{"vulnerability": "CVE-2022-2850", "sightings": [{"uuid": "d6e895ad-7925-4b34-993f-0c6699a3d4b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2850", "type": "seen", "source": "https://t.me/cibsecurity/51484", "content": "\u203c CVE-2022-2850 \u203c\n\nA flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:01.000000Z"}, {"uuid": "bfb9b9ce-6127-4a4a-8dbe-6dc39b2f3cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28508", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2067", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-28508\nURL\uff1ahttps://github.com/YavuzSahbaz/CVE-2022-28508\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-30T03:26:47.000000Z"}, {"uuid": "ea382d19-f53e-48bf-8c3e-816a70d681d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28508", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-28508.yaml", "content": "", "creation_timestamp": "2025-04-24T13:45:33.000000Z"}, {"uuid": "e7393147-eab6-4fff-9809-778032eb6eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28508", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lno4mxx4ny2a", "content": "", "creation_timestamp": "2025-04-25T21:02:12.205937Z"}, {"uuid": "fa2a5cd8-5a7b-436d-8505-71cb5fb626a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28507", "type": "seen", "source": "https://t.me/cibsecurity/42133", "content": "\u203c CVE-2022-28507 \u203c\n\nDragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-06T20:23:16.000000Z"}, {"uuid": "28463cd7-d442-44ec-8cfb-33fa776d5f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28506", "type": "seen", "source": "https://t.me/cibsecurity/41373", "content": "\u203c CVE-2022-28506 \u203c\n\nThere is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T16:36:04.000000Z"}, {"uuid": "3e49ab34-fc66-401e-8a4c-88d90904f76e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28508", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5909", "content": "#exploit\n1. CVE-2022-28346:\nDjango QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\n2. CVE-2022-28508:\nMantisBT 2.25.2 - XSS\nhttps://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability\n\n3. Bypassing LDAP Channel Binding with StartTLS\nhttps://offsec.almond.consulting/bypassing-ldap-channel-binding-with-starttls.html", "creation_timestamp": "2022-04-30T17:55:24.000000Z"}, {"uuid": "408dec57-49d0-4023-8410-b339269a3c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28505", "type": "seen", "source": "https://t.me/cibsecurity/41826", "content": "\u203c CVE-2022-28505 \u203c\n\nJfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T20:33:55.000000Z"}]}