{"vulnerability": "CVE-2020-1352", "sightings": [{"uuid": "58493ca6-c6f2-4e0a-9cfc-6cd59252887e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13527", "type": "seen", "source": "https://t.me/cibsecurity/21045", "content": "\u203c CVE-2020-13527 \u203c\n\nAn authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T02:43:26.000000Z"}, {"uuid": "694db4ee-5bbc-4198-b15f-67d7d6bdff37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13528", "type": "seen", "source": "https://t.me/cibsecurity/21030", "content": "\u203c CVE-2020-13528 \u203c\n\nAn information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T02:43:08.000000Z"}, {"uuid": "60db802e-d570-4cd2-8db4-913ad7b965e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13523", "type": "seen", "source": "https://t.me/cibsecurity/13873", "content": "ATENTION\u203c New - CVE-2020-13523\n\nAn exploitable information disclosure vulnerability exists in SoftPerfect\u00e2\u20ac\u2122s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-08-04T22:55:18.000000Z"}, {"uuid": "3f512406-b12f-45cc-ac40-5cc0f985ae43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19756", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:25:25.000000Z"}, {"uuid": "af611d8b-770a-4059-938e-b5147b210374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19736", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T06:25:17.000000Z"}, {"uuid": "ea2a35dd-ac24-4a03-9a0c-b517d2b41462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19696", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T04:25:18.000000Z"}, {"uuid": "a7664619-2ebf-495c-84e7-c929635f4e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19676", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T03:25:24.000000Z"}, {"uuid": "3d4788bd-a4af-4805-b83f-1cc6f17d9d07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19636", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T02:34:30.000000Z"}, {"uuid": "ec141710-389b-45f9-b447-74bc62086ddc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13524", "type": "seen", "source": "https://t.me/cibsecurity/17102", "content": "\u203c CVE-2020-13524 \u203c\n\nAn out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T20:26:15.000000Z"}, {"uuid": "e9d1d221-3525-4362-9690-4dc90c6a2e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19716", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T05:25:14.000000Z"}, {"uuid": "515ef1d9-8527-4740-83ae-86a7d9dcc28b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13526", "type": "seen", "source": "https://t.me/cibsecurity/19656", "content": "\u203c CVE-2020-13526 \u203c\n\nThe \u00e2\u20ac˜sort\u00e2\u20ac\u2122 parameter in the download page clientSetupAjax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T02:37:34.000000Z"}, {"uuid": "42a12a12-cd35-4660-9e05-33ae722af97d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13525", "type": "seen", "source": "https://t.me/cibsecurity/17107", "content": "\u203c CVE-2020-13525 \u203c\n\nThe sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-03T20:26:20.000000Z"}, {"uuid": "0231dc16-d36f-4186-88d9-3a5b25120fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13522", "type": "seen", "source": "https://t.me/cibsecurity/13876", "content": "ATENTION\u203c New - CVE-2020-13522\n\nAn exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-08-05T00:55:17.000000Z"}]}