{"vulnerability": "cve-2020-1481", "sightings": [{"uuid": "36abeacf-9e61-46c4-ac0f-74cd3b4a6da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14815", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "398425e8-640a-4f6a-b527-3c28d4dd92c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14819", "type": "seen", "source": "https://t.me/cibsecurity/15453", "content": "\u203c CVE-2020-14819 \u203c\n\nVulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:01:17.000000Z"}, {"uuid": "2440dd9b-2681-4504-8460-2cc538b9a328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14818", "type": "seen", "source": "https://t.me/cibsecurity/15482", "content": "\u203c CVE-2020-14818 \u203c\n\nVulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:07:30.000000Z"}, {"uuid": "4ee93df5-bc3b-47a7-8d91-2bd1a8365cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14810", "type": "seen", "source": "https://t.me/cibsecurity/15464", "content": "\u203c CVE-2020-14810 \u203c\n\nVulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:04:17.000000Z"}, {"uuid": "e431e6ab-1a11-47b3-80d7-4c9cae026406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14815", "type": "seen", "source": "https://t.me/bhhub/6", "content": "#BugBountyTips of the Day\nMy bug bounty writeup - 31k$ from @GoogleVRP  - SSRF in Google Cloud Monitoring, which led to project metadata exposure.  https://t.co/dllReL05c1 #BugBounty #bugbountytips #bugbountytip  https://t.co/kNcMW43kZ2\n---\nI hit 1k rep today on @Hacker0x01 \ud83c\udf89 #BugBounty  https://t.co/Iax9ezd7IS\n---\nThe only Penetration testing resources you need:  https://t.co/UrkEh5sNsB  #bugbountytip #PenTest #Hacking #OSINT\n---\nNothing critical, but here is the PoC for the new CVE I got credited for: CVE-2020-14815.    https://target[.]com/bi-security-login/login.jsp?msi=false&redirect=\"><img/src/onerror%3dalert(document.domain)>  Got a couple of Med in H1 using it. Have Fun!  #bugbounty #bugbountytips  https://t.co/A8qx640VgE\n---\n\u00bfNecesitas recibir un SMS en USA u otro pa\u00eds  y no tienes un numero de tel\u00e9fono de all\u00ed? este listado de servicios #gratuitos te van a servir, para que puedas obtener el mensaje de validaci\u00f3n   https://t.co/bsmUz6Vcwf -  https://t.co/6RGJgzPc9q #hacking #bugbountytips  https://t.co/EotJtEmubJ\n---\nI just published a write-up on \"Evading Filters to perform the Arbitrary URL Redirection Attack\"  https://t.co/liKCL8n7Dt   #bugbounty #bugbountytip #appsec #infosec #websecurity\n---\nSpider the entire application and search for sensitive parameters like \"API\",\"AccessKey\", \"CustomToken\". Sometimes you might get juicy information.  Recently rewarded by @GoogleVRP $3133.7 for the same technique that lead to app takeover.  #bugbountytips #bugbountytip #BugBounty\n---\nBug Bounty Tips This is how to find sql-Injection 100% of the time /?q=1 /?q=1' /?q=1\" /?q=[1] /?q[]=1 /?q=1` /?q=1\\ /?q=1/*'*/ /?q=1/*!1111'*/ /?q=1'||'asd'||'   <== concat string /?q=1' or '1'='1 /?q=1 or 1=1 /?q='or''=' #bugbounty #BugBountyTips #SQLinjection\n---\nLatest web hacking tools:  https://t.co/JR4WPvTmG6  #bugbountytip #Pentesting #Hacking", "creation_timestamp": "2020-11-13T13:37:04.000000Z"}, {"uuid": "301b966f-a53b-4a06-a000-3046eb992c02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14811", "type": "seen", "source": "https://t.me/cibsecurity/15450", "content": "\u203c CVE-2020-14811 \u203c\n\nVulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:01:14.000000Z"}]}