{"vulnerability": "CVE-2022-2414", "sightings": [{"uuid": "09a12a33-be03-49e0-8e75-e8f0fff24f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "29c676ac-aecb-483c-baa0-d04b17656dd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-21)", "content": "", "creation_timestamp": "2025-02-21T00:00:00.000000Z"}, {"uuid": "1213c4e2-51b6-4b5d-a1e6-0e244b081077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3545", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aTOP All bugbounty pentesting CVE-2022- POC Exp  RCE example payload  Things\nURL\uff1ahttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-06T14:42:14.000000Z"}, {"uuid": "db925c33-d7db-4381-b074-7e0ebb290ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "seen", "source": "https://t.me/poxek/2343", "content": "#\u041f\u041e #CVE\n\nVulnerability in open source identity management system Free IPA could lead to XXE attacks\nCVE-2022-2414\n\nFreeIPA - \u044d\u0442\u043e \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f upstream-\u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c Red Hat Identity Management. \u0414\u0435\u0444\u0435\u043a\u0442, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043a\u0430\u043a CVE-2022-2414, \u0431\u044b\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0432 \u043f\u0430\u043a\u0435\u0442\u0435 pki-core, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u0441\u043e\u0432\u0435\u0442 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 Red Hat.", "creation_timestamp": "2022-08-23T15:00:04.000000Z"}, {"uuid": "ac215344-bbbc-4418-a6a5-3febfd53739d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "seen", "source": "https://t.me/ptswarm/146", "content": "\ud83d\udc33 FreeIPA fixed XXE (CVE-2022-2414) found by our researcher @elk0kc.\n\nIn some cases, it allows attackers to read the Directory Manager password  from configs of FreeIPA and take full control of the infrastructure. May or may not require auth.\n\nAdvisory: https://access.redhat.com/security/cve/CVE-2022-2414", "creation_timestamp": "2022-08-31T13:04:24.000000Z"}, {"uuid": "20e46f9a-1b64-4cfd-ada5-10c5ba72d632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/100", "content": "15 Tools - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-2414-Proof-Of-Concept\n\nA flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\n\u200b\u200bPylirt\n\nPython Linux Incident Response Toolkit\n\nWith this application, it is aimed to accelerate the incident response processes by collecting information in linux operating systems.\n\nhttps://github.com/anil-yelken/pylirt\n\n\u200b\u200bQuickstart Quark Script\n\nIn this tutorial, we will learn how to install and run Quark Script with a very easy example. We show how to detect CWE-798 in ovaa.apk.\n\nhttps://github.com/quark-engine/quark-script\n\n\u200b\u200bDynamicLabs\n\nCreating lab environments for testing and learning red teaming/simulated attack techniques can be hard and time consuming.\n\nDynamic Labs is an open source tool aimed at red teamers and pentesters for the quick deployment of flexible, transient and cloud-hosted lab environments.\n\nIts simple configuration files abstract the complexities of building realistic corporate environments with common vulnerabilities.\n\nhttps://github.com/ctxis/DynamicLabs\n\n\u200b\u200bfireproxng\n\nfireproxng is a refresh of the widely loved fireprox.\n\nThe original fireprox project appears to be mostly unchanged and I assume most organizations have transitioned to maintaining an internal version of the tool. \n\nhttps://github.com/Sprocket-Security/fireproxng\n\nRedditC2\n\nAbusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.\n\nhttps://github.com/kleiton0x00/RedditC2\n\n\u200b\u200bHacking Stellar\n\nHacking Stellar is an open-source e-book on Stellar, the decentralized payment network, which allows financial institutions, businesses, and individuals around the world to transact quickly and reliably.\n\nThis online book introduces you to Stellar with lots of practical examples using the command-line client, Lumen, and moves on to building complete applications using the Javascript and Go libraries.\n\nhttps://github.com/0xfe/hacking-stellar\n\n\u200b\u200bSandboxProfiler\n\nCollect information of internet-connected sandboxes, no backend needed. This is achieved using telegram and interact.sh to collect data, however custom listeners are also supported. Non internet-connected sandboxes are not in scope, however it is possible to check for DNS exfiltration.\n\nhttps://gitlab.com/brn1337/sandboxprofiler\n\n\u200b\u200bEasyG\n\nEasyG started out as a script that I use to automate some information gathering tasks for PenTesting and Bug Hunting, you can find it here. Now it's more than that.