{"vulnerability": "CVE-2020-3617", "sightings": [{"uuid": "6eb98a25-984c-4669-bdc5-f97ab2e0a399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36178", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2459", "content": "#Red_Team_Tactics\n1. How to corrupt GPU buffers (data/code) on macOS on both X86/ARM (PoC)\nhttps://github.com/astarasikov/macos-gpu-fuzzing-public\n2. Cache Poisoning DoS Basics\nhttps://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service\n3. Multiple Command Injections in TP Link Routers (PoC for CVE-2020-36178)\nhttps://therealunicornsecurity.github.io/TPLink", "creation_timestamp": "2021-01-09T12:07:01.000000Z"}, {"uuid": "6a93e93e-38c4-4b30-bfc3-0e48a31ac057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36171", "type": "seen", "source": "https://t.me/cibsecurity/21675", "content": "\u203c CVE-2020-36171 \u203c\n\nThe Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:32.000000Z"}, {"uuid": "6c85f533-7ca4-470f-81cd-020e9f986e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36173", "type": "seen", "source": "https://t.me/cibsecurity/21670", "content": "\u203c CVE-2020-36173 \u203c\n\nThe Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:24.000000Z"}, {"uuid": "c8edc7b3-8505-4319-af42-78b6e3773f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36175", "type": "seen", "source": "https://t.me/cibsecurity/21669", "content": "\u203c CVE-2020-36175 \u203c\n\nThe Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:23.000000Z"}, {"uuid": "c8a23458-34b3-43da-8ef1-18f3174c1a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36172", "type": "seen", "source": "https://t.me/cibsecurity/21668", "content": "\u203c CVE-2020-36172 \u203c\n\nThe Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:23.000000Z"}, {"uuid": "7d79358c-7b76-4967-b1e0-8477d235009a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36174", "type": "seen", "source": "https://t.me/cibsecurity/21666", "content": "\u203c CVE-2020-36174 \u203c\n\nThe Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:21.000000Z"}, {"uuid": "eb93caf8-5eab-4ef4-b1f4-be82bb0bd53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36178", "type": "seen", "source": "https://t.me/cibsecurity/21723", "content": "\u203c CVE-2020-36178 \u203c\n\noal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-07T00:39:41.000000Z"}, {"uuid": "e0e33d47-5802-432d-a474-11b64c57cf5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36176", "type": "seen", "source": "https://t.me/cibsecurity/21672", "content": "\u203c CVE-2020-36176 \u203c\n\nThe iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:26.000000Z"}, {"uuid": "005f0ebb-a058-40a1-a683-0bf44b67a2eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36179", "type": "seen", "source": "https://t.me/arpsyndicate/221", "content": "#ExploitObserverAlert\n\nCVE-2020-36179\n\nDESCRIPTION: Exploit Observer has 18 entries related to CVE-2020-36179. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.\n\nFIRST-EPSS: 0.003570000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2023-11-17T06:24:37.000000Z"}, {"uuid": "0f39910f-357f-4965-9d62-6adb111a2afc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36177", "type": "seen", "source": "https://t.me/cibsecurity/21673", "content": "\u203c CVE-2020-36177 \u203c\n\nRsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:30.000000Z"}, {"uuid": "36898024-0601-4df0-aab0-e36a5a4d6ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36170", "type": "seen", "source": "https://t.me/cibsecurity/21660", "content": "\u203c CVE-2020-36170 \u203c\n\nThe Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name=\"timestamp\" fields in forms.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T16:39:18.000000Z"}]}