{"vulnerability": "CVE-2022-3245", "sightings": [{"uuid": "b3075a20-7bc1-4071-9d4b-fa0316b84c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32453", "type": "seen", "source": "https://t.me/cibsecurity/48340", "content": "\u203c CVE-2022-32453 \u203c\n\nHTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T12:41:27.000000Z"}, {"uuid": "dba9712e-7ee9-4ebe-9ce2-60880d998017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32454", "type": "seen", "source": "https://t.me/cibsecurity/52024", "content": "\u203c CVE-2022-32454 \u203c\n\nA stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:26:52.000000Z"}, {"uuid": "9925ff7f-86c0-409b-8723-e33397d585f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3245", "type": "seen", "source": "https://t.me/cibsecurity/50144", "content": "\u203c CVE-2022-3245 \u203c\n\nHTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-20T18:39:22.000000Z"}, {"uuid": "444b3b6b-c9fb-4ca5-bf43-adb789d8a71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32456", "type": "seen", "source": "https://t.me/cibsecurity/46622", "content": "\u203c CVE-2022-32456 \u203c\n\nDigiwin BPM\u00e2\u20ac\u2122s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T07:41:21.000000Z"}, {"uuid": "7187b69e-c797-4bdd-9aa5-a20ab81f33bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32455", "type": "seen", "source": "https://t.me/cibsecurity/47576", "content": "\u203c CVE-2022-32455 \u203c\n\nIn BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-04T22:19:56.000000Z"}, {"uuid": "a6a312bd-cc7e-42b5-82e4-8fa573c7da3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32458", "type": "seen", "source": "https://t.me/cibsecurity/46628", "content": "\u203c CVE-2022-32458 \u203c\n\nDigiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T07:41:30.000000Z"}, {"uuid": "b60bd048-427d-43eb-9ec7-09428eb3d67a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32457", "type": "seen", "source": "https://t.me/cibsecurity/46625", "content": "\u203c CVE-2022-32457 \u203c\n\nDigiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-20T07:41:24.000000Z"}, {"uuid": "88a1d1f9-984e-444a-8826-75bc3dc17c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32450", "type": "seen", "source": "https://t.me/cibsecurity/46445", "content": "\u203c CVE-2022-32450 \u203c\n\nAnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T16:36:29.000000Z"}]}