{"vulnerability": "CVE-2020-35606", "sightings": [{"uuid": "6888549d-7216-44b3-9538-bdc46dc5d011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35606", "type": "exploited", "source": "https://www.exploit-db.com/exploits/49318", "content": "", "creation_timestamp": "2020-12-22T00:00:00.000000Z"}, {"uuid": "691fd831-115b-4881-b402-b4d5768a4f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35606", "type": "seen", "source": "MISP/c62b3104-3a17-4854-9db7-694bf7795c10", "content": "", "creation_timestamp": "2024-11-14T06:07:39.000000Z"}, {"uuid": "a71ce13f-a578-431b-af19-ad21e2913ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35606", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2350", "content": "#Threat_Research\n1. CVE-2020-35606 - Arbitrary Command Execution Vulnerability in Webmin\n// This vulnerability is bypassing the measure taken for CVE-2019-12840 and converting it into a new vector\nhttps://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html\n2. SUNBURST, TEARDROP and the NetSec New Normal\nhttps://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal\n3. CyRC analysis: Authentication bypass vulnerability in Java Bouncy Castle (PoC for CVE-2020-28052)\nhttps://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle", "creation_timestamp": "2020-12-31T18:30:13.000000Z"}, {"uuid": "b59a45a9-0f66-458b-9d90-20ac2ec2628b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35606", "type": "seen", "source": "https://t.me/cibsecurity/21140", "content": "\u203c CVE-2020-35606 \u203c\n\nArbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-21T22:52:17.000000Z"}]}