062d\u064a\u0629\u060c \u0645\u0645\u0627 \u064a\u0639\u0637\u064a\u0647\u0645 \u0633\u064a\u0637\u0631\u0629 \u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u064a\u0647.\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n\u062a\u062d\u062f\u062b \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u0633\u0628\u0628 \u0648\u062c\u0648\u062f \u062e\u0644\u0644 \u0641\u064a \u0622\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u062d\u0645\u064a\u0644\u0647\u0627 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642. \u0647\u0630\u0627 \u0627\u0644\u062e\u0644\u0644 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u0636\u0645\u064a\u0646 \u0643\u0648\u062f \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u062d\u0632\u0645\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u0648\u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0647\u0630\u0627 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631.\n\u0645\u0627 \u0647\u064a \u0627\u0644\u0645\u062e\u0627\u0637\u0631 \u0627\u0644\u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u061f\n * \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0648\u062c\u0648\u062f\u0629 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632\u060c \u0645\u062b\u0644 \u0627\u0644\u0635\u0648\u0631 \u0648\u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0648\u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0634\u062e\u0635\u064a\u0629.\n * \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632: \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0639\u0646 \u0628\u0639\u062f\u060c \u0648\u062a\u062b\u0628\u064a\u062a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0623\u062e\u0631\u0649\u060c \u0648\u062a\u063a\u064a\u064a\u0631 \u0627\u0644\u0625\u0639\u062f\u0627\u062f\u0627\u062a\u060c \u0648\u062d\u062a\u0649 \u062d\u0630\u0641 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.", "creation_timestamp": "2024-12-13T19:00:23.000000Z"}, {"uuid": "82b26e3d-7829-4cb6-8a74-b7e3b9c5c295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46049", "type": "seen", "source": "Telegram/ab6jlzxo4Kl2HZA4yYp3da36gM56Uyj3TZeh1xnhH4LWJx1M", "content": "", "creation_timestamp": "2024-09-20T03:26:06.000000Z"}, {"uuid": "4c916a16-5582-47ea-bd99-68ebb7c2c307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46049", "type": "seen", "source": "https://t.me/cvedetector/5599", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46049 - \"Tenda O6 Stack Overflow Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-46049 \nPublished : Sept. 13, 2024, 2:15 p.m. | 26\u00a0minutes ago \nDescription : Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T16:42:29.000000Z"}]}