{"vulnerability": "CVE-2022-4114", "sightings": [{"uuid": "f0f8fad3-7560-423a-b9c3-dd355c44da8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41149", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9898", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41149\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18339.\n\ud83d\udccf Published: 2023-01-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-01T14:27:21.749Z\n\ud83d\udd17 References:\n1. https://www.tracker-software.com/product/pdf-xchange-editor/history\n2. https://www.zerodayinitiative.com/advisories/ZDI-22-1346/", "creation_timestamp": "2025-04-01T14:32:57.000000Z"}, {"uuid": "6b07aea7-4487-4bfe-9f79-85e89231e1e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41140", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10941", "content": "", "creation_timestamp": "2023-04-21T14:53:51.000000Z"}, {"uuid": "bcb0b9e2-4e67-4752-8d20-2efaf2b905c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41140", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10940", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-Day (Untested code): CVE-2022-41140 - D-Link router preauth Stack-based BOF RCE (authentication is not required to exploit this vulnerability).\n\nVulnerability exploitation requires to exit the main loop. At the moment no proper way to exit hence we forced it used the following command line.\n$ gdb -batch -ex \"attach `pgrep prog.cgi`\" -ex \"b *0x00429508\" -ex \"continue\" -ex \"j *0x00429538\" -ex \u201ci f\u201d -ex \"p/x $ra\"", "creation_timestamp": "2023-04-21T14:53:18.000000Z"}, {"uuid": "1e605dd6-cd18-4a9b-bcdc-c0c734a70cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41148", "type": "seen", "source": "https://t.me/cibsecurity/56909", "content": "\u203c CVE-2022-41148 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18338.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-26T20:33:56.000000Z"}, {"uuid": "54223ec7-4b53-4b78-8330-ca54ef22ecbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41140", "type": "published-proof-of-concept", "source": "Telegram/EX5rFdQn2VR18PmVnTSGVDWTyQvg6jtDFavHpCTb9UZHrIY", "content": "", "creation_timestamp": "2023-07-08T06:40:14.000000Z"}, {"uuid": "da44609c-e736-48a7-bed2-ee087211f6fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41144", "type": "seen", "source": "https://t.me/cibsecurity/56914", "content": "\u203c CVE-2022-41144 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18282.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-26T20:34:03.000000Z"}, {"uuid": "7e6f1720-3027-48b7-9a2c-7260a7812978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41145", "type": "seen", "source": "https://t.me/cibsecurity/56913", "content": "\u203c CVE-2022-41145 \u203c\n\nThis vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18283.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-26T20:34:02.000000Z"}, {"uuid": "7cf3654f-a10a-402d-8074-7e45b22e598d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41142", "type": "seen", "source": "https://t.me/cibsecurity/56912", "content": "\u203c CVE-2022-41142 \u203c\n\nThis vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-26T20:34:01.000000Z"}, {"uuid": "47edbb96-2c42-4c1d-9a37-f125159c5870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41147", "type": "seen", "source": "https://t.me/cibsecurity/56902", "content": "\u203c CVE-2022-41147 \u203c\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18286.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-26T20:33:46.000000Z"}, {"uuid": "d0af3fa2-0491-46ea-8309-c09368f63139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41140", "type": "seen", "source": "https://t.me/cibsecurity/56901", "content": "\u203c CVE-2022-41140 \u203c\n\nThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-26T20:33:45.000000Z"}, {"uuid": "88c30ef3-c0bb-4423-a84c-57b32ec588d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41140", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/520", "content": "\ud83d\udca5CVE-2022-41140 - D-Link router preauth Stack-based BOF RCE(authentication is not required to exploit this vulnerability).\n(PoC exploit here)\n\nVulnerability exploitation requires to exit the main loop. At the moment no proper way to exit hence we forced it used the following command line.\n$ gdb -batch -ex \"attach `pgrep prog.cgi`\" -ex \"b *0x00429508\" -ex \"continue\" -ex \"j *0x00429538\" -ex \u201ci f\u201d -ex \"p/x $ra\"", "creation_timestamp": "2023-04-26T13:53:52.000000Z"}, {"uuid": "757ca53d-54db-440e-9401-ae8fc40e69c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4114", "type": "seen", "source": "https://t.me/cibsecurity/55753", "content": "\u203c CVE-2022-4114 \u203c\n\nThe Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T11:55:21.000000Z"}]}