Update Wed Nov 30 13:02:12 UTC 2022

2010/CVE-2010-0661.md

@@ -0,0 +1,17 @@
+### [CVE-2010-0661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0661)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
+
+### POC
+
+#### Reference
+- http://flock.com/security/
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-1236.md

@@ -0,0 +1,17 @@
+### [CVE-2010-1236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1236)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
+
+### POC
+
+#### Reference
+- http://flock.com/security/
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-3202.md

@@ -0,0 +1,17 @@
+### [CVE-2010-3202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3202)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.
+
+### POC
+
+#### Reference
+- http://flock.com/security/
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-3262.md

@@ -0,0 +1,17 @@
+### [CVE-2010-3262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3262)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
+
+### POC
+
+#### Reference
+- http://flock.com/security/
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-1010084.md

@@ -0,0 +1,17 @@
+### [CVE-2019-1010084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010084)
+![](https://img.shields.io/static/v1?label=Product&message=Dancer%3A%3APlugin%3A%3ASimpleCRUD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Access%20Control&color=brighgreen)
+
+### Description
+
+Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes.
+
+### POC
+
+#### Reference
+- https://github.com/bigpresh/Dancer-Plugin-SimpleCRUD/pull/109
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-26787.md

@@ -10,6 +10,7 @@ A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.2
 ### POC
 
 #### Reference
+- http://genesys.com
 - https://medium.com/@reliable_lait_mouse_975/cross-site-scripting-vulnerability-within-genesys-workforce-management-version-8-5-214-20-a68500cf5e18
 
 #### Github

2021/CVE-2021-45499.md

@@ -0,0 +1,17 @@
+### [CVE-2021-45499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45499)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064445/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0027
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-24187.md

@@ -0,0 +1,17 @@
+### [CVE-2022-24187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24187)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users.
+
+### POC
+
+#### Reference
+- https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-24188.md

@@ -0,0 +1,17 @@
+### [CVE-2022-24188](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24188)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.
+
+### POC
+
+#### Reference
+- https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-24189.md

@@ -0,0 +1,17 @@
+### [CVE-2022-24189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24189)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.
+
+### POC
+
+#### Reference
+- https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-24190.md

@@ -0,0 +1,17 @@
+### [CVE-2022-24190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24190)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction.
+
+### POC
+
+#### Reference
+- https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-25848.md

@@ -0,0 +1,17 @@
+### [CVE-2022-25848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25848)
+![](https://img.shields.io/static/v1?label=Product&message=static-dev-server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal&color=brighgreen)
+
+### Description
+
+This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-JS-STATICDEVSERVER-3149917
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-31877.md

@@ -0,0 +1,17 @@
+### [CVE-2022-31877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31877)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.
+
+### POC
+
+#### Reference
+- https://patsch.dev/2022/07/08/cve-2022-31877-privilege-escalation-in-msi-centers-msi-terminalserver-exe/
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-36136.md

@@ -0,0 +1,18 @@
+### [CVE-2022-36136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36136)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/bypazs/GrimTheRipper
+

2022/CVE-2022-36137.md

@@ -0,0 +1,18 @@
+### [CVE-2022-36137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36137)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/bypazs/GrimTheRipper
+

2022/CVE-2022-36433.md

@@ -0,0 +1,19 @@
+### [CVE-2022-36433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36433)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/afine-com/CVE-2022-36433
+- https://github.com/afine-com/research
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2022/CVE-2022-3747.md

@@ -0,0 +1,18 @@
+### [CVE-2022-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3747)
+![](https://img.shields.io/static/v1?label=Product&message=Becustom&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/MrTuxracer/advisories
+

2022/CVE-2022-37775.md

@@ -10,6 +10,7 @@ Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- Septe
 ### POC
 
 #### Reference
+- http://genesys.com
 - http://packetstormsecurity.com/files/168410/Genesys-PureConnect-Cross-Site-Scripting.html
 
 #### Github

2022/CVE-2022-40282.md

@@ -0,0 +1,17 @@
+### [CVE-2022-40282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40282)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.
+
+### POC
+
+#### Reference
+- http://seclists.org/fulldisclosure/2022/Nov/19
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4034.md

@@ -0,0 +1,18 @@
+### [CVE-2022-4034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4034)
+![](https://img.shields.io/static/v1?label=Product&message=Appointment%20Hour%20Booking%20%E2%80%93%20WordPress%20Booking%20Plugin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1236%20Improper%20Neutralization%20of%20Formula%20Elements%20in%20a%20CSV%20File&color=brighgreen)
+
+### Description
+
+The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/ashutoshrohilla/CVE-2021-4034
+

2022/CVE-2022-4104.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4104)
+![](https://img.shields.io/static/v1?label=Product&message=Dropbox%20Lepton&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Loop%20with%20Unreachable%20Exit%20Condition%20('Infinite%20Loop')&color=brighgreen)
+
+### Description
+
+A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.
+
+### POC
+
+#### Reference
+- https://tenable.com/security/research/TRA-2022-35
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4141.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4141)
+![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0947%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-41445.md

@@ -10,7 +10,7 @@ A cross-site scripting (XSS) vulnerability in Record Management System using Cod
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://ihexcoder.wixsite.com/secresearch/post/cve-2022-41445-cross-site-scripting-in-teachers-record-management-system-using-codeignitor
 
 #### Github
 - https://github.com/RashidKhanPathan/CVE-2022-41445

2022/CVE-2022-41446.md

@@ -10,7 +10,7 @@ An access control issue in /Admin/dashboard.php of Record Management System usin
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://ihexcoder.wixsite.com/secresearch/post/privilege-escalation-in-teachers-record-management-system-using-codeignitor
 
 #### Github
 - https://github.com/RashidKhanPathan/CVE-2022-41446