{"vulnerability": "CVE-2022-2928", "sightings": [{"uuid": "89751138-fb8b-439f-9922-52e31193fcd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29287", "type": "seen", "source": "https://t.me/cibsecurity/40979", "content": "\u203c CVE-2022-29287 \u203c\n\nKentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T07:20:39.000000Z"}, {"uuid": "3dd28d6d-0bff-42aa-8726-916e3f797663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29281", "type": "seen", "source": "https://t.me/cibsecurity/40974", "content": "\u203c CVE-2022-29281 \u203c\n\nNotable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:32.000000Z"}, {"uuid": "d51f9da0-4bbc-44fa-9159-039128921a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29286", "type": "seen", "source": "https://t.me/cibsecurity/46422", "content": "\u203c CVE-2022-29286 \u203c\n\nPexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T02:33:40.000000Z"}]}