{"vulnerability": "cve-2022-4633", "sightings": [{"uuid": "b32ae314-975e-4651-9aae-c13174a672f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4633", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2565", "content": "#CVE-2022\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-20607\n\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-4646\n\nPoC for the CVE-2022-41082 Vulnerability Effecting Microsoft Exchange Servers\n\nhttps://github.com/balki97/CVE-2022-41082-POC\n\nCVE-2022-2602\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\nCVE-2022-2602\nhttps://github.com/Live-Hack-CVE/CVE-2022-4633\n\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-25574\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM\n\nhttps://github.com/Live-Hack-CVE/CVE-2022-36966\n\n@BlueRedTeam", "creation_timestamp": "2023-01-29T12:39:15.000000Z"}, {"uuid": "81d56154-9504-4907-be65-62b4d3c6f64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46330", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7516", "content": "#Threat_Research\n1. Exploit Party: Bring Your Own Vulnerable Driver Attacks\nhttps://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack\n2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)\nhttps://archcloudlabs.com/projects/cve-2022-46330", "creation_timestamp": "2023-01-09T11:01:39.000000Z"}, {"uuid": "aacb53a3-af96-4a1d-8fcf-ec6aab6ad668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46331", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7928", "content": "#SCADA_Security\nHacking ICS Historians:\nThe Pivot Point from IT to OT  (CVE-2022-46732, CVE-2022-46660, CVE-2022-43494, CVE-2022-46331, CVE-2022-38469)\nhttps://claroty.com/team82/research/hacking-ics-historians-the-pivot-point-from-it-to-ot", "creation_timestamp": "2023-03-15T11:02:01.000000Z"}, {"uuid": "2d0f4e2b-e935-4b60-a23f-a186683debb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46338", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46338\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.\n\ud83d\udccf Published: 2022-11-30T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-24T18:53:54.653Z\n\ud83d\udd17 References:\n1. https://github.com/MatMoul/g810-led/pull/297\n2. https://bugs.debian.org/1024998\n3. https://lists.debian.org/debian-lts-announce/2022/12/msg00002.html", "creation_timestamp": "2025-04-24T19:06:37.000000Z"}, {"uuid": "24d5d359-8d0d-4687-86d9-f380bc912d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46332", "type": "seen", "source": "https://t.me/cibsecurity/54097", "content": "\u203c CVE-2022-46332 \u203c\n\nThe Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T22:49:42.000000Z"}, {"uuid": "612fc04a-e344-42a0-bdde-8d199fc57ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46338", "type": "seen", "source": "https://t.me/cibsecurity/53704", "content": "\u203c CVE-2022-46338 \u203c\n\ng810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T12:34:29.000000Z"}, {"uuid": "c73e1877-62b2-414e-b711-ce347d5b211c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46334", "type": "seen", "source": "https://t.me/cibsecurity/55093", "content": "\u203c CVE-2022-46334 \u203c\n\nProofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T00:13:14.000000Z"}, {"uuid": "47f390a3-10ca-48aa-bc34-ffc864695009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46331", "type": "published-proof-of-concept", "source": "Telegram/H5Dkkha3Th8jseqkeGc7uOUCt_0lfInetyOoX5ljpqSECpk", "content": "", "creation_timestamp": "2023-03-15T13:15:26.000000Z"}, {"uuid": "f0198d41-9d2e-4c4e-bc61-0aa155efe6fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46330", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2180", "content": "#Threat_Research\n1. Exploit Party: Bring Your Own Vulnerable Driver Attacks\nhttps://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack\n2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)\nhttps://archcloudlabs.com/projects/cve-2022-46330", "creation_timestamp": "2023-01-10T14:19:10.000000Z"}, {"uuid": "2b86c1b5-9c5d-49f3-9e0f-7ce37dcb400d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4633", "type": "seen", "source": "https://t.me/cibsecurity/55084", "content": "\u203c CVE-2022-4633 \u203c\n\nA vulnerability was found in Auto Upload Images 3.3.1 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.2 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T22:13:15.000000Z"}, {"uuid": "e07ed9c7-88c5-4901-a516-9d5326149abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46337", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:45.000000Z"}, {"uuid": "a50f0dea-bf25-4597-9987-478e1c5afcd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4633", "type": "seen", "source": "https://t.me/GithubRedTeam/3624", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-2602\nURL\uff1ahttps://github.com/Live-Hack-CVE/CVE-2022-4633\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-22T12:25:58.000000Z"}, {"uuid": "7641b260-158e-44f7-a8aa-c5974f33afee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46333", "type": "seen", "source": "https://t.me/cibsecurity/54095", "content": "\u203c CVE-2022-46333 \u203c\n\nThe admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T22:41:03.000000Z"}, {"uuid": "2835030d-d2f6-44c6-a4eb-cd61e4cc03d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46330", "type": "seen", "source": "https://t.me/cibsecurity/55047", "content": "\u203c CVE-2022-46330 \u203c\n\nSquirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-21T12:13:32.000000Z"}]}