{"vulnerability": "CVE-2022-46381", "sightings": [{"uuid": "31e9368e-2967-4cfb-ae00-ef3bffba8d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-05)", "content": "", "creation_timestamp": "2025-02-05T00:00:00.000000Z"}, {"uuid": "4ad74d5c-034a-4edd-a5e8-530886ba6ca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-24)", "content": "", "creation_timestamp": "2025-03-24T00:00:00.000000Z"}, {"uuid": "f44ec88b-e879-4a70-908d-e617d13bb424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-14)", "content": "", "creation_timestamp": "2025-07-14T00:00:00.000000Z"}, {"uuid": "fb86c9ba-048b-4127-8bc0-e3490d9a9c6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/3436", "content": "\u200b\u200bCVE-2022-25765 \n\npdfkit Exploit Reverse Shell\n\npdfkit <0.8.6 command injection shell. The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. (Tested on ver 0.8.6) - CVE-2022-25765\n\nhttps://github.com/CyberArchitect1/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell\n\n\u200b\u200bCVE-2022-45025\n\nCommand injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)\n\nhttps://github.com/yuriisanin/CVE-2022-45025\n\n\u200b\u200bCVE-2022-36537\n\nZK Framework - Exposure of Sensitive Information to an Unauthorized Actor\n\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT\n\n\u200b\u200bCVE-2022-39066\n\nSQL Injection Vulnerability in ZTE MF286R\n\nhttps://github.com/v0lp3/CVE-2022-39066\n\n\u200b\u200bCVE-2022-46381\n\nYou can scan this vulnerability on your company's subdomains using the nuclei scanner with the template specified in this repo \"CVE-2022-46381.yaml\"\n\nhttps://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-46381\n\n\u200b\u200bCVE-2022-45771 - Pwndoc LFI to RCE\n\nPwndoc local file inclusion to remote code execution of Node.js code on the server.\n\nhttps://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE\n\n\u200b\u200bCVE-2022-46169\n\nCacti remote_agent.php Unauthenticated Command Injection.\n\nhttps://github.com/0xf4n9x/CVE-2022-46169\n\n\u200b\u200bCVE-2022-45451\n\nPoC for CVE-2022-45451 Acronis Arbitrary File Read\n\nhttps://github.com/alfarom256/CVE-2022-45451\n\nCVE-2022-28672\n\nThis bug was Use after Free caused by improper handling of javascript object memory references.\n\nhttps://github.com/hacksysteam/CVE-2022-28672\n\nUse after Free - RCE Exploit: https://hacksys.io/blogs/foxit-reader-uaf-rce-jit-spraying-cve-2022-28672\n\n\u200b\u200bCVE-2003-0358\n\nBuffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.\n\nhttps://github.com/snowcra5h/CVE-2003-0358\n\n\u200b\u200bCVE-2022-39253\n\nDocker host file read\n\nhttps://github.com/ssst0n3/docker-cve-2022-39253-poc\n\n\u200b\u200bCVE-2022-48870\n\nmaccms admin+ xss attacks\n\nhttps://github.com/Cedric1314/CVE-2022-48870\n\n\u200b\u200bCVE-2022-2602\n\nPoC Kernel Privilege Escalation Linux\n\nhttps://github.com/kiks7/CVE-2022-2602-Kernel-Exploit\n\n\u200b\u200bEvilWfshbr\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation\n\nhttps://github.com/kkent030315/CVE-2022-42046\n\n\u200b\u200bCVE-2022-2602\n\nThis repository contains exploits for CVE-2022-2602. There are two versions of it:\n\n\u25ab\ufe0f Exploit using userfaultfd technique.\n\u25ab\ufe0f Exploit using inode locking technique.\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\n#cve #poc \n@pfkgit", "creation_timestamp": "2023-01-28T19:14:38.000000Z"}, {"uuid": "cdd32577-ce4f-40c6-b119-d723eb46f49a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/154", "content": "Parshu\n\nFilter URLs to save your time using regex\n\nParshu uses regex to filter out the custom results. Remembering every regex or writing regexes for a task which you do daily is not easy, so parshu will help you to automate the task.\n\nhttps://github.com/R0X4R/Parshu\n\n\u200b\u200bIATelligence\n\nIATelligence is a Python script that extracts the Import Address Table (IAT) from a PE file and uses OpenAI's GPT-3 model to provide details about each Windows API imported by the file. The script also searches for related MITRE ATT&CK techniques and explains how the API could potentially be used by attackers.\n\nIt also displays the hashes of the file and estimates the cost of the GPT-3 requests. IATelligence is a proof of concept for using GPT-3 for malware analysis and quickly assessing the behavior of a malware based on its IAT.