{"vulnerability": "cve-2022-2557", "sightings": [{"uuid": "eb804993-43e2-4003-9140-1384b0ae58c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25578", "type": "seen", "source": "https://t.me/cibsecurity/39287", "content": "\u203c CVE-2022-25578 \u203c\n\ntaocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-19T01:23:20.000000Z"}, {"uuid": "7b22ca45-fd4a-4a3e-9887-867f564410f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25574", "type": "seen", "source": "https://t.me/cibsecurity/39547", "content": "\u203c CVE-2022-25574 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T19:30:57.000000Z"}, {"uuid": "583b9df4-f813-4256-bd22-8b7177b347b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25574", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3625", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aTOP All bugbounty pentesting CVE-2022- POC Exp  RCE example payload  Things\nURL\uff1ahttps://github.com/Live-Hack-CVE/CVE-2022-25574\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-24T08:23:35.000000Z"}, {"uuid": "f46d4318-ab88-4695-bbe7-affe6455f811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25574", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2565", "content": "#CVE-2022\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-20607\n\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-4646\n\nPoC for the CVE-2022-41082 Vulnerability Effecting Microsoft Exchange Servers\n\nhttps://github.com/balki97/CVE-2022-41082-POC\n\nCVE-2022-2602\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\nCVE-2022-2602\nhttps://github.com/Live-Hack-CVE/CVE-2022-4633\n\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-25574\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-36966\n\n@BlueRedTeam", "creation_timestamp": "2023-01-29T12:39:15.000000Z"}, {"uuid": "d2b420f3-61b6-446b-8522-3ba2f729e301", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2557", "type": "seen", "source": "https://t.me/cibsecurity/48485", "content": "\u203c CVE-2022-2557 \u203c\n\nThe Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:20:39.000000Z"}, {"uuid": "4ecc41e9-3dde-4a39-bce7-a2a240ab3907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25570", "type": "seen", "source": "https://t.me/cibsecurity/39305", "content": "\u203c CVE-2022-25570 \u203c\n\nIn Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T15:26:05.000000Z"}, {"uuid": "beda015f-1610-4813-ab24-d63a64a6c2f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25576", "type": "seen", "source": "https://t.me/cibsecurity/39523", "content": "\u203c CVE-2022-25576 \u203c\n\nAnchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T01:30:05.000000Z"}, {"uuid": "eff4dbf4-1411-4a55-bb21-3f05ccca57e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25571", "type": "seen", "source": "https://t.me/cibsecurity/39516", "content": "\u203c CVE-2022-25571 \u203c\n\nBluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-24T23:29:57.000000Z"}, {"uuid": "6752f56b-e23d-4767-bd36-61b7639c2969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25577", "type": "seen", "source": "https://t.me/cibsecurity/39545", "content": "\u203c CVE-2022-25577 \u203c\n\nALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T19:30:54.000000Z"}, {"uuid": "a43b51bd-a7d0-4f5e-8146-7f5a9089b765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25575", "type": "seen", "source": "https://t.me/cibsecurity/39522", "content": "\u203c CVE-2022-25575 \u203c\n\nMultiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T01:30:01.000000Z"}]}