{"vulnerability": "CVE-2020-1078", "sightings": [{"uuid": "55ed385d-7152-47a0-8b61-b6146b47e98c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10780", "type": "seen", "source": "https://t.me/cibsecurity/14035", "content": "ATENTION\u203c New - CVE-2020-10780\n\nRed Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-08-11T18:55:24.000000Z"}, {"uuid": "130698e6-5a50-44a1-9767-102cbe851f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10789", "type": "seen", "source": "https://t.me/cibsecurity/10805", "content": "ATENTION\u203c New - CVE-2020-10789 (openitcockpit)\n\nopenITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-30T09:47:28.000000Z"}, {"uuid": "892eebce-8b5f-4c25-ac5d-203c83c76d9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10788", "type": "seen", "source": "https://t.me/cibsecurity/10806", "content": "ATENTION\u203c New - CVE-2020-10788\n\nopenITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-30T09:47:29.000000Z"}, {"uuid": "ec5e4a83-1c07-41db-aa1f-bc4dc03344a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10783", "type": "published-proof-of-concept", "source": "Telegram/N-v1Hh00wQ-HXBE4zVMhrJUavdzcGWthCou_MmjKrO0rSbs", "content": "", "creation_timestamp": "2021-06-08T03:18:34.000000Z"}, {"uuid": "bb65f90c-3092-4d51-b131-551fd46a8dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10783", "type": "seen", "source": "https://t.me/cibsecurity/14024", "content": "ATENTION\u203c New - CVE-2020-10783\n\nRed Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-08-11T16:55:09.000000Z"}]}