CVE-2022-1000
published 2022-03-17CVE-2022-1000: Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
PriorityP345critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.86%
76.6th percentile
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | cilium_cilium | >= 0 < 1.9.16 | 1.9.16 |
| github.com | cilium_cilium | >= 1.10.0 < 1.10.11 | 1.10.11 |
| github.com | cilium_cilium | >= 1.11.0 < 1.11.5 | 1.11.5 |
| golang.org | x_text | >= 0 < 0.3.8 | 0.3.8 |
| chrome_chrome | — | — | |
| microweber | microweber | 0 – 1.2.11 | — |
| nodejs | undici | >= 0 < 5.8.0 | 5.8.0 |
| prasathmani | prasathmani_tinyfilemanager | >= unspecified < 2.4.7 | 2.4.7 |
| prasathmani | tiny_file_manager | < 2.4.7 | 2.4.7 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.5HIGH
cisa7.5HIGH
vendor_redhat7.8HIGH
vendor_cisco7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
golang.org/x/text/language Denial of service via crafted Accept-Language header
ghsa·2022-10-14
CVE-2022-32149 [HIGH] CWE-772 golang.org/x/text/language Denial of service via crafted Accept-Language header
golang.org/x/text/language Denial of service via crafted Accept-Language header
The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten to fix this behavior for various reasons. Instead the solution implemented in this CL is to limit the total complexity of tags passed into ParseAcceptLanguage by limiting the number of dashes in the string to 1000. This should be more than enough for the majority of real world use cases, where the number of tags being sent is likely to be in the single digits.
### Specific Go Packages Affected
golang.org/x/text/languag
GHSA
undici before v5.8.0 vulnerable to CRLF injection in request headers
ghsa·2022-07-21·CVSS 7.5
CVE-2022-31150 [HIGH] CWE-93 undici before v5.8.0 vulnerable to CRLF injection in request headers
undici before v5.8.0 vulnerable to CRLF injection in request headers
### Impact
It is possible to inject CRLF sequences into request headers in Undici.
```js
const undici = require('undici')
const response = undici.request("http://127.0.0.1:1000", {
headers: {'a': "\r\nb"}
})
```
The same applies to `path` and `method`
### Patches
Update to v5.8.0
### Workarounds
Sanitize all HTTP headers from untrusted sources to eliminate `\r\n`.
### References
https://hackerone.com/reports/409943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [undici repository](https://github.com/nodejs/undici/issues)
* To make a report, follow the [SECURITY](https://github.com/nodejs/node
GHSA
Jetty SslConnection does not release pooled ByteBuffers in case of errors
ghsa·2022-07-07
CVE-2022-2191 [HIGH] CWE-404 Jetty SslConnection does not release pooled ByteBuffers in case of errors
Jetty SslConnection does not release pooled ByteBuffers in case of errors
### Impact
`SslConnection` does not release `ByteBuffer`s in case of error code paths.
For example, TLS handshakes that require client-auth with clients that send expired certificates will trigger a TLS handshake errors and the `ByteBuffer`s used to process the TLS handshake will be leaked.
### Workarounds
Configure explicitly a `RetainableByteBufferPool` with `max[Heap|Direct]Memory` to limit the amount of memory that is leaked.
Eventually the pool will be full of "active" entries (the leaked ones) and will provide `ByteBuffer`s that will be GCed normally.
_With embedded-jetty_
``` java
int maxBucketSize = 1000;
long maxHeapMemory = 128 * 1024L * 1024L; // 128 MB
long maxDirectMemory = 128 * 1024L * 1024L; // 12
GHSA
Access to Unix domain socket can lead to privileges escalation in Cilium
ghsa·2022-05-24
CVE-2022-29178 [HIGH] CWE-276 Access to Unix domain socket can lead to privileges escalation in Cilium
Access to Unix domain socket can lead to privileges escalation in Cilium
### Impact
Users with host file system access on a node and the privileges to run as group ID 1000 can gain access to the per node API of Cilium via Unix domain socket on the host where Cilium is running. If a malicious user is able to gain unprivileged access to a user corresponding to this group, then they can leverage this access to compromise the integrity as well as system availability on that host. Operating Systems that have unprivileged users **not** belonging the group ID 1000 are **not** affected by this vulnerability.
Best practices for managing the secure deployment of Kubernetes clusters will typically limit the ability for a malicious user to deploy pods with access to this group or to access the host
GHSA
GHSA-qg53-fr9c-3pm3: Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2
ghsa_unreviewed·2022-03-18
CVE-2022-1000 [CRITICAL] CWE-22 GHSA-qg53-fr9c-3pm3: Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
GHSA
Denial of service in microweber
ghsa·2022-03-16
CVE-2022-0961 [HIGH] CWE-190 Denial of service in microweber
Denial of service in microweber
Microweber is drag and drop website builder and CMS with E-commerce. The microweber prior 1.2.12 application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The post title input can be limited to 500 characters or max 1000 characters as a workaround.
