Update Sun Dec 18 13:50:05 UTC 2022

2017/CVE-2017-20017.md

@@ -0,0 +1,17 @@
+### [CVE-2017-20017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20017)
+![](https://img.shields.io/static/v1?label=Product&message=The%20Next%20Generation%20of%20Genealogy%20Sitebuilding&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.105833
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-21190.md

@@ -0,0 +1,17 @@
+### [CVE-2018-21190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21190)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-1248.md

@@ -11,6 +11,7 @@ A vulnerability was found in SAP Information System 1.0 which has been rated as
 
 #### Reference
 - http://packetstormsecurity.com/files/166609/SAP-Information-System-1.0.0-Missing-Authorization.html
+- https://vuldb.com/?id.196550
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-1287.md

@@ -0,0 +1,17 @@
+### [CVE-2022-1287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1287)
+![](https://img.shields.io/static/v1?label=Product&message=School%20Club%20Application%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-99%20Improper%20Control%20of%20Resource%20Identifiers&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.196750
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-41945.md

@@ -0,0 +1,17 @@
+### [CVE-2022-41945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41945)
+![](https://img.shields.io/static/v1?label=Product&message=super-xray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
+
+### Description
+
+super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ​​into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.
+
+### POC
+
+#### Reference
+- https://github.com/4ra1n/super-xray/releases/tag/0.2-beta
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-41950.md

@@ -0,0 +1,17 @@
+### [CVE-2022-41950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41950)
+![](https://img.shields.io/static/v1?label=Product&message=super-xray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%3A%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen)
+
+### Description
+
+super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta.
+
+### POC
+
+#### Reference
+- https://github.com/4ra1n/super-xray/releases/tag/0.3-beta
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-41958.md

