{"vulnerability": "cve-2022-3228", "sightings": [{"uuid": "2cfed0db-35e2-43a3-8616-381b1f727ca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32287", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrspzx6232v", "content": "", "creation_timestamp": "2025-08-19T21:02:27.647016Z"}, {"uuid": "ee71eb84-37a3-40fe-89c2-b0f55dbdd9da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32282", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11881", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-32282\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.\n\ud83d\udccf Published: 2022-08-22T18:25:14.535Z\n\ud83d\udccf Modified: 2025-04-15T18:51:16.930Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1545", "creation_timestamp": "2025-04-15T18:54:50.000000Z"}, {"uuid": "21a6d4cd-bf14-48e8-8787-0504b945321a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32287", "type": "seen", "source": "https://t.me/cibsecurity/52501", "content": "\u203c CVE-2022-32287 \u203c\n\nA relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T15:20:31.000000Z"}, {"uuid": "277a3cd6-554b-452b-bcd4-0fb0baf6a539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3228", "type": "seen", "source": "https://t.me/cibsecurity/52251", "content": "\u203c CVE-2022-3228 \u203c\n\nUsing custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T22:29:47.000000Z"}, {"uuid": "1119a133-a4a0-4b22-b593-4883854c9438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32282", "type": "seen", "source": "https://t.me/cibsecurity/48549", "content": "\u203c CVE-2022-32282 \u203c\n\nAn improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T22:20:59.000000Z"}, {"uuid": "a757cba0-2bf9-4a6c-8484-4d9f687cb0be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32289", "type": "seen", "source": "https://t.me/cibsecurity/46766", "content": "\u203c CVE-2022-32289 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-21T20:18:27.000000Z"}, {"uuid": "ed9ffd17-720c-4768-a297-39e4b055e666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32283", "type": "seen", "source": "https://t.me/cibsecurity/48335", "content": "\u203c CVE-2022-32283 \u203c\n\nBrowse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T12:41:22.000000Z"}, {"uuid": "e714b05d-ae46-41f6-a487-103b3cefc140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32280", "type": "seen", "source": "https://t.me/cibsecurity/44579", "content": "\u203c CVE-2022-32280 \u203c\n\nAuthenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T00:19:56.000000Z"}, {"uuid": "8ee11e10-14a7-400c-be37-b2f13948d8b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32284", "type": "seen", "source": "https://t.me/cibsecurity/45553", "content": "\u203c CVE-2022-32284 \u203c\n\nUse of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-04T13:01:28.000000Z"}, {"uuid": "d0b4a7c7-b9c0-46ce-af52-a1180ae58c44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32286", "type": "seen", "source": "https://t.me/cibsecurity/44375", "content": "\u203c CVE-2022-32286 \u203c\n\nA vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:19:15.000000Z"}, {"uuid": "cf6f6bab-e61f-48a0-8993-91974c5c7da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32285", "type": "seen", "source": "https://t.me/cibsecurity/44374", "content": "\u203c CVE-2022-32285 \u203c\n\nA vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:19:13.000000Z"}]}