Chrome
Stable Channel Update for Desktop: CVE-2025-5065
vendor_chrome·2025-05-27·CVSS 6.5
CVE-2025-5065 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-5065
Stable Channel Update for Desktop
CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Reported by NDevTK on 2022-03-11 [$1000][ 356658477 ] Medium CVE-2025-5066: Inappropriate implementation in Messages
Reported by Mohit Raj (shadow2639) on 2024-07-31 [TBD][ 417215501 ] Medium CVE-2025-5281: Inappropriate implementation in BFCache
Severity: medium
Red Hat
kernel: macvlan: enforce a consistent minimal mtu
vendor_redhat·2025-05-01·CVSS 5.5
CVE-2022-49776 [MEDIUM] kernel: macvlan: enforce a consistent minimal mtu
kernel: macvlan: enforce a consistent minimal mtu
In the Linux kernel, the following vulnerability has been resolved:
macvlan: enforce a consistent minimal mtu
macvlan should enforce a minimal mtu of 68, even at link creation.
This patch avoids the current behavior (which could lead to crashes
in ipv6 stack if the link is brought up)
$ ip link add macvlan1 link eno1 mtu 8 type macvlan # This should fail !
$ ip link sh dev macvlan1
5: macvlan1@eno1: mtu 8 qdisc noop
state DOWN mode DEFAULT group default qlen 1000
link/ether 02:47:6c:24:74:82 brd ff:ff:ff:ff:ff:ff
$ ip link set macvlan1 mtu 67
Error: mtu less than device minimum.
$ ip link set macvlan1 mtu 68
$ ip link set macvlan1 mtu 8
Error: mtu less than device minimum.
Statement: A flaw in the macvlan driver allowed creation of interf
Red Hat
kernel: arm64: topology: fix possible overflow in amu_fie_setup()
vendor_redhat·2024-04-28·CVSS 7.8
CVE-2022-48657 [HIGH] CWE-190 kernel: arm64: topology: fix possible overflow in amu_fie_setup()
kernel: arm64: topology: fix possible overflow in amu_fie_setup()
In the Linux kernel, the following vulnerability has been resolved:
arm64: topology: fix possible overflow in amu_fie_setup()
cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,
while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.
Multiplying max frequency by 1000 can potentially result in overflow --
multiplying by 1000ULL instead should avoid that...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affect
Chrome
Stable Channel Update for ChromeOS/ChromeOS Flex: CVE-2023-5478
vendor_chrome·2023-10-18·CVSS 6.3
CVE-2023-5478 [LOW] Stable Channel Update for ChromeOS/ChromeOS Flex: CVE-2023-5478
Stable Channel Update for ChromeOS/ChromeOS Flex
CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Shaheen Fazim on 2023-06-15 [$1000][ 1357442 ] Low CVE-2023-5486: Inappropriate implementation in Input
Reported by Hafiizh on 2022-08-29 [$1000][ 1484000 ] Low CVE-2023-5473: Use after free in Cast
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2023-5486
vendor_chrome·2023-10-10·CVSS 6.3
CVE-2023-5486 [LOW] Stable Channel Update for Desktop: CVE-2023-5486
Stable Channel Update for Desktop
CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29 [$1000][ 1484000 ] Low CVE-2023-5473: Use after free in Cast
Reported by DarkNavy on 2023-09-18 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: low
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-4361
vendor_chrome·2023-08-25·CVSS 5.3
CVE-2023-4361 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-4361
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17 [$1000][ 1316379 ] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL
Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14 [$1000][ 1367085 ] Medium CVE-2023-4363: Inappropriate implementation in WebShare
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-2464
vendor_chrome·2023-05-02·CVSS 4.3
CVE-2023-2464 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-2464
Stable Channel Update for Desktop
CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23 [$1000][ 1399862 ] Medium CVE-2023-2465: Inappropriate implementation in CORS
Reported by @kunte_ctf on 2022-12-10 [$3000][ 1385714 ] Low CVE-2023-2466: Inappropriate implementation in Prompts
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-0702
vendor_chrome·2023-02-07·CVSS 8.8
CVE-2023-0702 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0702
Stable Channel Update for Desktop
CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14 [$1000][ 1405574 ] Medium CVE-2023-0703: Type Confusion in DevTools
Reported by raven at KunLun lab on 2023-01-07 [$2000][ 1385982 ] Low CVE-2023-0704: Insufficient policy enforcement in DevTools
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-0138
