{"vulnerability": "CVE-2022-2933", "sightings": [{"uuid": "02758df6-1309-4ba2-af83-3a6c29456970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29332", "type": "seen", "source": "https://t.me/cibsecurity/42824", "content": "\u203c CVE-2022-29332 \u203c\n\nD-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the \"../../../../\" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-17T18:27:54.000000Z"}, {"uuid": "7dde358a-bd7c-4356-8b0a-fbe6023a2c71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29330", "type": "seen", "source": "https://t.me/cibsecurity/45108", "content": "\u203c CVE-2022-29330 \u203c\n\nMissing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-24T20:31:12.000000Z"}, {"uuid": "5eca7a6e-6256-4f84-9145-394526c9c308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29334", "type": "seen", "source": "https://t.me/cibsecurity/43309", "content": "\u203c CVE-2022-29334 \u203c\n\nAn issue in H v1.0 allows attackers to bypass authentication via a session replay attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T02:42:27.000000Z"}, {"uuid": "28d5bbf7-c50b-4690-86f1-c05b883b4b96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29337", "type": "seen", "source": "https://t.me/cibsecurity/43307", "content": "\u203c CVE-2022-29337 \u203c\n\nC-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T02:42:24.000000Z"}, {"uuid": "7715650d-e7d2-48c0-88ac-99ffd5d9f179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29333", "type": "seen", "source": "https://t.me/cibsecurity/43304", "content": "\u203c CVE-2022-29333 \u203c\n\nA vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-25T00:37:11.000000Z"}, {"uuid": "8e8ed2ca-9d1e-4b25-bd95-c7eaabf9d57b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29339", "type": "seen", "source": "https://t.me/cibsecurity/41982", "content": "\u203c CVE-2022-29339 \u203c\n\nIn GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-05T16:54:55.000000Z"}, {"uuid": "b62cc77a-4639-45af-93eb-dcaa2cdbcc11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29337", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2284", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aAtlassian Jira Seraph Authentication Bypass RCE\uff08CVE-2022-0540\uff09\nURL\uff1ahttps://github.com/exploitwritter/CVE-2022-29337\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-25T13:05:43.000000Z"}, {"uuid": "964f00fb-3770-4158-a90b-ccbb25aed0eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2933", "type": "seen", "source": "https://t.me/cibsecurity/57572", "content": "\u203c CVE-2022-2933 \u203c\n\nThe 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-06T22:23:22.000000Z"}]}