\n\nhttps://github.com/fr0gger/IATelligence\n\n\u200b\u200bCVE-2022-46381\n\nYou can scan this vulnerability on your company's subdomains using the nuclei scanner with the template specified in this repo \"CVE-2022-46381.yaml\"\n\nhttps://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-46381\n\n\u200b\u200bZeek-Formatted Threat Intelligence Feeds\n\nThis is a public feed based on Public Threat Feeds and CRITICAL PATH SECURITY gathered data. This feed will be updated as often as possible.\n\nhttps://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds\n\n\u200b\u200binject-globals\n\nA function for injecting global variables into function calls.\n\nhttps://github.com/victorwss/inject-globals\n\n\u200b\u200bPublic version of Redblood C2\n\nThis is a simple command and control server to handle sessions and your victims.\n\nhttps://github.com/kira2040k/RedbloodC2\n\n\u200b\u200bShadow\n\nA jailbreak detection bypass for modern iOS jailbreaks.\n\nPlease note that Shadow is not designed as an app-specific bypass. Issues mainly in consideration are non-detection related app crashes, regressions from previous versions, and compatibility issues.\n\nhttps://github.com/jjolano/shadow\n\n\u200aDomainDouche - OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force\n\nhttp://www.kitploit.com/2022/12/domaindouche-osint-tool-to-abuse.html\n\nCVE-2022-39066\n\nSQL Injection Vulnerability in ZTE MF286R\n\nhttps://github.com/v0lp3/CVE-2022-39066\n\nDonate\nhttps://t.me/c/1634518258/5\nhttps://t.me/HackerFactory/114\n\n#redteam #infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n3/3", "creation_timestamp": "2022-12-14T10:16:53.000000Z"}, {"uuid": "99b819f9-4a5d-491a-af26-38d0950abace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2137", "content": "Parshu\n\nFilter URLs to save your time using regex\n\nParshu uses regex to filter out the custom results. Remembering every regex or writing regexes for a task which you do daily is not easy, so parshu will help you to automate the task.\n\nhttps://github.com/R0X4R/Parshu\n\n\u200b\u200bIATelligence\n\nIATelligence is a Python script that extracts the Import Address Table (IAT) from a PE file and uses OpenAI's GPT-3 model to provide details about each Windows API imported by the file. The script also searches for related MITRE ATT&CK techniques and explains how the API could potentially be used by attackers.\n\nIt also displays the hashes of the file and estimates the cost of the GPT-3 requests. IATelligence is a proof of concept for using GPT-3 for malware analysis and quickly assessing the behavior of a malware based on its IAT.\n\nhttps://github.com/fr0gger/IATelligence\n\n\u200b\u200bCVE-2022-46381\n\nYou can scan this vulnerability on your company's subdomains using the nuclei scanner with the template specified in this repo \"CVE-2022-46381.yaml\"\n\nhttps://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-46381\n\n\u200b\u200bZeek-Formatted Threat Intelligence Feeds\n\nThis is a public feed based on Public Threat Feeds and CRITICAL PATH SECURITY gathered data. This feed will be updated as often as possible.\n\nhttps://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds\n\n\u200b\u200binject-globals\n\nA function for injecting global variables into function calls.\n\nhttps://github.com/victorwss/inject-globals\n\n\u200b\u200bPublic version of Redblood C2\n\nThis is a simple command and control server to handle sessions and your victims.\n\nhttps://github.com/kira2040k/RedbloodC2\n\n\u200b\u200bShadow\n\nA jailbreak detection bypass for modern iOS jailbreaks.\n\nPlease note that Shadow is not designed as an app-specific bypass. Issues mainly in consideration are non-detection related app crashes, regressions from previous versions, and compatibility issues.\n\nhttps://github.com/jjolano/shadow\n\n\u200aDomainDouche - OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force\n\nhttp://www.kitploit.com/2022/12/domaindouche-osint-tool-to-abuse.html\n\nCVE-2022-39066\n\nSQL Injection Vulnerability in ZTE MF286R\n\nhttps://github.com/v0lp3/CVE-2022-39066\n\nDonate\nhttps://t.me/c/1634518258/5\nhttps://t.me/HackerFactory/114\n\n#redteam #infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n3/3", "creation_timestamp": "2022-12-14T10:16:53.000000Z"}, {"uuid": "baff4adf-d3b5-4d28-bc95-b3086b970438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46381", "type": "seen", "source": "https://t.me/cibsecurity/54467", "content": "\u203c CVE-2022-46381 \u203c\n\nCertain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T00:21:59.000000Z"}]}