{"vulnerability": "CVE-2022-3812", "sightings": [{"uuid": "79fa4d23-553f-4917-a45b-aaac90e270cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38120", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14365", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38120\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: UPSMON PRO\u2019s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.\n\ud83d\udccf Published: 2022-11-10T02:20:41.230Z\n\ud83d\udccf Modified: 2025-05-01T19:08:42.468Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-6679-a0695-1.html", "creation_timestamp": "2025-05-01T19:14:42.000000Z"}, {"uuid": "ed875557-ffa0-4dc7-9d87-0566e1b181e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38120", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lpafxth5rw2w", "content": "", "creation_timestamp": "2025-05-15T21:02:27.755155Z"}, {"uuid": "db9d778f-f268-429d-8c06-04d1e6d2f4e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38121", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lpafxtjqny2s", "content": "", "creation_timestamp": "2025-05-15T21:02:28.294177Z"}, {"uuid": "72856188-fed4-493d-96d4-79fb877b017f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38120", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "160ec17e-6977-4ddd-9e0a-6853945f0fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38121", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "3809298a-2a43-4041-941f-c1eaa50baca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38120", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/upsmon_traversal.rb", "content": "", "creation_timestamp": "2025-05-15T05:30:47.000000Z"}, {"uuid": "0a4c3f4e-1b7b-4f36-945c-f979cdc396b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38121", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/upsmon_traversal.rb", "content": "", "creation_timestamp": "2025-05-15T05:30:47.000000Z"}, {"uuid": "3ae4e4a1-d300-4cb7-8565-3f642c102cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38121", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14366", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38121\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users\u2018 and administrators' account names and passwords via this unprotected configuration file.\n\ud83d\udccf Published: 2022-11-10T02:20:42.270Z\n\ud83d\udccf Modified: 2025-05-01T19:07:59.479Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html", "creation_timestamp": "2025-05-01T19:14:43.000000Z"}, {"uuid": "280c5f51-bf13-4965-ac24-356f1e291cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38125", "type": "seen", "source": "Telegram/L04jVa19Jjwg362SRT5EyVQCUps9MWTWWKLsbdUiA9EPdmLd", "content": "", "creation_timestamp": "2025-02-06T02:43:29.000000Z"}, {"uuid": "61f23f9e-cd7c-4f90-9880-35cc6ecbc254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38123", "type": "seen", "source": "https://t.me/cibsecurity/54067", "content": "\u203c CVE-2022-38123 \u203c\n\nImproper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T18:41:15.000000Z"}, {"uuid": "31d84779-4f9c-4a6e-a52a-10a2fb4fca5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38122", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14367", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-38122\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.\n\ud83d\udccf Published: 2022-11-10T02:20:43.297Z\n\ud83d\udccf Modified: 2025-05-01T19:07:13.585Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-6681-e9650-1.html", "creation_timestamp": "2025-05-01T19:14:44.000000Z"}, {"uuid": "b2c9aaee-2897-4970-85da-c54be6be3c36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38125", "type": "seen", "source": "https://t.me/cibsecurity/62458", "content": "\u203c CVE-2022-38125 \u203c\n\nImproper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T16:29:55.000000Z"}, {"uuid": "5fd6a833-feb2-4d3c-a35a-1236c93b499a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38124", "type": "seen", "source": "https://t.me/cibsecurity/54388", "content": "\u203c CVE-2022-38124 \u203c\n\nDebug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T16:21:40.000000Z"}, {"uuid": "3747a079-ac3a-46ca-9962-6bc90fa3f086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3812", "type": "seen", "source": "https://t.me/cibsecurity/52446", "content": "\u203c CVE-2022-3812 \u203c\n\nA vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T01:19:19.000000Z"}, {"uuid": "a054b4b6-da1f-4169-8ace-dd672c92032b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38120", "type": "seen", "source": "https://t.me/cibsecurity/52931", "content": "\u203c CVE-2022-38120 \u203c\n\nUPSMON PRO\u00e2\u20ac\u2122s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:52:31.000000Z"}, {"uuid": "cc746de2-a06f-46e3-adc4-a7305baca864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38129", "type": "seen", "source": "https://t.me/cibsecurity/47899", "content": "\u203c CVE-2022-38129 \u203c\n\nA path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:26:26.000000Z"}, {"uuid": "13600db3-cbc4-40b2-8e1d-91b128b1bb89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38126", "type": "seen", "source": "https://t.me/cibsecurity/49217", "content": "\u203c CVE-2022-38126 \u203c\n\nAssertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T00:38:46.000000Z"}, {"uuid": "1fcff2bb-c838-491a-9934-237c18e220b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38127", "type": "seen", "source": "https://t.me/cibsecurity/49199", "content": "\u203c CVE-2022-38127 \u203c\n\nA NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T00:38:21.000000Z"}]}