@@ -0,0 +1,17 @@
+### [CVE-2022-41958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41958)
+![](https://img.shields.io/static/v1?label=Product&message=super-xray&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+
+### Description
+
+super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.
+
+### POC
+
+#### Reference
+- https://github.com/4ra1n/super-xray/security/advisories/GHSA-39pv-4vmj-c4fr
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4596.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4596)
+![](https://img.shields.io/static/v1?label=Product&message=Shoplazza&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216191.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4597.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4597)
+![](https://img.shields.io/static/v1?label=Product&message=LifeStyle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4598.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4598)
+![](https://img.shields.io/static/v1?label=Product&message=LifeStyle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument Text/Mobile Text leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216193 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4599.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4599)
+![](https://img.shields.io/static/v1?label=Product&message=LifeStyle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/api/theme-edit/ of the component Product Handler. The manipulation of the argument Subheading/Heading/Text/Button Text/Label leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216194 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4600.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4600)
+![](https://img.shields.io/static/v1?label=Product&message=LifeStyle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216195.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4601.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4601)
+![](https://img.shields.io/static/v1?label=Product&message=LifeStyle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Shoplazza LifeStyle 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/api/theme-edit/ of the component Shipping/Member Discount/Icon. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216196.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4602.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4602)
+![](https://img.shields.io/static/v1?label=Product&message=LifeStyle&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-216197 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://seclists.org/fulldisclosure/2022/Dec/11
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -35758,6 +35758,7 @@ CVE-2017-20015 - https://vuldb.com/?id.101969
 CVE-2017-20015 - https://vuldb.com/?id.101973
 CVE-2017-20016 - https://vuldb.com/?id.101969
 CVE-2017-20016 - https://vuldb.com/?id.101974
+CVE-2017-20017 - https://vuldb.com/?id.105833
 CVE-2017-20018 - https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt
 CVE-2017-20019 - http://seclists.org/fulldisclosure/2017/Mar/58
 CVE-2017-20020 - http://seclists.org/fulldisclosure/2017/Mar/58
@@ -42656,6 +42657,7 @@ CVE-2018-21175 - https://kb.netgear.com/000055183/Security-Advisory-for-Post-Aut
 CVE-2018-21176 - https://kb.netgear.com/000055182/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2623
 CVE-2018-21183 - https://kb.netgear.com/000055175/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2616
 CVE-2018-21189 - https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606
+CVE-2018-21190 - https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605
 CVE-2018-21195 - https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600
 CVE-2018-21203 - https://kb.netgear.com/000055146/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2589
 CVE-2018-21205 - https://kb.netgear.com/000055144/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2568
@@ -63453,6 +63455,7 @@ CVE-2022-1243 - https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7
 CVE-2022-1244 - https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82
 CVE-2022-1247 - https://bugzilla.redhat.com/show_bug.cgi?id=2066799
 CVE-2022-1248 - http://packetstormsecurity.com/files/166609/SAP-Information-System-1.0.0-Missing-Authorization.html
+CVE-2022-1248 - https://vuldb.com/?id.196550
 CVE-2022-1252 - https://0g.vc/posts/insecure-cipher-gnuboard5/
 CVE-2022-1253 - https://huntr.dev/bounties/1-other-strukturag/libde265
 CVE-2022-1263 - https://www.openwall.com/lists/oss-security/2022/04/07/1
@@ -63462,6 +63465,7 @@ CVE-2022-1283 - https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
 CVE-2022-1284 - https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
 CVE-2022-1285 - https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d
 CVE-2022-1286 - https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189
+CVE-2022-1287 - https://vuldb.com/?id.196750
 CVE-2022-1288 - https://vuldb.com/?id.196751
 CVE-2022-1290 - https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed
 CVE-2022-1291 - https://huntr.dev/bounties/49a14371-6058-47dd-9801-ec38a7459fc5
@@ -66788,6 +66792,9 @@ CVE-2022-41847 - https://github.com/axiomatic-systems/Bento4/issues/775
 CVE-2022-41884 - https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636
 CVE-2022-41924 - https://emily.id.au/tailscale
 CVE-2022-41925 - https://emily.id.au/tailscale
+CVE-2022-41945 - https://github.com/4ra1n/super-xray/releases/tag/0.2-beta
+CVE-2022-41950 - https://github.com/4ra1n/super-xray/releases/tag/0.3-beta
+CVE-2022-41958 - https://github.com/4ra1n/super-xray/security/advisories/GHSA-39pv-4vmj-c4fr
 CVE-2022-41973 - http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
 CVE-2022-41973 - http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
 CVE-2022-41974 - http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
@@ -67069,9 +67076,16 @@ CVE-2022-45918 - https://sec-consult.com/vulnerability-lab/advisory/multiple-cri
 CVE-2022-45956 - https://packetstormsecurity.com/files/169962/Boa-Web-Server-0.94.13-0.94.14-Authentication-Bypass.html
 CVE-2022-45957 - https://packetstormsecurity.com/files/169949/ZTE-ZXHN-H108NS-Stack-Buffer-Overflow-Denial-Of-Service.html
 CVE-2022-45957 - https://packetstormsecurity.com/files/169958/ZTE-ZXHN-H108NS-Authentication-Bypass.html
+CVE-2022-4596 - https://seclists.org/fulldisclosure/2022/Dec/11
+CVE-2022-4597 - https://seclists.org/fulldisclosure/2022/Dec/11
 CVE-2022-45977 - https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/3
 CVE-2022-45979 - https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/4
+CVE-2022-4598 - https://seclists.org/fulldisclosure/2022/Dec/11
 CVE-2022-45980 - https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/6
+CVE-2022-4599 - https://seclists.org/fulldisclosure/2022/Dec/11
 CVE-2022-45996 - https://github.com/bugfinder0/public_bug/tree/main/tenda/w20e/2
+CVE-2022-4600 - https://seclists.org/fulldisclosure/2022/Dec/11
+CVE-2022-4601 - https://seclists.org/fulldisclosure/2022/Dec/11
+CVE-2022-4602 - https://seclists.org/fulldisclosure/2022/Dec/11
 CVE-2022-46152 - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H&version=3.1
 CVE-2022-46161 - https://securitylab.github.com/advisories/GHSL-2022-068_pdfmake/