vendor_chrome·2023-01-10·CVSS 8.8
CVE-2023-0138 [LOW] Stable Channel Update for Desktop: CVE-2023-0138
Stable Channel Update for Desktop
CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 [$2000][ 1367632 ] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads
Reported by Axel Chong on 2022-09-24 [$1000][ 1326788 ] Low CVE-2023-0140: Inappropriate implementation in File System API
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2022-4192
vendor_chrome·2022-11-29·CVSS 8.8
CVE-2022-4192 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4192
Stable Channel Update for Desktop
CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14 [$1000][ 1354518 ] Medium CVE-2022-4193: Insufficient policy enforcement in File System API
Reported by Axel Chong on 2022-08-19 [$TBD][ 1370562 ] Medium CVE-2022-4194: Use after free in Accessibility
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2022-4908
vendor_chrome·2022-10-25·CVSS 4.3
CVE-2022-4908 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4908
Stable Channel Update for Desktop
CVE-2022-4908: Inappropriate implementation in iFrame Sandbox. Reported by Johan Carlsson @joaxcar on 2022-09-02 [$3000][ 1350111 ] Low CVE-2022-3661: Insufficient data validation in Extensions
Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04 [ $1000][ 1356211 ] Low CVE-2022-4909: Inappropriate implementation in XML
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2022-3443
vendor_chrome·2022-09-27·CVSS 4.3
CVE-2022-3443 [LOW] Stable Channel Update for Desktop: CVE-2022-3443
Stable Channel Update for Desktop
CVE-2022-3443: Insufficient data validation in File System API. Reported by Maciej Pulikowski and Konrad Chrząszcz on 2021-08-27 [$1000][ 1208439 ] Low CVE-2022-3444: Insufficient data validation in File System API
Reported by Archie Midha & Vallari Sharma on 2021-05-12 [$ 500][ 1349493 ] Low CVE-2022-4911: Insufficient data validation in DevTools
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2022-3308
vendor_chrome·2022-09-27·CVSS 7.4
CVE-2022-3308 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-3308
Stable Channel Update for Desktop
CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 [$4000][ 1348415 ] Medium CVE-2022-3309: Use after free in Assistant
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 [$1000][ 1240065 ] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2022-3198
vendor_chrome·2022-09-14·CVSS 8.8
CVE-2022-3198 [HIGH] Stable Channel Update for Desktop: CVE-2022-3198
Stable Channel Update for Desktop
CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23 [$TBD][ 1355237 ] High CVE-2022-3199: Use after free in Frames
Reported by Anonymous on 2022-08-22 [$1000][ 1355103 ] High CVE-2022-3200: Heap buffer overflow in Internals
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2022-1856
vendor_chrome·2022-05-24·CVSS 8.8
CVE-2022-1856 [HIGH] Stable Channel Update for Desktop: CVE-2022-1856
Stable Channel Update for Desktop
CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [$2000][ 1227995 ] High CVE-2022-1857: Insufficient policy enforcement in File System API
Reported by Daniel Rhea on 2021-07-11 [$1000][ 1314310 ] High CVE-2022-1858: Out of bounds read in DevTools
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2022-1492
vendor_chrome·2022-04-26·CVSS 6.1
CVE-2022-1492 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1492
Stable Channel Update for Desktop
CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michał Bentkowski of Securitum on 2022-04-11 [$1000][ 1275414 ] Medium CVE-2022-1493: Use after free in Dev Tools
Reported by Zhihua Yao of KunLun Lab on 2021-12-01 [$1000][ 1298122 ] Medium CVE-2022-1494: Insufficient data validation in Trusted Types
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2022-1495
vendor_chrome·2022-04-26·CVSS 4.3
CVE-2022-1495 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-1495
Stable Channel Update for Desktop
CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28 [$1000][ 1306391 ] Medium CVE-2022-1496: Use after free in File Manager
Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15 [$NA][ 1264543 ] Medium CVE-2022-1497: Inappropriate implementation in Input
Severity: medium
Cisco
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
vendor_cisco·2022-04-13·CVSS 7.4
CVE-2022-20761 [HIGH] CWE-248 Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device.
This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation.
