{"vulnerability": "cve-2022-4510", "sightings": [{"uuid": "74352fbf-a168-4516-b695-df35676688a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45103", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10307", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45103\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-01-18T14:31:56.582Z\n\ud83d\udccf Modified: 2025-04-03T18:04:23.945Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-04-03T18:35:39.000000Z"}, {"uuid": "d309b638-66a6-4d63-bf47-13741a6dd49a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45104", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8500", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45104\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-10T21:04:48.607Z\n\ud83d\udccf Modified: 2025-03-24T17:58:16.581Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-24T18:23:11.000000Z"}, {"uuid": "4d36ff32-0dee-4c5f-82d0-82daee806097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45100", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8970", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45100\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nDell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-01T05:06:38.401Z\n\ud83d\udccf Modified: 2025-03-26T20:06:43.096Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities", "creation_timestamp": "2025-03-26T20:26:05.000000Z"}, {"uuid": "b852c21d-59ab-48ef-b052-d6cec0cb48a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45102", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8972", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45102\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: \nDell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \\u2018Host\\u2019 header values to poison a web cache or trigger redirections.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-01T05:11:30.285Z\n\ud83d\udccf Modified: 2025-03-26T20:06:17.266Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000206329/dsa-2022-348-dell-emc-data-protection-central-security-update-for-proprietary-code-vulnerability", "creation_timestamp": "2025-03-26T20:26:07.000000Z"}, {"uuid": "6f021e11-7955-4706-880e-275409c3f73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45104", "type": "seen", "source": "https://t.me/cibsecurity/57937", "content": "\u203c CVE-2022-45104 \u203c\n\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-11T14:34:11.000000Z"}, {"uuid": "a33d6227-2d94-4ea3-99c4-270fa73e559f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4510", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3102", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27  - Hackers Factory\n\nKernel-Process-Hollowing\n\nWindows x64 kernel mode rootkit process hollowing POC.\n\nhttps://github.com/XaFF-XaFF/Kernel-Process-Hollowing\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bBOFMask\n\nPoC for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF).\n\nhttps://github.com/passthehashbrowns/BOFMask\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCRTP-Notes\n\nStudy materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing.\n\nhttps://github.com/0xStarlight/CRTP-Notes\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-34843\n\nTraggo/server ver. 0.3 - directory traversal\n\nhttps://github.com/rootd4ddy/CVE-2023-34843\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2022-4510\n\nA Python script for generating exploits targeting CVE-2022-4510 RCE Binwalk. It supports SSH, command execution, and reverse shell options. Exploits are saved in PNG format. Ideal for testing and demonstrations.\n\nhttps://github.com/adhikara13/CVE-2022-4510-WalkingPath\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bAPEX-ICS \n\nAutomated protocol exploration and fuzzing for closed-source ics protocols.\n\nhttps://github.com/ParvinSoni/APEX-ICS\n\n#cybersecurity #infosec\n\n\u200b\u200bBOFMask\n\nA tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.\n\nhttps://github.com/xforcered/bofmask\n\n#infosec #pentesting #redteam\n\n\u200b\u200bAtlasReaper\n\nA command-line tool developed for offensive security purposes, primarily focused on reconnaissance of Confluence and Jira. It also provides various features that can be helpful for tasks such as credential farming and social engineering. The tool is written in C#.\n\nhttps://github.com/werdhaihai/AtlasReaper\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bParaForge\n\nA simple #BurpSuite extension to extract the paramters and endpoints from the request to create custom wordlist for fuzzing and enumeration.\n\nhttps://github.com/Anof-cyber/ParaForge\n\n#infosec #pentesting #bugbounty\n\nFind authentication (authn) and authorization (authz) security bugs in web application routes.\n\nhttps://github.com/mschwager/route-detect\n\n\u200b\u200bSNAPPY\n\nDetecting rogue and fake 802.11 wireless access points through fingerprinting beacon management frames.\n\nhttps://github.com/SpiderLabs/snappy\n\nDetails:\nhttps://bit.ly/46sGGBN\n\n#cybersecurity #infosec #wifi\n\n\u200b\u200bDNS Analyzer\n\nA #BurpSuite extension for finding DNS vulnerabilities in web applications!\n\nhttps://github.com/The-Login/DNS-Analyzer\n\n#infosec #pentesting #bugbounty\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-07-23T05:17:03.000000Z"}, {"uuid": "096b3eaf-76c7-43e4-8a3a-d51490942112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45104", "type": "published-proof-of-concept", "source": "Telegram/qFGZKGWjbbohzwm4IM5LXtPLoPhbxEHigW24J-s61iUeoo0", "content": "", "creation_timestamp": "2023-02-21T18:38:02.000000Z"}, {"uuid": "96cc4bf3-52e1-41bd-a7e9-5a3e270ad164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45103", "type": "published-proof-of-concept", "source": "Telegram/qFGZKGWjbbohzwm4IM5LXtPLoPhbxEHigW24J-s61iUeoo0", "content": "", "creation_timestamp": "2023-02-21T18:38:02.000000Z"}, {"uuid": "6e5370fc-5425-4ccf-ae54-8f6a205c92f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45102", "type": "seen", "source": "https://t.me/cibsecurity/57271", "content": "\u203c CVE-2022-45102 \u203c\n\nDell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \\u2018Host\\u2019 header values to poison a web cache or trigger redirections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T12:14:14.000000Z"}, {"uuid": "de04cd20-84bf-46ef-bc1f-0e809db0973a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45100", "type": "seen", "source": "https://t.me/cibsecurity/57264", "content": "\u203c CVE-2022-45100 \u203c\n\nDell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T12:14:04.000000Z"}, {"uuid": "aa10d3cb-0601-425e-829f-603bdd2633b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45103", "type": "seen", "source": "https://t.me/cibsecurity/56673", "content": "\u203c CVE-2022-45103 \u203c\n\nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T18:21:07.000000Z"}, {"uuid": "8f0061ab-1682-4983-8766-6c65f65ae22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4510", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7674", "content": "#exploit\n1. CVE-2022-4510, CVE-2023-0591,\nCVE-2023-0592, CVE-2023-0593:\nRCE in ReFirm Labs binwalk\nhttps://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk\n\n2. CVE-2023-23924:\nCritical-Severity RCE Flaw Found in Dompdf Library\nhttps://securityonline.info/cve-2023-23924-critical-severity-rce-flaw-found-in-popular-dompdf-library", "creation_timestamp": "2023-02-02T11:01:01.000000Z"}, {"uuid": "2b6a2dcf-e071-4960-981b-afbd900a7140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4510", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8578", "content": "#exploit\n1. CVE-2023-26258:\nRCE in ArcServe UDP Backup\nhttps://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup\n\n2. CVE-2023-34843:\ntraggo/server ver. 0.3 - directory traversal\nhttps://github.com/rootd4ddy/CVE-2023-34843\n\n3. A Python script for generating exploits targeting CVE-2022-4510 RCE Binwalk\nhttps://github.com/adhikara13/CVE-2022-4510-WalkingPath", "creation_timestamp": "2023-06-29T11:03:01.000000Z"}]}