{"vulnerability": "cve-2020-3557", "sightings": [{"uuid": "f2f4bb35-7d1b-4c96-aae3-4b5da9b623da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35578", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "0d5c742f-ee0b-4d1b-b69e-7dda68b8ffbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35572", "type": "seen", "source": "https://t.me/cibsecurity/23321", "content": "\u203c CVE-2020-35572 \u203c\n\nAdminer through 4.7.8 allows XSS via the history parameter to the default URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-09T20:46:44.000000Z"}, {"uuid": "bbaab0fc-a35a-4d9b-9daa-57f48b97175a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35578", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:28.000000Z"}, {"uuid": "1dfb9a2c-e4a7-49fa-ab5c-0e7094800916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35578", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagios_xi_plugins_filename_authenticated_rce.rb", "content": "", "creation_timestamp": "2021-04-14T22:07:13.000000Z"}, {"uuid": "a99825ef-7839-4d01-b781-bd41e84d50b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35577", "type": "seen", "source": "https://t.me/cibsecurity/23795", "content": "\u203c CVE-2020-35577 \u203c\n\nIn Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-18T16:50:06.000000Z"}, {"uuid": "75613603-062f-4a0b-8b7c-379102ee420f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35570", "type": "seen", "source": "https://t.me/cibsecurity/23644", "content": "\u203c CVE-2020-35570 \u203c\n\nAn issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-16T18:48:00.000000Z"}, {"uuid": "238e4442-7d49-4eea-86f5-ae7ecf3495a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35578", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nagios_xi_scanner.rb", "content": "", "creation_timestamp": "2021-03-26T23:19:21.000000Z"}, {"uuid": "24ac2361-0aac-41b7-b5d4-7b269767bf3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35578", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/530", "content": "CVE-2020-35578 Nagios XI \u9060\u7a0b\u547d\u4ee4\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-35578_Nagios_XI_%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-05-30T02:20:59.000000Z"}, {"uuid": "5dc09e36-2ef6-4274-93de-690a949378ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35576", "type": "seen", "source": "https://t.me/cibsecurity/22651", "content": "\u203c CVE-2020-35576 \u203c\n\nA Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-26T20:49:27.000000Z"}, {"uuid": "1a05f203-d11f-4d20-9f3f-1f604868a8e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35575", "type": "seen", "source": "https://t.me/cibsecurity/21322", "content": "\u203c CVE-2020-35575 \u203c\n\nA password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-26T07:26:44.000000Z"}]}