Cisco has released software updates that address this vulnerability
Chrome
Stable Channel Update for Desktop: CVE-2022-1129
vendor_chrome·2022-03-29·CVSS 6.5
CVE-2022-1129 [HIGH] Stable Channel Update for Desktop: CVE-2022-1129
Stable Channel Update for Desktop
CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24 [$1000][ 1142269 ] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
Reported by Sergey Toshin of Oversecurity Inc
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2022-4922
vendor_chrome·2022-03-01·CVSS 6.5
CVE-2022-4922 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-4922
Stable Channel Update for Desktop
CVE-2022-4922: Inappropriate implementation in Blink. Reported by Thomas Orlita on 2021-10-19 [$1000][ 1283434 ] Medium CVE-2022-0806: Data leak in Canvas
Reported by Paril on 2021-12-31 [$TBD][ 1287364 ] Medium CVE-2022-0807: Inappropriate implementation in Autofill
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2022-0462
vendor_chrome·2022-02-01·CVSS 6.5
CVE-2022-0462 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0462
Stable Channel Update for Desktop
CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16 [$1000][ 1268240 ] Medium CVE-2022-0463: Use after free in Accessibility
Reported by Zhihua Yao of KunLun Lab on 2021-11-09 [$1000][ 1270095 ] Medium CVE-2022-0464: Use after free in Accessibility
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2022-0118
vendor_chrome·2022-01-04·CVSS 4.3
CVE-2022-0118 [LOW] Stable Channel Update for Desktop: CVE-2022-0118
Stable Channel Update for Desktop
CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11 [$TBD][ 1262953 ] Low CVE-2022-0120: Inappropriate implementation in Passwords
Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25 [$1000][ 1238309 ] Low CVE-2022-4925: Insufficient validation of untrusted input in QUIC
Severity: low
Chrome
Stable Channel Update for Desktop: CVE-2022-0112
vendor_chrome·2022-01-04·CVSS 4.3
CVE-2022-0112 [MEDIUM] Stable Channel Update for Desktop: CVE-2022-0112
Stable Channel Update for Desktop
CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita on 2021-10-04 [$1000][ 1039885 ] Medium CVE-2022-0113: Inappropriate implementation in Blink
Reported by Luan Herrera (@lbherrera_) on 2020-01-07 [$TBD][ 1267627 ] Medium CVE-2022-0114: Out of bounds memory access in Web Serial
Severity: medium
CISA
TVT NVMS-1000 Directory Traversal Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2019-20085 [HIGH] CWE-22 TVT NVMS-1000 Directory Traversal Vulnerability
Vulnerability: TVT NVMS-1000 Directory Traversal Vulnerability
Affected: TVT NVMS-1000
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-20085
Remediation Due Date: 2022-05-03
Cisco
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2022-20761 Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
CVE-2022-20761: Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the integrated AP to stop processing traffic, resulting in a DoS condition. It may be necessary to manually reload the CGR1K to restore AP operation. Cisco has released software updates that address this
Suricata
ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)
suricata·2022-09-06·CVSS 9.8
CVE-2017-6862 [CRITICAL] ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)
ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:>1000; content:"unauth.cgi"; fast_pattern; content:"timestamp="; reference:cve,2017-6862; classtype:attempted-admin; sid:2038736; rev:2; metadata:attack_target Networking_Equipment, created_at 2022_09_06, cve CVE_2017_6862, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_03_08;)
Exploit-DB
rconfig 3.9.7 - Sql Injection (Authenticated)
exploitdb·2023-03-31·CVSS 8.8
CVE-2022-45030 [HIGH] rconfig 3.9.7 - Sql Injection (Authenticated)
rconfig 3.9.7 - Sql Injection (Authenticated)
---
# Exploit Title: rconfig 3.9.7 - Sql Injection (Authenticated)
# Exploit Author: azhen
# Date: 10/12/2022
# Vendor Homepage: https://www.rconfig.com/
# Software Link: https://www.rconfig.com/
# Vendor: rConfig
# Version: ")
sys.exit(1)
host=sys.argv[1] #Enter the hostname
def get_data(host):
print("[+] Get db data...")
vul_url = "https://"+host+":443/lib/ajaxHandlers/ajaxCompareGetCmdDates.php?deviceId=-1&command='+union+select+concat(1000%2bord(substr({},{},1)),'-1-1')%20--%20"
query_exp = "database()"
result_data = ""
for i in range(1, 100):
burp0_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:86.0) Gecko/20100101 Firefox/86.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,
Metasploit
Zyxel Firewall SUID Binary Privilege Escalation
metasploit·CVSS 9.8
CVE-2022-30526 [CRITICAL] Zyxel Firewall SUID Binary Privilege Escalation
Zyxel Firewall SUID Binary Privilege Escalation
This module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker provided script, resulting in code execution as root. In order to use this module, the attacker must first establish shell access. For example, by exploiting CVE-2022-30525. Known affected Zyxel models are: USG FLEX (50, 50W, 100W, 200, 500, 700), ATP (100, 200, 500, 700, 800), VPN (50, 100, 300, 1000), USG20-VPN and USG20W-VPN.
https://github.com/prasathmani/tinyfilemanager/commit/154947ef83efeb68fc2b921065392b6a7fc9c965https://huntr.dev/bounties/5995a93f-0c4b-4f7d-aa59-a64424219424https://github.com/prasathmani/tinyfilemanager/commit/154947ef83efeb68fc2b921065392b6a7fc9c965https://huntr.dev/bounties/5995a93f-0c4b-4f7d-aa59-a64424219424
2022-03-17
Published