{"vulnerability": "CVE-2022-2578", "sightings": [{"uuid": "069ed202-1816-4c0d-bbed-e53deefbf67d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2578", "type": "seen", "source": "https://t.me/cibsecurity/47272", "content": "\u203c CVE-2022-2578 \u203c\n\nA vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T20:13:48.000000Z"}, {"uuid": "fe964805-ccd3-45d1-a42b-b279c30b4327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25787", "type": "seen", "source": "https://t.me/cibsecurity/41914", "content": "\u203c CVE-2022-25787 \u203c\n\nInformation Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:09.000000Z"}, {"uuid": "113b87ec-b42a-49fc-94c0-afce26942fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25782", "type": "seen", "source": "https://t.me/cibsecurity/41924", "content": "\u203c CVE-2022-25782 \u203c\n\nImproper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:21.000000Z"}, {"uuid": "7717cbdb-0a20-4b99-a11f-6882b5693662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25780", "type": "seen", "source": "https://t.me/cibsecurity/41922", "content": "\u203c CVE-2022-25780 \u203c\n\nInformation Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:18.000000Z"}, {"uuid": "e64e1f38-439e-4634-943e-32675569d244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25784", "type": "seen", "source": "https://t.me/cibsecurity/41910", "content": "\u203c CVE-2022-25784 \u203c\n\nCross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:03.000000Z"}, {"uuid": "0ab8bf62-f398-44c6-9d77-8da4c7b529d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25786", "type": "seen", "source": "https://t.me/cibsecurity/41957", "content": "\u203c CVE-2022-25786 \u203c\n\nUnprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T22:35:16.000000Z"}, {"uuid": "4af8f09c-cbe3-43e9-bd23-be4020f9e2c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25783", "type": "seen", "source": "https://t.me/cibsecurity/41920", "content": "\u203c CVE-2022-25783 \u203c\n\nInsufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:16.000000Z"}, {"uuid": "042c2ffc-3195-4896-831f-96f1b506258f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25781", "type": "seen", "source": "https://t.me/cibsecurity/41917", "content": "\u203c CVE-2022-25781 \u203c\n\nCross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:13.000000Z"}, {"uuid": "b6bf2f94-a7ce-4045-a98a-4032c89874c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25785", "type": "seen", "source": "https://t.me/cibsecurity/41916", "content": "\u203c CVE-2022-25785 \u203c\n\nStack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T18:35:11.000000Z"}, {"uuid": "500779ab-743b-4a70-bf5e-049b46bd51e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25789", "type": "seen", "source": "https://t.me/cibsecurity/40508", "content": "\u203c CVE-2022-25789 \u203c\n\nA maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T00:16:21.000000Z"}]}