{"vulnerability": "CVE-2020-3676", "sightings": [{"uuid": "abb5adc0-9a46-49c1-8d2d-067ccae998fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36767", "type": "seen", "source": "https://t.me/cibsecurity/73183", "content": "\u203c CVE-2020-36767 \u203c\n\ntinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T21:20:05.000000Z"}, {"uuid": "8da2b231-7390-4c11-b8f1-9be7efbc0738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36767", "type": "seen", "source": "https://t.me/cibsecurity/73167", "content": "\u203c CVE-2023-47104 \u203c\n\ntinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T21:19:46.000000Z"}, {"uuid": "6607b40e-5fb4-4f53-a7b1-01e9a582d5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36769", "type": "seen", "source": "https://t.me/arpsyndicate/2175", "content": "#ExploitObserverAlert\n\nCVE-2020-36769\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2020-36769. The Widget Settings Importer/Exporter Plugin  for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", "creation_timestamp": "2023-12-28T02:13:40.000000Z"}, {"uuid": "41e5e9c9-573a-4d52-a7f9-bc2efafee157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36766", "type": "seen", "source": "https://t.me/cibsecurity/70636", "content": "\u203c CVE-2020-36766 \u203c\n\nAn issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-18T12:41:18.000000Z"}, {"uuid": "c3753131-0836-4a64-a916-d83d132972ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36769", "type": "seen", "source": "https://t.me/ctinow/169738", "content": "https://ift.tt/6S2fsoB\nCVE-2020-36769 | kevinlangleyjr Widget Settings Importer-Exporter Plugin up to 1.5.3 on WordPress wp_ajax_import_widget_dataparameter cross site scripting", "creation_timestamp": "2024-01-18T14:17:13.000000Z"}, {"uuid": "6f9966e8-07b1-41b2-8df8-2e60f3d70747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36769", "type": "seen", "source": "https://t.me/ctinow/158775", "content": "https://ift.tt/WcrqDvd\nCVE-2020-36769", "creation_timestamp": "2023-12-23T11:36:28.000000Z"}, {"uuid": "13038c1e-bd22-4d5a-b3ce-4f6da7a24294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36769", "type": "seen", "source": "https://t.me/ctinow/160491", "content": "https://ift.tt/tyNGIFZ\nCVE-2020-36769 Exploit", "creation_timestamp": "2023-12-29T13:16:42.000000Z"}, {"uuid": "80758ed2-65bd-493d-89e6-c757e278697a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36768", "type": "seen", "source": "https://t.me/ctinow/158262", "content": "https://ift.tt/ZQcvzTn\nCVE-2020-36768 | rl-institut NESP2 Initial Release/1.0 app/database.py sql injection (ID 333)", "creation_timestamp": "2023-12-22T09:22:14.000000Z"}, {"uuid": "03086bd3-8c81-4d6f-8b26-c20a299371d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36762", "type": "seen", "source": "https://t.me/cibsecurity/66910", "content": "\u203c CVE-2020-36762 \u203c\n\nA vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T18:32:44.000000Z"}, {"uuid": "077aaa30-6795-417f-ae97-19394cedbc07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36763", "type": "seen", "source": "https://t.me/cibsecurity/67481", "content": "\u203c CVE-2020-36763 \u203c\n\nCross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-31T20:37:51.000000Z"}, {"uuid": "22bb81ce-4dd3-4355-94bf-28a5cf4bd198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36761", "type": "seen", "source": "https://t.me/cibsecurity/66515", "content": "\u203c CVE-2020-36761 \u203c\n\nThe Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:48:43.000000Z"}, {"uuid": "bbd2bd6f-3325-41b8-9352-87bae89ec600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-36760", "type": "seen", "source": "https://t.me/cibsecurity/66479", "content": "\u203c CVE-2020-36760 \u203c\n\nThe Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate extension bundles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-12T12:35:47.000000Z"}]}