{"vulnerability": "CVE-2022-2273", "sightings": [{"uuid": "8c96fbe9-087b-4336-9f32-4bec7ab0f2fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22730", "type": "seen", "source": "https://t.me/cibsecurity/48392", "content": "\u203c CVE-2022-22730 \u203c\n\nImproper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:16:53.000000Z"}, {"uuid": "9996a9d3-cb39-4278-a1cb-c77a64ee3fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22736", "type": "seen", "source": "https://t.me/cibsecurity/55161", "content": "\u203c CVE-2022-22736 \u203c\n\nIf Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:23:55.000000Z"}, {"uuid": "0a9d6761-e08f-493d-9025-5bfc90e27d47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22737", "type": "seen", "source": "https://t.me/cibsecurity/55191", "content": "\u203c CVE-2022-22737 \u203c\n\nConstructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:30:11.000000Z"}, {"uuid": "9c1755c3-344c-4da4-b46e-d57bb41ca44c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22731", "type": "seen", "source": "https://t.me/cibsecurity/57199", "content": "\u203c CVE-2022-22731 \u203c\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:50:48.000000Z"}, {"uuid": "755d140c-dc2f-4cbf-8d4c-eacef0f6de62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22732", "type": "seen", "source": "https://t.me/cibsecurity/57188", "content": "\u203c CVE-2022-22732 \u203c\n\nA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T02:42:57.000000Z"}, {"uuid": "068118f0-2c39-4bbf-9a91-2c48e03873dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22734", "type": "seen", "source": "https://t.me/cibsecurity/38879", "content": "\u203c CVE-2022-22734 \u203c\n\nThe Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-14T17:18:35.000000Z"}, {"uuid": "47a60f07-cd86-4a9c-95db-f3a5e78364db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2273", "type": "seen", "source": "https://t.me/cibsecurity/47327", "content": "\u203c CVE-2022-2273 \u203c\n\nThe Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-01T16:17:09.000000Z"}, {"uuid": "9781b32a-1c5c-4ae4-82ad-34621776c1c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22735", "type": "seen", "source": "https://t.me/cibsecurity/38871", "content": "\u203c CVE-2022-22735 \u203c\n\nThe Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-14T17:18:25.000000Z"}, {"uuid": "ff1d0b85-1694-4a7e-9bc2-a20e33ef9e01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22733", "type": "seen", "source": "https://t.me/cibsecurity/35916", "content": "\u203c CVE-2022-22733 \u203c\n\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-20T14:16:41.000000Z"}, {"uuid": "50d764c1-b505-4799-9cf6-121724b4d0be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-22733", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10292", "content": "#exploit\nCVE-2022-22733:\nApache ShardingSphere ElasticJob-UI Privilege Escalation & RCE Exploit\nhttps://github.com/Zeyad-Azima/CVE-2022-22733", "creation_timestamp": "2024-11-19T17:52:15.000000Z"}]}