{"vulnerability": "CVE-2022-2361", "sightings": [{"uuid": "b9a4a02a-14cf-47ab-a50f-6d62b7647c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23614", "type": "published-proof-of-concept", "source": "Telegram/BnM5S5zNNeaAgZhmsQ5GC58SGsVwUigmzA5S5tsXcbsUcw", "content": "", "creation_timestamp": "2022-07-19T12:12:47.000000Z"}, {"uuid": "9823cac7-1d33-4dd2-ac62-574a818449f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23614", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2730", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for CVE-2022-23614 (Twig sort filter code execution)\nURL\uff1ahttps://github.com/davwwwx/CVE-2022-23614\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-18T10:17:49.000000Z"}, {"uuid": "263cf28c-132a-44b8-963b-ac7844d942c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23614", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2240", "content": "#CVE-2022\n\nPoC for CVE-2022-23614 (Twig sort filter code execution)\n\nhttps://github.com/davwwwx/CVE-2022-23614\n\n@BlueRedTeam", "creation_timestamp": "2022-07-18T20:59:35.000000Z"}, {"uuid": "2d4d2a85-3882-4f70-9b70-d4a057a365a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23614", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/341", "content": "CVE-2022-23614 : PHP Twig \"sort\" filter code execution - sandbox bypass\nhttps://github.com/davwwwx/CVE-2022-23614", "creation_timestamp": "2022-07-19T13:14:02.000000Z"}, {"uuid": "9c01459e-db26-4e88-8b05-7376ee085d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23619", "type": "seen", "source": "https://t.me/cibsecurity/37131", "content": "\u203c CVE-2022-23619 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the \"Forgot your password\" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T00:13:23.000000Z"}, {"uuid": "43a7ff6c-1ba9-44e7-b2fb-5a98cdb20081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23615", "type": "seen", "source": "https://t.me/cibsecurity/37128", "content": "\u203c CVE-2022-23615 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T00:13:19.000000Z"}, {"uuid": "2d7aa022-65c4-438f-be2a-f7d075977e7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23618", "type": "seen", "source": "https://t.me/cibsecurity/37127", "content": "\u203c CVE-2022-23618 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T00:13:17.000000Z"}, {"uuid": "06fd4187-b491-4097-b907-c160505ba65e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23616", "type": "seen", "source": "https://t.me/cibsecurity/37125", "content": "\u203c CVE-2022-23616 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T00:13:14.000000Z"}, {"uuid": "b95985f8-8d7d-4d7a-99ab-ef1cc11bbdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23617", "type": "seen", "source": "https://t.me/cibsecurity/37124", "content": "\u203c CVE-2022-23617 \u203c\n\nXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-10T00:13:12.000000Z"}, {"uuid": "a0ec41f4-4fcc-4977-9c8e-48c1866af46c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23614", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/862", "content": "Updates On Hackbyte Forum:-\n\n\ud83d\udcccSmbpentest: Test Samba Servers which may have been configured improperly for anonymous access to vulnerable shares\n\n\ud83d\udcccLBOZO: A hybrid Windows Ransomware\n\n\ud83d\udcccHoaxshell: An unconventional Windows reverse shell, currently undetected by Microsoft Defender and other AV solutions, solely based on http(s) traffic\n\n\ud83d\udcccPing Castle Cloud\n\n\ud83d\udcccCoffeeLdr\n\n\ud83d\udcccZimbra #Exploit CVE-2022-30333\n\n\ud83d\udcccCVE-2022-24086 RCE POC\n\n\ud83d\udcccdata.gov.uk \u2013 UK Government Backups\n\n\ud83d\udccctelefonica Ecuador CRM Files Leaks\n\n\ud83d\udcccSvetlogorsk39.ru leak\n\n\ud83d\udcccrbcd-attack\n\n\ud83d\udcccRustyTokenManipulation\n\n\ud83d\udcccOralyzer - Open Redirection Analyzer\n\n\ud83d\udcccSalus \u2013 SBOM Tool\n\n\ud83d\udcccSliver GUI client.\n\n\ud83d\udcccCVE-2022-32119 - Arox-Unrestricted-File-Upload\n\n\ud83d\udcccNodeJS Ransomware\n\n\ud83d\udcccDirble - Fast directory scanning and scraping tool\n\n\ud83d\udcccWebView2-Cookie-Stealer\n\n\ud83d\udcccZombieThread - Another meterpreter injection technique using C# that attempts to bypass WD.\n\n\ud83d\udcccEvil Clippy\n\n\ud83d\udcccEvtx Log (xml) Browser\n\n\ud83d\udcccCVE-2022-30333\n\n\ud83d\udcccCVE-2022-23614: PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)\n\n\ud83d\udcccCVE-2022-33891 - Apache Spark shell command injection\n\n\ud83d\udcccEJS, Server side template injection RCE (CVE-2022-29078)\n\n\ud83d\udcccBinary Ninja Commercial 3.1.3469 (2022-05-31)\n\n\ud83d\udccccitycollege.edu Health University Leak\n\n\ud83d\udcccFull HHIDE.ORG forum dump\n\n\ud83d\udcccdanish.my Leak\n\n\ud83d\udcccstripchat.com Leak\n\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb Updates:- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-19T13:38:52.000000Z"}, {"uuid": "418f0ab2-b29a-47ce-a08d-c0080f7ebdab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23612", "type": "seen", "source": "https://t.me/cibsecurity/37910", "content": "\u203c CVE-2022-23612 \u203c\n\nOpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-23T02:12:50.000000Z"}, {"uuid": "c7bd2120-f3d5-40ee-81d1-29ee8a1f65c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23613", "type": "seen", "source": "https://t.me/cibsecurity/36978", "content": "\u203c CVE-2022-23613 \u203c\n\nxrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-08T00:35:41.000000Z"}, {"uuid": "1ba51cd0-c182-467e-97fb-59b2b84203ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23614", "type": "seen", "source": "https://t.me/cibsecurity/36911", "content": "\u203c CVE-2022-23614 \u203c\n\nTwig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-05T02:45:33.000000Z"}]}