{"vulnerability": "ghsa-x5q3-c8rm-w787", "sightings": [{"uuid": "56fd5ecf-f7cc-4cd4-ac50-c8da648df47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/1069", "content": "Tools - Hackers Factory \n\nAwesome MXSS\n\nhttps://github.com/msrkp/MXSS\n\nA list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\nhttps://github.com/netlas-io/netlas-dorks\n\nHashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.\n\nhttps://github.com/balestek/hashtray\n\nCLI tool for saving complete web pages as a single HTML file\n\nhttps://github.com/Y2Z/monolith\n\nExtract endpoints from APK files\n\nhttps://github.com/ndelphit/apkurlgrep\n\nTeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.\n\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\nPAM module may allow accessing with the credentials of another user\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-21T08:40:51.000000Z"}, {"uuid": "9d79d401-ed1d-4768-8884-141bf5b42df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7515", "content": "Tools - Hackers Factory \n\nAwesome MXSS\n\nhttps://github.com/msrkp/MXSS\n\nA list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\nhttps://github.com/netlas-io/netlas-dorks\n\nHashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.\n\nhttps://github.com/balestek/hashtray\n\nCLI tool for saving complete web pages as a single HTML file\n\nhttps://github.com/Y2Z/monolith\n\nExtract endpoints from APK files\n\nhttps://github.com/ndelphit/apkurlgrep\n\nTeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.\n\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\nPAM module may allow accessing with the credentials of another user\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-21T08:41:23.000000Z"}, {"uuid": "34e43562-8941-4117-98e0-17b6e9311d95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3794", "content": "Tools - Hackers Factory \n\nAwesome MXSS\n\nhttps://github.com/msrkp/MXSS\n\nA list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\nhttps://github.com/netlas-io/netlas-dorks\n\nHashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.\n\nhttps://github.com/balestek/hashtray\n\nCLI tool for saving complete web pages as a single HTML file\n\nhttps://github.com/Y2Z/monolith\n\nExtract endpoints from APK files\n\nhttps://github.com/ndelphit/apkurlgrep\n\nTeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.\n\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\nPAM module may allow accessing with the credentials of another user\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-21T08:41:14.000000Z"}, {"uuid": "8201f333-9469-4e39-b2cd-f7267d408737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/24108", "content": "Tools - Hackers Factory \n\nAwesome MXSS\n\nhttps://github.com/msrkp/MXSS\n\nA list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\nhttps://github.com/netlas-io/netlas-dorks\n\nHashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.\n\nhttps://github.com/balestek/hashtray\n\nCLI tool for saving complete web pages as a single HTML file\n\nhttps://github.com/Y2Z/monolith\n\nExtract endpoints from APK files\n\nhttps://github.com/ndelphit/apkurlgrep\n\nTeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.\n\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\nPAM module may allow accessing with the credentials of another user\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-21T08:41:30.000000Z"}, {"uuid": "e1bd7205-8f64-4ea2-b757-bc2fa93759b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8884", "content": "Tools - Hackers Factory \n\nAwesome MXSS\n\nhttps://github.com/msrkp/MXSS\n\nA list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\nhttps://github.com/netlas-io/netlas-dorks\n\nHashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.\n\nhttps://github.com/balestek/hashtray\n\nCLI tool for saving complete web pages as a single HTML file\n\nhttps://github.com/Y2Z/monolith\n\nExtract endpoints from APK files\n\nhttps://github.com/ndelphit/apkurlgrep\n\nTeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.\n\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\nPAM module may allow accessing with the credentials of another user\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-21T08:41:23.000000Z"}, {"uuid": "874d14f7-67f9-4486-8448-a3e5c3d3c423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/498", "content": "Tools - Hackers Factory \n\nAwesome MXSS\n\nhttps://github.com/msrkp/MXSS\n\nA list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to search for IoT elements, protocols, communication tools, remote access, and more. Over time, the list will grow.\n\nGet PROXY List that gets updated everyday\n\nhttps://github.com/TheSpeedX/PROXY-List\n\nhttps://github.com/netlas-io/netlas-dorks\n\nHashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an email address using a Gravatar account username or hash.\n\nhttps://github.com/balestek/hashtray\n\nCLI tool for saving complete web pages as a single HTML file\n\nhttps://github.com/Y2Z/monolith\n\nExtract endpoints from APK files\n\nhttps://github.com/ndelphit/apkurlgrep\n\nTeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.\n\nhttps://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481\n\nPAM module may allow accessing with the credentials of another user\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-10-21T08:41:30.000000Z"}, {"uuid": "7d16a3aa-4ad9-413a-ba03-f67758cdaa47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-X5Q3-C8RM-W787", "type": "published-proof-of-concept", "source": "https://t.me/cybersecs/3016", "content": "\u042f \u043e\u0431\u044b\u0447\u043d\u043e \u043d\u0435 \u0440\u0443\u0433\u0430\u044e\u0441\u044c, \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0442\u0443\u0442, \u043d\u043e \u044d\u0442\u043e \u043f\u0440\u043e\u0441\u0442\u043e \"\u0435\u0431\u0430\u043d\u044b\u0439 \u0441\u0442\u044b\u0434\"\n\nCVE-2024-9313 \nSeverity: High (8.8) \nOs: Ubuntu\nTarget : PAM module\nAffected versions: < 0.3.5\n\n\u0412 \u0434\u0432\u0443\u0445 \u0441\u043b\u043e\u0432\u0430\u0445, \u043c\u043e\u0436\u043d\u043e \u0432 su|sudo|sshd \u0432\u0432\u0435\u0441\u0442\u0438 \u0438\u043c\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u0430 \u043f\u0430\u0440\u043e\u043b\u044c \u0432\u0432\u0435\u0441\u0442\u0438 \u043e\u0442 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u0438 \u044d\u0442\u043e \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442....\n\u042d\u0442\u043e, \u0441\u0443\u0434\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443, \u043d\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0432\u0430\u0448\u0435\u0439 \u0434\u043e\u043c\u0430\u0448\u043d\u0435\u0439 \u0443\u0431\u0443\u043d\u0442\u044b, \u0440\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043f\u0440\u043e\n\nAuthd is an authentication daemon for cloud-based identity providers. It helps ensure the secure management of identity and access for Ubuntu machines anywhere in the world, on desktop and the server. Authd's modular design makes it a versatile authentication service that can integrate with multiple identity providers. MS Entra ID is currently supported and several other identity providers are under active development.\n\n, \u043d\u043e \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u044d\u0442\u043e \ud83e\udd26\u200d\u2642\ufe0f\ud83e\udd26\u200d\u2642\ufe0f\ud83e\udd26\u200d\u2642\ufe0f.\n\nhttps://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787", "creation_timestamp": "2024-10-04T19:49:36.000000Z"}]}