{"vulnerability": "CVE-2022-2316", "sightings": [{"uuid": "3996dfe6-3906-4654-b4f4-97766a67efe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2316", "type": "seen", "source": "https://t.me/cibsecurity/45696", "content": "\u203c CVE-2022-2316 \u203c\n\nHTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T22:14:36.000000Z"}, {"uuid": "441d049e-95f4-4f6a-b9af-1731bbb240b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23166", "type": "seen", "source": "https://t.me/cibsecurity/42565", "content": "\u203c CVE-2022-23166 \u203c\n\nSysaid \u00e2\u20ac\u201c Sysaid Local File Inclusion (LFI) \u00e2\u20ac\u201c An unauthenticated attacker can access to the system by accessing to \"/lib/tinymce/examples/index.html\" path. in the \"Insert/Edit Embedded Media\" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:27.000000Z"}, {"uuid": "4499d1fd-fd0a-475f-9c84-12b356e55d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23168", "type": "seen", "source": "https://t.me/cibsecurity/44313", "content": "\u203c CVE-2022-23168 \u203c\n\nThe attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T20:17:04.000000Z"}, {"uuid": "b7672950-a025-4bd7-aa29-c287ec126068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23160", "type": "seen", "source": "https://t.me/cibsecurity/40663", "content": "\u203c CVE-2022-23160 \u203c\n\nDell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:03.000000Z"}, {"uuid": "a6764b61-1a60-4f64-b750-e63ad53d0b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23165", "type": "seen", "source": "https://t.me/cibsecurity/42559", "content": "\u203c CVE-2022-23165 \u203c\n\nSysaid \u00e2\u20ac\u201c Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter \"helpPageName\" used by the page \"/help/treecontent.jsp\" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T00:42:22.000000Z"}, {"uuid": "ce4a9094-d4e6-455a-b627-669ba979de16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23167", "type": "seen", "source": "https://t.me/cibsecurity/44322", "content": "\u203c CVE-2022-23167 \u203c\n\nAttacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T20:17:16.000000Z"}, {"uuid": "c03c7193-5246-4a66-828f-9d71063a7461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23169", "type": "seen", "source": "https://t.me/cibsecurity/44320", "content": "\u203c CVE-2022-23169 \u203c\n\nattacker needs to craft a SQL payload. the vulnerable parameter is \"agentid\" must be authenticated to the admin panel.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T20:17:14.000000Z"}, {"uuid": "a76d8d56-a7fe-4a77-a47f-fc52d500d3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23163", "type": "seen", "source": "https://t.me/cibsecurity/40662", "content": "\u203c CVE-2022-23163 \u203c\n\nDell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:01.000000Z"}, {"uuid": "bc90b678-8a94-433a-878e-26c8b06c5f34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23161", "type": "seen", "source": "https://t.me/cibsecurity/40675", "content": "\u203c CVE-2022-23161 \u203c\n\nDell PowerScale OneFS versions 8.2.x - 9.3.0.x contains a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. (of course this is temporary and will need to be adapted/reviewed as we determine the CWE with Srisimha Tummala 's help)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T22:17:17.000000Z"}]}