👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42176
Github: https://github.com/soy-oreocato/CVE-2022-42176
Describe:
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.

** fscan ** 🔧Tool update
Tools name：fscan
Tools url：https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log：
Merge pull request #225 from evilAdan0s/main

去除弱特征：过时UA头

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31692
Github: https://github.com/SpindleSec/CVE-2022-31692
Describe:
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0185
Github: https://github.com/featherL/CVE-2022-0185-exploit
Describe:
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33079
Github: https://github.com/Bdenneu/CVE-2022-33079
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: fofa_cnvd
Github: https://github.com/nevermo0re/fofa_cnvd

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41445
Github: https://github.com/RashidKhanPathan/CVE-2022-41445
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41446
Github: https://github.com/RashidKhanPathan/CVE-2022-41446
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33679
Github: https://github.com/Blyth0He/CVE-2022-33679
Describe:
Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.

** MDUT ** 🔧Tool update
Tools name：MDUT
Tools url：https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log：
Merge pull request #53 from ren-jq101/main

fix(sec): upgrade fastjson to 1.2.83

👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD-2022-42853-Poc
Github: https://github.com/CCJ-For-Safety/CNVD-2022-42853-Poc

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43144
Github: https://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: Crawler_CNVD
Github: https://github.com/tootocode/Crawler_CNVD

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3699
Github: https://github.com/alfarom256/CVE-2022-3699
Describe:
**

** xray ** 🔧Tool update
Tools name：xray
Tools url：https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log：
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39395
Github: https://github.com/harry1osborn/CVE-2022-39395
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.