\n\nhttps://github.com/seeu-inspace/easyg\n\n\u200b\u200bAwesome Firmware Security\n\nA curated list of platform firmware resources, with a focus on security and testing. Created by PreOS Security.\n\nhttps://github.com/PreOS-Security/awesome-firmware-security\n\n\u200b\u200bPentest-Cheat-Sheets\n\nThis repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.\n\nhttps://github.com/Kitsun3Sec/Pentest-Cheat-Sheets\n\n\u200b\u200bHacking Resources\n\nCTF chall write-ups, files, scripts etc \n\nhttps://github.com/Crypto-Cat/CTF\n\ns3cXSSer\n\nThis extension will help you to detect GET/POST based XSS vulnerability in any website easily\n\nhttps://github.com/s3c-krd/s3cXSSer\n\n\u200b\u200bgetsymbol\n\nTool to download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers compatible with Windows 8.1/10/11\n\nhttps://github.com/dbgsymbol/getsymbolv\n\n\u200b\u200bcypherhound\n\nA Python3 terminal application that contains 190+ Neo4j cyphers for BloodHound data sets.\n\nhttps://github.com/fin3ss3g0d/cypherhound\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6", "creation_timestamp": "2022-12-09T17:14:43.000000Z"}, {"uuid": "27e85191-0d47-4d4b-8120-02018f19a0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2105", "content": "15 Tools - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-2414-Proof-Of-Concept\n\nA flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\n\u200b\u200bPylirt\n\nPython Linux Incident Response Toolkit\n\nWith this application, it is aimed to accelerate the incident response processes by collecting information in linux operating systems.\n\nhttps://github.com/anil-yelken/pylirt\n\n\u200b\u200bQuickstart Quark Script\n\nIn this tutorial, we will learn how to install and run Quark Script with a very easy example. We show how to detect CWE-798 in ovaa.apk.\n\nhttps://github.com/quark-engine/quark-script\n\n\u200b\u200bDynamicLabs\n\nCreating lab environments for testing and learning red teaming/simulated attack techniques can be hard and time consuming.\n\nDynamic Labs is an open source tool aimed at red teamers and pentesters for the quick deployment of flexible, transient and cloud-hosted lab environments.\n\nIts simple configuration files abstract the complexities of building realistic corporate environments with common vulnerabilities.\n\nhttps://github.com/ctxis/DynamicLabs\n\n\u200b\u200bfireproxng\n\nfireproxng is a refresh of the widely loved fireprox.\n\nThe original fireprox project appears to be mostly unchanged and I assume most organizations have transitioned to maintaining an internal version of the tool. \n\nhttps://github.com/Sprocket-Security/fireproxng\n\nRedditC2\n\nAbusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.\n\nhttps://github.com/kleiton0x00/RedditC2\n\n\u200b\u200bHacking Stellar\n\nHacking Stellar is an open-source e-book on Stellar, the decentralized payment network, which allows financial institutions, businesses, and individuals around the world to transact quickly and reliably.\n\nThis online book introduces you to Stellar with lots of practical examples using the command-line client, Lumen, and moves on to building complete applications using the Javascript and Go libraries.\n\nhttps://github.com/0xfe/hacking-stellar\n\n\u200b\u200bSandboxProfiler\n\nCollect information of internet-connected sandboxes, no backend needed. This is achieved using telegram and interact.sh to collect data, however custom listeners are also supported. Non internet-connected sandboxes are not in scope, however it is possible to check for DNS exfiltration.\n\nhttps://gitlab.com/brn1337/sandboxprofiler\n\n\u200b\u200bEasyG\n\nEasyG started out as a script that I use to automate some information gathering tasks for PenTesting and Bug Hunting, you can find it here. Now it's more than that.\n\nhttps://github.com/seeu-inspace/easyg\n\n\u200b\u200bAwesome Firmware Security\n\nA curated list of platform firmware resources, with a focus on security and testing. Created by PreOS Security.\n\nhttps://github.com/PreOS-Security/awesome-firmware-security\n\n\u200b\u200bPentest-Cheat-Sheets\n\nThis repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.\n\nhttps://github.com/Kitsun3Sec/Pentest-Cheat-Sheets\n\n\u200b\u200bHacking Resources\n\nCTF chall write-ups, files, scripts etc \n\nhttps://github.com/Crypto-Cat/CTF\n\ns3cXSSer\n\nThis extension will help you to detect GET/POST based XSS vulnerability in any website easily\n\nhttps://github.com/s3c-krd/s3cXSSer\n\n\u200b\u200bgetsymbol\n\nTool to download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers compatible with Windows 8.1/10/11\n\nhttps://github.com/dbgsymbol/getsymbolv\n\n\u200b\u200bcypherhound\n\nA Python3 terminal application that contains 190+ Neo4j cyphers for BloodHound data sets.