Update Thu Dec 1 09:43:16 UTC 2022

2005/CVE-2005-1712.md

@@ -0,0 +1,17 @@
+### [CVE-2005-1712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1712)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=328092
+
+#### Github
+No PoCs found on GitHub currently.
+

2005/CVE-2005-1713.md

@@ -0,0 +1,17 @@
+### [CVE-2005-1713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1713)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=328092
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-40282.md

@@ -10,6 +10,7 @@ The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated c
 ### POC
 
 #### Reference
+- http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html
 - http://seclists.org/fulldisclosure/2022/Nov/19
 
 #### Github

2022/CVE-2022-41040.md

@@ -14,7 +14,7 @@ Microsoft Exchange Server Elevation of Privilege Vulnerability.
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
 
 #### Github
 - https://github.com/0xlittleboy/One-Liners

2022/CVE-2022-41082.md

@@ -14,7 +14,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability.
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-41412.md

@@ -0,0 +1,17 @@
+### [CVE-2022-41412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41412)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/170069/perfSONAR-4.4.4-Open-Proxy-Relay.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-41413.md

@@ -0,0 +1,17 @@
+### [CVE-2022-41413](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41413)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/170070/perfSONAR-4.4.5-Cross-Site-Request-Forgery.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-45045.md

@@ -0,0 +1,17 @@
+### [CVE-2022-45045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45045)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.
+
+### POC
+
+#### Reference
+- https://vulncheck.com/blog/xiongmai-iot-exploitation
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-45640.md

@@ -0,0 +1,17 @@
+### [CVE-2022-45640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45640)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).
+
+### POC
+
+#### Reference
+- https://vulncheck.com/blog/xiongmai-iot-exploitation
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -1379,6 +1379,8 @@ CVE-2005-1702 - http://aluigi.altervista.org/adv/warkings-adv.txt
 CVE-2005-1702 - http://marc.info/?l=bugtraq&m=111686776303832&w=2
 CVE-2005-1703 - http://aluigi.altervista.org/adv/warkings-adv.txt
 CVE-2005-1703 - http://marc.info/?l=bugtraq&m=111686776303832&w=2
+CVE-2005-1712 - http://sourceforge.net/project/shownotes.php?release_id=328092
+CVE-2005-1713 - http://sourceforge.net/project/shownotes.php?release_id=328092
 CVE-2005-1718 - http://aluigi.altervista.org/adv/wartimesboom-adv.txt
 CVE-2005-1741 - http://aluigi.altervista.org/adv/haloloop-adv.txt
 CVE-2005-1752 - http://marc.info/?l=bugtraq&m=111695779919830&w=2
@@ -65986,6 +65988,7 @@ CVE-2022-40123 - https://weed-1.gitbook.io/cve/mojoportal/directory-traversal-in
 CVE-2022-40129 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1614
 CVE-2022-4018 - https://huntr.dev/bounties/5340c2f6-0252-40f6-8929-cca5d64958a5
 CVE-2022-40250 - https://www.binarly.io/advisories/BRLY-2022-016
+CVE-2022-40282 - http://packetstormsecurity.com/files/170063/Hirschmann-Belden-BAT-C2-8.8.1.0R8-Command-Injection.html
 CVE-2022-40282 - http://seclists.org/fulldisclosure/2022/Nov/19
 CVE-2022-40305 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-023.txt
 CVE-2022-40359 - https://cxsecurity.com/issue/WLB-2022090057
@@ -66025,7 +66028,9 @@ CVE-2022-4093 - https://huntr.dev/bounties/677ca8ee-ffbc-4b39-b294-2ce81bd56788
 CVE-2022-40944 - https://caicaizi.top/archives/9/
 CVE-2022-4096 - https://huntr.dev/bounties/7969e834-5982-456e-9683-861a7a5e2d22
 CVE-2022-4104 - https://tenable.com/security/research/TRA-2022-35
+CVE-2022-41040 - http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
 CVE-2022-4105 - https://huntr.dev/bounties/386417e9-0cd5-4d80-8137-b0fd5c30b8f8
+CVE-2022-41082 - http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
 CVE-2022-4111 - https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d
 CVE-2022-41138 - https://bugs.gentoo.org/868495
 CVE-2022-41139 - https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-7344-4pg9-qf45
@@ -66049,6 +66054,8 @@ CVE-2022-41396 - https://boschko.ca/tenda_ac1200_router/
 CVE-2022-41403 - https://packetstormsecurity.com/files/168412/OpenCart-3.x-Newsletter-Custom-Popup-4.0-SQL-Injection.html
 CVE-2022-41404 - https://sourceforge.net/p/ini4j/bugs/56/
 CVE-2022-4141 - https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
+CVE-2022-41412 - http://packetstormsecurity.com/files/170069/perfSONAR-4.4.4-Open-Proxy-Relay.html
+CVE-2022-41413 - http://packetstormsecurity.com/files/170070/perfSONAR-4.4.5-Cross-Site-Request-Forgery.html
 CVE-2022-41424 - https://github.com/axiomatic-systems/Bento4/issues/768
 CVE-2022-41428 - https://github.com/axiomatic-systems/Bento4/issues/773
 CVE-2022-41429 - https://github.com/axiomatic-systems/Bento4/issues/773
@@ -66140,6 +66147,7 @@ CVE-2022-44724 - https://stiltsoft.atlassian.net/browse/VD-3
 CVE-2022-44727 - https://www.lineagrafica.es/modp/lgcookieslaw/en/readme_en.pdf
 CVE-2022-44792 - https://github.com/net-snmp/net-snmp/issues/474
 CVE-2022-44793 - https://github.com/net-snmp/net-snmp/issues/475
+CVE-2022-45045 - https://vulncheck.com/blog/xiongmai-iot-exploitation
 CVE-2022-45062 - https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
 CVE-2022-45129 - http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html
 CVE-2022-45129 - http://seclists.org/fulldisclosure/2022/Nov/11
@@ -66153,5 +66161,6 @@ CVE-2022-45224 - https://medium.com/@just0rg/book-store-management-system-1-0-un
 CVE-2022-45225 - https://medium.com/@just0rg/book-store-management-system-1-0-unrestricted-input-leads-to-xss-74506d42492e
 CVE-2022-45535 - https://rdyx0.github.io/2018/09/06/AeroCMS-v0.0.1-SQLi%20update_categories_sql_injection/
 CVE-2022-45536 - https://rdyx0.github.io/2018/09/07/AeroCMS-v0.0.1-SQLi%20post_comments_sql_injection/
+CVE-2022-45640 - https://vulncheck.com/blog/xiongmai-iot-exploitation
 CVE-2022-45868 - https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243
 CVE-2022-46152 - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H&version=3.1