{"vulnerability": "CVE-2022-4330", "sightings": [{"uuid": "0f4190e6-e686-48c4-aa52-9f103c583ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43308", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14045", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43308\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.\n\ud83d\udccf Published: 2022-11-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-30T13:55:00.363Z\n\ud83d\udd17 References:\n1. https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt\n2. https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-ethernet-sg-2404-poe", "creation_timestamp": "2025-04-30T14:13:16.000000Z"}, {"uuid": "c65742e1-1932-4004-b91f-b73e85409765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43305", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14948", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43305\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T18:05:37.895Z\n\ud83d\udd17 References:\n1. https://pypi.org/project/d8s-python/\n2. https://pypi.org/project/democritus-algorithms/\n3. https://github.com/dadadadada111/info/issues/10", "creation_timestamp": "2025-05-05T18:19:33.000000Z"}, {"uuid": "6649d9f8-f4b0-4015-91a3-20a77dd84c18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43306", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14946", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43306\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T18:07:14.194Z\n\ud83d\udd17 References:\n1. https://pypi.org/project/d8s-timer/\n2. https://pypi.org/project/democritus-dates/\n3. https://github.com/dadadadada111/info/issues/11", "creation_timestamp": "2025-05-05T18:19:31.000000Z"}, {"uuid": "e4352a67-653d-490f-9a75-b3071b00df10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43304", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14949", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43304\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T18:04:30.684Z\n\ud83d\udd17 References:\n1. https://pypi.org/project/democritus-uuids/\n2. https://pypi.org/project/d8s-timer/\n3. https://github.com/dadadadada111/info/issues/9", "creation_timestamp": "2025-05-05T18:19:33.000000Z"}, {"uuid": "37ea07cd-2e6f-427b-98b1-c3da897c25a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43303", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14950", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43303\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T18:02:17.534Z\n\ud83d\udd17 References:\n1. https://pypi.org/project/d8s-strings/\n2. https://pypi.org/project/democritus-uuids/\n3. https://github.com/dadadadada111/info/issues/8", "creation_timestamp": "2025-05-05T18:19:35.000000Z"}, {"uuid": "fe6712b6-12bf-44a1-8b10-17039da846e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43309", "type": "seen", "source": "https://t.me/cibsecurity/61704", "content": "\u203c CVE-2022-43309 \u203c\n\nSupermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-08T00:28:13.000000Z"}, {"uuid": "aa8a93ff-f43d-4b10-9f27-32f220531b63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4330", "type": "seen", "source": "https://t.me/cibsecurity/56549", "content": "\u203c CVE-2022-4330 \u203c\n\nThe WP Attachments WordPress plugin through 5.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-16T18:24:25.000000Z"}, {"uuid": "1eb0e12d-05e8-4725-8728-5fd095cc8f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43306", "type": "seen", "source": "https://t.me/cibsecurity/52593", "content": "\u203c CVE-2022-43306 \u203c\n\nThe d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T18:34:19.000000Z"}, {"uuid": "7a48c9c3-fb78-45d8-9009-9a80e0ce9f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43305", "type": "seen", "source": "https://t.me/cibsecurity/52610", "content": "\u203c CVE-2022-43305 \u203c\n\nThe d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T18:34:37.000000Z"}, {"uuid": "d2cfa26e-0e70-4b00-bac9-461e91577896", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43304", "type": "seen", "source": "https://t.me/cibsecurity/52600", "content": "\u203c CVE-2022-43304 \u203c\n\nThe d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T18:34:27.000000Z"}, {"uuid": "ce914a77-0a1a-412e-9a67-f8fd64539900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43303", "type": "seen", "source": "https://t.me/cibsecurity/52607", "content": "\u203c CVE-2022-43303 \u203c\n\nThe d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T18:34:34.000000Z"}]}