\n\nhttps://github.com/fin3ss3g0d/cypherhound\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6", "creation_timestamp": "2022-12-09T17:14:43.000000Z"}, {"uuid": "aaa19880-5aa2-4e23-a88c-7c0212750c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "seen", "source": "https://t.me/crackcodes/1676", "content": "#exploit\n1. CVE-2022-2414:\nXXE\u00a0in pki-core\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\n2. CVE-2022-41057:\nWindows: HTTP.SYS Kerberos PAC Verification Bypass EoP\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2346\n\n3. CVE-2022-44638:\nInteger overflow in pixman_sample_floor_y leads to heap out-of-bounds write\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=234", "creation_timestamp": "2022-12-08T13:33:29.000000Z"}, {"uuid": "5e197646-82fd-4a20-af69-fb75518f144f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "Telegram/6BgKHIjaQXNDJQWZG69VeBEXfOZASZqMc4P50RWJtEQJKN0", "content": "", "creation_timestamp": "2022-12-23T14:14:05.000000Z"}, {"uuid": "45c659f3-e199-4c42-b7ba-1a9c556f3294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1213", "content": "CVE-2022-2414\n\u0414\u044b\u0440\u043a\u0430 \u0432 pki-core\n\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u044b.", "creation_timestamp": "2022-12-08T14:42:56.000000Z"}, {"uuid": "43fed4d1-ddff-4772-93e8-a58ac15b9e2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24141", "type": "seen", "source": "https://t.me/cibsecurity/45644", "content": "\u203c CVE-2022-24141 \u203c\n\nThe iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:53.000000Z"}, {"uuid": "47022470-c1a0-4c32-9265-b4230ea82d4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24140", "type": "seen", "source": "https://t.me/cibsecurity/45648", "content": "\u203c CVE-2022-24140 \u203c\n\nIOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-06T16:20:57.000000Z"}, {"uuid": "d46ef5e9-70e8-453a-980b-932790ab49b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24147", "type": "seen", "source": "https://t.me/cibsecurity/36811", "content": "\u203c CVE-2022-24147 \u203c\n\nTenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T07:30:43.000000Z"}, {"uuid": "ff1d5a9c-edca-4aaa-b872-9ca5e4ef7f18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "seen", "source": "https://t.me/cibsecurity/47279", "content": "\u203c CVE-2022-2414 \u203c\n\nAccess to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T22:13:43.000000Z"}, {"uuid": "ac7061cd-c0c1-4ea8-812b-04880a2fe5ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24145", "type": "seen", "source": "https://t.me/cibsecurity/36809", "content": "\u203c CVE-2022-24145 \u203c\n\nTenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T07:30:41.000000Z"}, {"uuid": "0a8bf833-0358-48ca-9d48-b1692a67879c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24148", "type": "seen", "source": "https://t.me/cibsecurity/36807", "content": "\u203c CVE-2022-24148 \u203c\n\nTenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T07:30:39.000000Z"}, {"uuid": "e2a1a157-8354-443a-a5c5-790416c90b34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24146", "type": "seen", "source": "https://t.me/cibsecurity/36818", "content": "\u203c CVE-2022-24146 \u203c\n\nTenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T07:30:51.000000Z"}, {"uuid": "6e961c10-757c-475c-aeea-9a9e3e5564c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4384", "content": "CVE-2022-2414 ( Hole in pki-core )\n\nThe vulnerability allows a remote attacker to obtain the contents of arbitrary files by sending specially crafted HTTP requests.\n\n#POC\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-04T10:02:38.000000Z"}, {"uuid": "c9f65302-6732-4f8d-8b24-d5940d8870a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2540", "content": "#CVE-2022\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\nFor CVE-2022-33891 Apache Spark: Emulation and Detection by West Shepherd\nhttps://github.com/ps-interactive/lab_security_apache_spark_emulation_detection\n\nCVE-2022-46169\n\nhttps://github.com/imjdl/CVE-2022-46169\n\n@BlueRedTeam", "creation_timestamp": "2022-12-27T19:38:43.000000Z"}, {"uuid": "80d4c504-f75c-40d4-9851-f78d5d1ead66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7321", "content": "#exploit\n1. CVE-2022-2414:\nXXE\u00a0in pki-core\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\n2. CVE-2022-41057:\nWindows: HTTP.SYS Kerberos PAC Verification Bypass EoP\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2346\n\n3. CVE-2022-44638:\nInteger overflow in pixman_sample_floor_y leads to heap out-of-bounds write\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=234", "creation_timestamp": "2022-12-08T11:03:01.000000Z"}, {"uuid": "976f9f84-6638-4947-86de-5e78aeccaf2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-26)", "content": "", "creation_timestamp": "2026-05-26T00:00:00.000000Z"}]}