{"vulnerability": "cve-2020-3595", "sightings": [{"uuid": "9f418f57-22b9-4a7b-991c-ff4dc780d567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3595", "type": "seen", "source": "https://t.me/cibsecurity/16001", "content": "\u203c CVE-2020-3595 \u203c\n\nA vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-06T22:51:19.000000Z"}, {"uuid": "20137862-aab4-4256-8b7b-e4dc2e7f6b46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35952", "type": "seen", "source": "https://t.me/cibsecurity/21512", "content": "\u203c CVE-2020-35952 \u203c\n\nlogin.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single \"Incorrect username or password\" message in both cases), which might allow enumeration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-03T07:34:54.000000Z"}, {"uuid": "7dcb1485-d634-46dc-a96a-8c46aed9eb71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35950", "type": "seen", "source": "https://t.me/cibsecurity/21504", "content": "\u203c CVE-2020-35950 \u203c\n\nAn issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-01T07:32:46.000000Z"}, {"uuid": "dfcaf37b-fe7e-43f1-90df-815d81415f53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35951", "type": "seen", "source": "https://t.me/cibsecurity/21486", "content": "\u203c CVE-2020-35951 \u203c\n\nAn issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-01T07:32:24.000000Z"}]}