{"vulnerability": "cve-2022-2537", "sightings": [{"uuid": "01727859-b92d-4b82-95c2-260c654d217a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1514", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-25375 - Demo exploit of RNDIS USB Gadget\nURL\uff1ahttps://github.com/szymonh/rndis-co", "creation_timestamp": "2022-02-20T20:01:12.000000Z"}, {"uuid": "ab3ad434-5cd7-48a8-a6a9-a48dd34e70ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25377", "type": "seen", "source": "https://t.me/ctinow/191275", "content": "https://ift.tt/Q8YIMHJ\nCVE-2022-25377", "creation_timestamp": "2024-02-22T23:26:35.000000Z"}, {"uuid": "8c260027-eef6-44bd-8227-421b8f5c0254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25377", "type": "seen", "source": "https://t.me/ctinow/191272", "content": "https://ift.tt/Q8YIMHJ\nCVE-2022-25377", "creation_timestamp": "2024-02-22T23:26:33.000000Z"}, {"uuid": "20a72f33-7a79-494c-be23-000c4b187ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2537", "type": "seen", "source": "https://t.me/cibsecurity/48996", "content": "\u203c CVE-2022-2537 \u203c\n\nThe WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T22:34:19.000000Z"}, {"uuid": "410ae0f9-8699-4b11-9bc5-1be8ec57dc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25373", "type": "seen", "source": "https://t.me/cibsecurity/40196", "content": "\u203c CVE-2022-25373 \u203c\n\nZoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-05T22:29:08.000000Z"}, {"uuid": "2d75c513-369d-4650-b2a9-80ae8e1f9c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25374", "type": "seen", "source": "https://t.me/cibsecurity/38087", "content": "\u203c CVE-2022-25374 \u203c\n\nHashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T16:20:30.000000Z"}, {"uuid": "749e640c-12e5-44e9-952b-b9f77ab99ad1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "seen", "source": "https://t.me/cibsecurity/37852", "content": "\u203c CVE-2022-25375 \u203c\n\nAn issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:40.000000Z"}, {"uuid": "7e7a96f1-4e44-425b-a4f0-7bbcfa107d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25372", "type": "seen", "source": "https://t.me/cibsecurity/37850", "content": "\u203c CVE-2022-25372 \u203c\n\nPritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:36.000000Z"}, {"uuid": "0fa9cc3c-db78-4de7-901b-3012a3d5d5e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25372", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1905", "content": "#exploit\nCVE-2022-25372:\nLocal Privilege Escalation in Pritunl VPN Client\nhttps://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client\n\n@BlueRedTeam", "creation_timestamp": "2022-04-07T10:36:55.000000Z"}, {"uuid": "60caef5b-a293-4202-8804-97e11b993ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1750", "content": "#exploit\n1. CVE-2022-25375:\nDemo exploit of RNDIS USB Gadget\nhttps://github.com/szymonh/rndis-co\n\n2. CVE-2022-24112:\nApache APISIX apisix/batch-requests RCE\nhttps://github.com/Mr-xn/CVE-2022-24112\n]-> https://github.com/shakeman8/CVE-2022-24112\n\n@BlueRedTeam", "creation_timestamp": "2022-02-23T05:20:26.000000Z"}, {"uuid": "473dbc48-5fb0-4e71-b885-cc7086308e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5476", "content": "#exploit\n1. CVE-2022-25375:\nDemo exploit of RNDIS USB Gadget\nhttps://github.com/szymonh/rndis-co\n\n2. Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS)\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=1230444", "creation_timestamp": "2022-03-21T08:42:48.000000Z"}, {"uuid": "11bcb9ea-4152-4374-bf9d-e24d8c3eb921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25372", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5759", "content": "#exploit\nCVE-2022-25372:\nLocal Privilege Escalation in Pritunl VPN Client\nhttps://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client", "creation_timestamp": "2022-04-07T11:03:01.000000Z"}]}