{"vulnerability": "CVE-2020-3568", "sightings": [{"uuid": "e3212fff-e8e8-4a5e-87d6-12b548615cae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35687", "type": "seen", "source": "https://t.me/Yemen_Shield/717", "content": "Police cars revolving light NEW: CVE-2020-35687 Police cars revolving light PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim. Severity: MEDIUM https://t.co/aNLwkr0qh6\n\n\nhttps://twitter.com/HackrawiX", "creation_timestamp": "2021-02-06T01:51:37.000000Z"}, {"uuid": "a3b5e2e7-ce26-46b8-b016-04049d1bb48c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35685", "type": "seen", "source": "https://t.me/cibsecurity/27588", "content": "\u203c CVE-2020-35685 \u203c\n\nAn issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T16:17:59.000000Z"}, {"uuid": "17f80428-b169-4c4e-8301-31f21ad6bcc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35683", "type": "seen", "source": "https://t.me/cibsecurity/27589", "content": "\u203c CVE-2020-35683 \u203c\n\nAn issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T16:18:00.000000Z"}, {"uuid": "f87023dc-a099-4a13-b7e9-ab1c9d840680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35684", "type": "seen", "source": "https://t.me/cibsecurity/27584", "content": "\u203c CVE-2020-35684 \u203c\n\nAn issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-19T16:17:54.000000Z"}, {"uuid": "50dc2301-d6a9-4f22-abc3-b6d4e08118cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35682", "type": "seen", "source": "https://t.me/cibsecurity/24884", "content": "\u203c CVE-2020-35682 \u203c\n\nZoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-13T22:26:49.000000Z"}, {"uuid": "b1eaac8a-b452-4636-b357-8b323cb61ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35680", "type": "seen", "source": "https://t.me/cibsecurity/21285", "content": "\u203c CVE-2020-35680 \u203c\n\nsmtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-24T18:55:40.000000Z"}]}