{"vulnerability": "cve-2020-1340", "sightings": [{"uuid": "5bfb5cc0-dba8-4ce4-9df9-965cb447086b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13401", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3561", "content": "#Red_Team_Tactics\n1. Cobalt Strike C2 Reverse proxy that fends off BlueTeams/AVs/EDRs/scanners through packet inspection and malleable profile correlation\nhttps://github.com/mgeeky/RedWarden\n2. Host MITM attack via IPv6 rogue router advertisements (K8S CVE-2020-10749/Docker/CVE-2020-13401/LXD/WSL2/...)\nhttps://github.com/champtar/blog/blob/main/IPv6_RA_MITM/README.md", "creation_timestamp": "2021-06-08T12:22:36.000000Z"}, {"uuid": "eb559920-1af5-4e82-9b20-67bb0d7815b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13405", "type": "seen", "source": "https://t.me/canyoupwnme/6532", "content": "CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure\nhttps://rhinosecuritylabs.com/research/microweber-database-disclosure/", "creation_timestamp": "2020-07-17T17:31:47.000000Z"}, {"uuid": "f4c41ca9-11f0-4273-a1a8-2bb76dbda226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13404", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1262", "content": "#exploit\n1. CVE-2020-13404:\nRemote system command injection in Atos-Magento 1.x (1.7+) e-commerce module\nhttps://sysdream.com/news/lab/2020-06-09-cve-2020-13404-remote-system-command-injection-in-atos-magento-module\n\n2. A survey of recent iOS kernel exploits: Summarized original iOS kernel exploits from local app context targeting iOS 10.x - 13.x\nhttps://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html", "creation_timestamp": "2024-10-28T16:00:05.000000Z"}, {"uuid": "af7625c5-d1d0-473e-911e-d9d669b92da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13405", "type": "seen", "source": "https://t.me/arpsyndicate/822", "content": "#ExploitObserverAlert\n\nCVE-2020-13405\n\nDESCRIPTION: Exploit Observer has 9 entries related to CVE-2020-13405. userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.\n\nFIRST-EPSS: 0.008120000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-30T19:15:34.000000Z"}, {"uuid": "76e36f83-7716-496d-9dac-12c852cbf5ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13404", "type": "seen", "source": "https://t.me/cibsecurity/13917", "content": "ATENTION\u203c New - CVE-2020-13404\n\nThe ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-08-06T00:55:12.000000Z"}]}