{"vulnerability": "CVE-2020-2894", "sightings": [{"uuid": "12341078-07fb-4ded-a9cc-bbfeebeeebb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "c2d9c013-5dc0-45a5-80e9-79df77b38bf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "MISP/3f4bee04-47e3-438c-bfcc-47b63c3a1847", "content": "", "creation_timestamp": "2024-11-14T06:10:07.000000Z"}, {"uuid": "df74217d-3a2b-42b1-b09d-44682c881350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971688", "content": "", "creation_timestamp": "2024-12-24T20:32:49.516879Z"}, {"uuid": "280e6efa-66a5-421b-ba53-2ac4a3c55088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:27.000000Z"}, {"uuid": "28d45456-44e1-4248-b9ea-3a43aff6ccae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "1473ae21-3a25-4fa5-a373-f5dd559f2a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:28.000000Z"}, {"uuid": "4b564a92-bfd1-4274-aa9b-7fc10f95768a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/archive_tar_arb_file_write.rb", "content": "", "creation_timestamp": "2021-01-25T12:18:54.000000Z"}, {"uuid": "708e0e98-89c8-4ed5-b5c9-34f1795c0a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-28949", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/728a5d39-7136-48fc-ac9d-8c6140b2c74b", "content": "", "creation_timestamp": "2026-02-02T12:27:15.791578Z"}, {"uuid": "c91f3ff7-d5ef-490e-8bab-bc87634da052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=530", "content": "", "creation_timestamp": "2020-11-30T04:00:00.000000Z"}, {"uuid": "a12b3d0a-5eb2-43e2-87d2-6f7de5c68a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-28948", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=530", "content": "", "creation_timestamp": "2020-11-30T04:00:00.000000Z"}, {"uuid": "d7e4b9ad-1096-414b-ac3d-83710ff9f4fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "Telegram/phmpV1SM0Ao_XFj53AhNH1kNDNLE0QTqdV1Q0mkA4gBTzbOx", "content": "", "creation_timestamp": "2020-12-03T06:54:23.000000Z"}, {"uuid": "5ee24729-881f-43c0-a864-f78960353565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28948", "type": "seen", "source": "https://t.me/cKure/2991", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2020-28949 and CVE-2020-28948\n\nRCE on Drupal via Phar Deserialization in PEAR Archive_Tar library. \n\nhttps://www.drupal.org/sa-core-2020-013", "creation_timestamp": "2020-11-27T06:43:35.000000Z"}, {"uuid": "5c696495-d25d-46f5-a616-a825d8f2d53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "https://t.me/cKure/2991", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2020-28949 and CVE-2020-28948\n\nRCE on Drupal via Phar Deserialization in PEAR Archive_Tar library. \n\nhttps://www.drupal.org/sa-core-2020-013", "creation_timestamp": "2020-11-27T06:43:35.000000Z"}, {"uuid": "ac3c8806-78ae-449c-a82f-9e9a5cd06bcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "https://t.me/technical_private_cat/128", "content": "\u0425\u0430\u0445\u0430\u0445 , \u0435\u0449\u0435 \u0440\u0430\u0437 \u043f\u0440\u0438\u0432\u0435\u0442 \u044f \u0441\u043d\u043e\u0432\u0430 \u0442\u0443\u0442 \n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043c\u043d\u043e\u0433\u043e\u0432\u0430\u0442\u0430 \u043c\u0430\u0442\u0435\u0440\u044c\u044f\u043b\u0430 \u043d\u0435 \u0442\u0430\u043a \u043b\u0438 ? \n\u041d\u043e \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f \u0438\u043d\u043e\u0433\u0434\u0430 \u0445\u043e\u0447\u0435\u0442\u0441\u044f \u0443\u0441\u043a\u043e\u0440\u0438\u0442\u044c \u0448\u0438\u0433 \u043f\u043e \u043f\u0443\u0442\u0438 \u0432 \u0441\u0442\u0440\u0430\u043d\u0443 \u0447\u0443\u0434\u0435\u0441 \ud83c\udf37\n\n\u0414\u043b\u044f \u0442\u0435\u0445 \u043a\u0442\u043e \u0445\u043e\u0442\u0435\u043b \u043f\u0440\u043e \u043d\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438,  \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u043d\u043e\u0432\u0443\u044e \u0441\u0430\u0442\u044c\u044e \u043e\u0442 CISA \u043f\u0440\u043e \u043c\u043d\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u0443\u043b\u043e\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 cve ,\n\n\u0422\u0430\u043a\u0438\u0445 \u043a\u0430\u043a