{"vulnerability": "cve-2020-2740", "sightings": [{"uuid": "12c195ed-1ebd-49cf-8f7f-51155f0d1ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27406", "type": "seen", "source": "https://t.me/cibsecurity/31590", "content": "\u203c CVE-2020-27406 \u203c\n\nCross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T13:23:27.000000Z"}, {"uuid": "49eaa0cb-e974-4d82-a7de-d46305f521de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27409", "type": "seen", "source": "https://t.me/cibsecurity/17156", "content": "\u203c CVE-2020-27409 \u203c\n\nOpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-04T18:27:16.000000Z"}, {"uuid": "e792de22-26de-4c66-a6c3-f029c9ef56b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27408", "type": "seen", "source": "https://t.me/cibsecurity/17155", "content": "\u203c CVE-2020-27408 \u203c\n\nOpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-04T18:27:15.000000Z"}, {"uuid": "9460c139-a355-4ca3-8c5c-6a26e380526e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27403", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2080", "content": "Critical Vulnerabilities Discovered in TCL Android TVs (Now World\u2019s 3rd Largest TV Manufacturer):\n- CVE-2020-27403 - Full file system browsing of the TV in the browser;\n- CVE-2020-28055 - World writable update folder (malicious updates possible)\nhttps://sick.codes/extraordinary-vulnerabilities-discovered-in-tcl-android-tvs-now-worlds-3rd-largest-tv-manufacturer/", "creation_timestamp": "2020-11-11T11:06:01.000000Z"}, {"uuid": "51d1e809-8fd3-4cd2-ab38-94c233cc823f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27402", "type": "seen", "source": "https://t.me/cibsecurity/15863", "content": "\u203c CVE-2020-27402 \u203c\n\nThe HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-05T18:49:13.000000Z"}, {"uuid": "c484b796-d78f-421b-ad34-6b87b8bef86f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27403", "type": "seen", "source": "https://t.me/cibsecurity/16115", "content": "\u203c CVE-2020-27403 \u203c\n\nA vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files &amp; directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-10T20:27:57.000000Z"}]}