{"vulnerability": "cve-2022-2666", "sightings": [{"uuid": "74421324-d3c7-470c-852f-d70267bddbc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26661", "type": "seen", "source": "https://t.me/cibsecurity/38694", "content": "\u203c CVE-2022-26661 \u203c\n\nAn XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:22:55.000000Z"}, {"uuid": "95863377-985c-40fd-a73e-436eca63aba5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26669", "type": "seen", "source": "https://t.me/cibsecurity/44815", "content": "\u203c CVE-2022-26669 \u203c\n\nASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-20T12:26:22.000000Z"}, {"uuid": "e30d5d43-10c3-4eb0-a07a-d2a44431bcdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26668", "type": "seen", "source": "https://t.me/cibsecurity/44810", "content": "\u203c CVE-2022-26668 \u203c\n\nASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-20T12:26:16.000000Z"}, {"uuid": "9b4cfbdf-2ecf-43ee-8741-685f1a55f5d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26665", "type": "seen", "source": "https://t.me/cibsecurity/41011", "content": "\u203c CVE-2022-26665 \u203c\n\nAn Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20. This may allow an external party to access sensitive case records.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-18T18:23:24.000000Z"}, {"uuid": "718b6dc6-adea-40b6-a91e-d41587e36155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26667", "type": "seen", "source": "https://t.me/cibsecurity/39762", "content": "\u203c CVE-2022-26667 \u203c\n\nDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:36.000000Z"}, {"uuid": "94a2dc96-772c-46a3-a3e9-121af3f9d5ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26666", "type": "seen", "source": "https://t.me/cibsecurity/39759", "content": "\u203c CVE-2022-26666 \u203c\n\nDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:33.000000Z"}, {"uuid": "81e775c4-1c39-412a-a02d-60821ba1a53b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26660", "type": "seen", "source": "https://t.me/cibsecurity/39046", "content": "\u203c CVE-2022-26660 \u203c\n\nRunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T17:20:54.000000Z"}]}