CVE-2020-36193 \u0438\u043b\u0438 CVE-2020-28949. \n\n\u0412\u0441\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b\u0435 \u0442\u0430\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0435\u0441\u044c\u043c\u0430 \u043e\u043f\u0430\u0441\u043d\u044b \u0438 \u043d\u0430 \u0431\u043e\u043b\u044c\u0448\u0435\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043d\u0438\u0445 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \nhttps://thehackernews.com/2022/08/cisa-adds-10-new-known-actively.html\n#news #cve", "creation_timestamp": "2022-09-01T17:03:00.000000Z"}, {"uuid": "1d7a673e-8ad2-4c5e-b94d-c8b3aefb6212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28948", "type": "seen", "source": "Telegram/phmpV1SM0Ao_XFj53AhNH1kNDNLE0QTqdV1Q0mkA4gBTzbOx", "content": "", "creation_timestamp": "2020-12-03T06:54:23.000000Z"}, {"uuid": "a03ede15-e05a-4f9f-a5a8-a6064d4d5bde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28946", "type": "seen", "source": "https://t.me/cibsecurity/17282", "content": "\u203c CVE-2020-28946 \u203c\n\nAn improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-08T22:31:37.000000Z"}, {"uuid": "fd290e0b-ab44-476e-9e57-18ad7779bae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2894", "type": "seen", "source": "https://t.me/arpsyndicate/688", "content": "#ExploitObserverAlert\n\nCVE-2020-2894\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2020-2894. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 4.0\nNVD-ES: 1.5", "creation_timestamp": "2023-11-29T06:58:22.000000Z"}, {"uuid": "75612280-3442-4d14-88c1-cf9e69360da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "Telegram/Guk8DuU3shklMFMRI0YLGr6ZXG_DXJelP33OTSQyPGBX5w", "content": "", "creation_timestamp": "2020-12-03T06:54:15.000000Z"}, {"uuid": "f015574c-7246-4639-913d-8b028b924c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/558", "content": "CVE-2020-28949 PEAR Archive_Tar \u4efb\u610f\u6587\u4ef6\u5beb\u5165\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-28949_PEAR_Archive_Tar_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%AF%AB%E5%85%A5%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-05-31T04:03:02.000000Z"}, {"uuid": "e06e56f6-9430-4718-ba84-9222b4383bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28948", "type": "seen", "source": "Telegram/Guk8DuU3shklMFMRI0YLGr6ZXG_DXJelP33OTSQyPGBX5w", "content": "", "creation_timestamp": "2020-12-03T06:54:15.000000Z"}, {"uuid": "fa26a2ef-c805-4f3b-be2d-cdf949990fa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28949", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2182", "content": "#exploit\nCVE-2020-28948, CVE-2020-28949:\nDrupal core - Arbitrary PHP code execution\nhttps://www.drupal.org/sa-core-2020-013\n]-> https://github.com/pear/Archive_Tar/issues/33", "creation_timestamp": "2024-05-08T02:50:16.000000Z"}, {"uuid": "09f463de-9c01-4b59-b40c-627d9f21de01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28948", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2182", "content": "#exploit\nCVE-2020-28948, CVE-2020-28949:\nDrupal core - Arbitrary PHP code execution\nhttps://www.drupal.org/sa-core-2020-013\n]-> https://github.com/pear/Archive_Tar/issues/33", "creation_timestamp": "2024-05-08T02:50:16.000000Z"}, {"uuid": "d5971b98-8b59-4faa-a852-7d4193e4d881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28942", "type": "seen", "source": "https://t.me/cibsecurity/16601", "content": "\u203c CVE-2020-28942 \u203c\n\nAn issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-19T20:41:39.000000Z"}, {"uuid": "494d1691-dcaf-4ce4-9659-3ea60b3d73e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28940", "type": "seen", "source": "https://t.me/cibsecurity/16986", "content": "\u203c CVE-2020-28940 \u203c\n\nOn Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-01T18:54:08.000000Z"}, {"uuid": "186a2caf-0ada-4e4c-a578-d03398586628", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28947", "type": "seen", "source": "https://t.me/cibsecurity/16605", "content": "\u203c CVE-2020-28947 \u203c\n\nIn MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-19T20:41:44.000000Z"}]}