{"vulnerability": "CVE-2020-2944", "sightings": [{"uuid": "d007695c-e720-447e-86ef-0b0c3bca16ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2944", "type": "seen", "source": "https://t.me/arpsyndicate/2845", "content": "#ExploitObserverAlert\n\nCVE-2020-2944\n\nDESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2020-2944. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\nFIRST-EPSS: 0.001010000\nNVD-IS: 6.0\nNVD-ES: 2.0", "creation_timestamp": "2024-01-16T11:22:49.000000Z"}, {"uuid": "6a1e22cb-3763-4efc-b5fc-acae41369fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29445", "type": "seen", "source": "Telegram/jIpq31kEEmTWc9mRsMkE8MnbA6x0QKQ0v9WjwmHp10cREQNw", "content": "", "creation_timestamp": "2025-02-14T10:06:00.000000Z"}, {"uuid": "b072817b-ced1-4d57-8beb-6e458fd10ad3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29444", "type": "seen", "source": "Telegram/p7xzH_-NkP9_A62SWi5x_IZRvvxGyn584gM6F8t_pW9ByZS3", "content": "", "creation_timestamp": "2025-02-14T10:06:00.000000Z"}, {"uuid": "9e82131f-4ab6-4c6d-a7dd-05030173558e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2944", "type": "published-proof-of-concept", "source": "https://t.me/techpwnews/427", "content": "CVE-2020-2944 - Local privilege escalation via CDE sdtcm_convert\n\nContinue reading at techblog.mediaservice.net (from /r/netsec)", "creation_timestamp": "2020-04-15T09:08:52.000000Z"}, {"uuid": "5066a560-cd91-490a-ba77-c1d02cc3a1bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29448", "type": "seen", "source": "https://t.me/cibsecurity/23955", "content": "\u203c CVE-2020-29448 \u203c\n\nThe ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T00:33:56.000000Z"}, {"uuid": "dcf71a79-7f06-44a0-81a0-0f615ad1ad9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29446", "type": "seen", "source": "https://t.me/cibsecurity/39009", "content": "\u203c CVE-2021-43957 \u203c\n\nAffected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T06:19:59.000000Z"}, {"uuid": "368263c7-b3d1-4dbe-97a4-a67f54ca0212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29447", "type": "seen", "source": "https://t.me/cibsecurity/21105", "content": "\u203c CVE-2020-29447 \u203c\n\nAffected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-21T07:51:35.000000Z"}, {"uuid": "06135f8f-4590-4309-b8a0-60e866b5b8d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2944", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/6383", "content": "CVE-2020-2944 \u2013 Local privilege escalation via CDE sdtcm_convert\nhttps://techblog.mediaservice.net/2020/04/cve-2020-2944-local-privilege-escalation-via-cde-sdtcm_convert/", "creation_timestamp": "2020-04-15T21:43:43.000000Z"}, {"uuid": "48e3c667-99f9-48c9-831d-d28ae0d101d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29441", "type": "seen", "source": "https://t.me/cibsecurity/16958", "content": "\u203c CVE-2020-29441 \u203c\n\nAn issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-01T00:53:28.000000Z"}, {"uuid": "be643f8d-8d1c-413a-9dcb-876c1b234b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-29440", "type": "seen", "source": "https://t.me/cibsecurity/16955", "content": "\u203c CVE-2020-29440 \u203c\n\nTesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-01T00:53:26.000000Z"}, {"uuid": "b6203fd8-5f70-4987-8e09-42bf4628d7a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2944", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2629", "content": "The INFILTRATE effect: 6 bugs in 6 months (PoCs):\n- LPE via xscreensaver (CVE-2019-3010);\n- Low impact information disclosure via Solaris xlock (CVE-2020-2656);\n- LPE via CDE (CVE-2020-2696, CVE-2020-2944);\n- Stack-based buffer overflow in CDE libDtSvc (CVE-2020-2851);\n- Heap-based buffer overflow in Solaris whodo and w commands (CVE-2020-2771)\nhttps://github.com/0xdea/raptor_infiltrate20", "creation_timestamp": "2021-02-03T12:43:01.000000Z"}, {"uuid": "9e9a519d-eb46-4c91-bb70-b56270b5b110", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2944", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/970", "content": "#exploit\n1. CVE-2020-5260:\nMalicious URLs may cause Git to present stored credentials to the wrong server (credential.helper vulns)\nhttps://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q\n\n2. CVE-2020-2944:\nOracle Solaris <=10 1/13 (Upd11) - LPE via CDE sdtcm_convert\nhttps://techblog.mediaservice.net/2020/04/cve-2020-2944-local-privilege-escalation-via-cde-sdtcm_convert/\n]-> PoC:\nhttps://github.com/0xdea/exploits/blob/master/solaris/raptor_sdtcm_conv.c\n]-> Oracle Security Advisory:\nhttps://github.com/0xdea/advisories/blob/master/2020-05-cde-sdtcm_convert.txt", "creation_timestamp": "2024-10-21T17:03:42.000000Z"}]}