{"vulnerability": "CVE-2022-3666", "sightings": [{"uuid": "7edf9ef7-451b-482d-8950-34f55ac2c612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36668", "type": "seen", "source": "https://t.me/cibsecurity/49760", "content": "\u203c CVE-2022-36668 \u203c\n\nGarage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T14:26:24.000000Z"}, {"uuid": "8ab3a4a8-0575-415f-9bde-fac00281ef10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36660", "type": "seen", "source": "https://t.me/cibsecurity/49398", "content": "\u203c CVE-2022-36660 \u203c\n\nxhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T20:14:17.000000Z"}, {"uuid": "dec93c47-0ea4-44b1-8a34-63a415ee6c22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36661", "type": "seen", "source": "https://t.me/cibsecurity/49401", "content": "\u203c CVE-2022-36661 \u203c\n\nxhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-03T06:20:20.000000Z"}, {"uuid": "b1b40979-80f5-470e-92f9-6a5fe4326280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36664", "type": "seen", "source": "https://t.me/cibsecurity/55377", "content": "\u203c CVE-2022-36664 \u203c\n\nPassword Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T00:41:07.000000Z"}, {"uuid": "29e48fea-da5f-4d33-8970-8c388ab6d5ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36669", "type": "seen", "source": "https://t.me/cibsecurity/49766", "content": "\u203c CVE-2022-36669 \u203c\n\nHospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T14:26:31.000000Z"}, {"uuid": "80872e50-6f81-44f3-8392-171ab23482d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36667", "type": "seen", "source": "https://t.me/cibsecurity/49756", "content": "\u203c CVE-2022-36667 \u203c\n\nGarage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-14T14:26:20.000000Z"}, {"uuid": "73f90a65-33dd-4224-9df6-3db09b68e431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36663", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7034", "content": "#exploit\n1. CVE-2022-36663:\nInternal network scanner through Gluu IAM blind ssrf\nhttps://github.com/Qeisi/CVE-2022-36663-PoC\n\n2. CVE-2022-21970:\nMicrosoft Edge (Chromium-based) EoP Vulnerability\nhttps://github.com/Malwareman007/CVE-2022-21970\n\n3. CVE-2022-39197:\nCobaltStrike <= 4.7.1 RCE\nhttps://github.com/TheCryingGame/CVE-2022-39197-RCE", "creation_timestamp": "2022-10-23T19:30:28.000000Z"}, {"uuid": "4d114797-51fe-43bc-a525-682d83bd0f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36664", "type": "seen", "source": "https://t.me/canyoupwnme/6838", "content": "Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability. CVE-2022-36664\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36664", "creation_timestamp": "2022-12-27T05:56:59.000000Z"}, {"uuid": "998127d2-a824-4587-bf08-51626c3b12c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36663", "type": "seen", "source": "https://t.me/cibsecurity/49388", "content": "\u203c CVE-2022-36663 \u203c\n\nGluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-07T00:13:40.000000Z"}]}