{"vulnerability": "CVE-2020-2966", "sightings": [{"uuid": "cd77d89d-f5ff-469d-bd30-497e1c0c9e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29664", "type": "seen", "source": "https://t.me/cibsecurity/23796", "content": "\u203c CVE-2020-29664 \u203c\n\nA command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-18T16:50:07.000000Z"}, {"uuid": "c700359d-8b64-4345-9c66-a4200b482001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29662", "type": "seen", "source": "https://t.me/cibsecurity/22976", "content": "\u203c CVE-2020-29662 \u203c\n\nIn Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog\u00e2\u20ac\u2122s registry API is exposed on an unauthenticated path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-03T00:55:43.000000Z"}, {"uuid": "fcbc1525-4798-42d8-b744-919b099714bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19033", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:25:13.000000Z"}, {"uuid": "caaee511-80ae-4765-bd49-4a3f3a4571d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/19031", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:25:10.000000Z"}, {"uuid": "7cd90ac2-0f55-48c0-be42-8aa55b7ebcdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18992", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:20:39.000000Z"}, {"uuid": "07d9e430-940f-4c76-8e12-dda277d52b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18990", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:20:34.000000Z"}, {"uuid": "b8b45490-f1f1-4fac-88ed-c487eb3a205e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/19009", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:23:36.000000Z"}, {"uuid": "aa0973f7-ee19-4d67-9fc9-d1202d52fdd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19071", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:40:46.000000Z"}, {"uuid": "3b464837-51b8-40d4-9a85-1a1723492d89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/19069", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:40:45.000000Z"}, {"uuid": "a228ce60-de86-44d9-bc29-da93b2212048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/19067", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:40:43.000000Z"}, {"uuid": "1ddefe79-165c-4b4e-8a92-fbc452682a4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19051", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:33:14.000000Z"}, {"uuid": "9b11c640-ca08-4347-98f2-2daf519f5317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18818", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:33:53.000000Z"}, {"uuid": "0f12a2ba-39ea-4496-aaf1-d51981972451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/19088", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:53:21.000000Z"}, {"uuid": "cd9ff25e-3659-45de-9350-1c98e85d2858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19090", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:53:23.000000Z"}, {"uuid": "5dd62f6f-191f-4932-b76a-43660a91f759", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19128", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:23:23.000000Z"}, {"uuid": "1501d22f-3c0c-4f78-a9d8-6723e720b027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19109", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:04:20.000000Z"}, {"uuid": "d4f9c27c-f4f8-47d4-97cf-64148f66f796", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/19107", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:04:17.000000Z"}, {"uuid": "10a558d1-ae39-4fd5-b372-0729d94f09a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19013", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:23:43.000000Z"}, {"uuid": "8578e9c3-7ecd-46ec-ae10-cd65e6d3d1db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29663", "type": "seen", "source": "https://t.me/cibsecurity/20893", "content": "\u203c CVE-2020-29663 \u203c\n\nIcinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-16T02:45:48.000000Z"}, {"uuid": "f1338df3-cf78-4f7c-a6af-ea1e34f9ebf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18267", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T00:25:11.000000Z"}, {"uuid": "1893ca51-8bcd-4da6-817e-99e01cd6c2e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18247", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T00:22:48.000000Z"}, {"uuid": "fab40c6d-be57-4cce-b61f-9042788e81ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18167", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:35:22.000000Z"}, {"uuid": "7f66b89e-2578-4a08-8f2f-cb311c58592c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18133", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:25:14.000000Z"}, {"uuid": "72bc393e-fa58-4c70-a3bb-b6ce0d98cbc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18094", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:25:17.000000Z"}, {"uuid": "0f7bd7bf-e1f2-4237-9577-1da6e840a0c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18994", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:20:41.000000Z"}, {"uuid": "5525d12a-6636-4ca2-b587-aedc8703597c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/19029", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:25:08.000000Z"}, {"uuid": "b262e178-1faf-4b23-beb0-57e18b28fd73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18975", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:25:14.000000Z"}, {"uuid": "7cbb76e9-39da-4589-91f4-c9d2fd3f7e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18973", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:25:11.000000Z"}, {"uuid": "1249cb82-2924-433a-a3e8-11257a2d58ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18971", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:25:09.000000Z"}, {"uuid": "39f0c5e8-9c72-418b-906d-291a9c1847f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18917", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:03:23.000000Z"}, {"uuid": "27a18320-1950-4a85-b8a9-d9eb40792de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18915", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:03:18.000000Z"}, {"uuid": "8898b636-a8c0-4e11-94fa-d40f5a423ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18913", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:03:16.000000Z"}, {"uuid": "94ddff63-4638-4edb-838e-47f0d40172ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18955", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:23:31.000000Z"}, {"uuid": "fcaaa087-da72-4570-b7d7-a33f1557c1fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18953", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:23:29.000000Z"}, {"uuid": "836c9e2c-6405-4177-9e86-f296c401a972", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18951", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:23:24.000000Z"}, {"uuid": "32a426d2-17e3-461a-89c0-5c08c3a7c1a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18936", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:06:30.000000Z"}, {"uuid": "a57723bb-4d6c-4114-9916-c74c3ffcd8f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18878", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:23:32.000000Z"}, {"uuid": "1870e4f7-78b2-4b57-b706-e054a872f274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18934", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:06:29.000000Z"}, {"uuid": "b8fa9606-edf9-42df-989f-245468f3bf6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18932", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:06:27.000000Z"}, {"uuid": "3884a8c4-e3bc-4304-9990-d75714e70132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18874", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:23:25.000000Z"}, {"uuid": "aabc7bd7-f810-4684-b787-9acef2fa4531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18876", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:23:27.000000Z"}, {"uuid": "6e673343-21bf-4b7d-a048-961a660ac09b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18859", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:53:29.000000Z"}, {"uuid": "aaac2fb0-b609-43c1-9fca-ac92c4683f4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18857", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:53:27.000000Z"}, {"uuid": "c67ffc93-c312-4ea3-840f-5495c81dd1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18855", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:53:24.000000Z"}, {"uuid": "b7c3e67b-96d7-4c22-b4ce-e82dfa56034c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18802", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:25:24.000000Z"}, {"uuid": "2b0fca83-7e2e-4ceb-8aea-6adebbe8eae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18840", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:40:55.000000Z"}, {"uuid": "6bb430c1-b662-4293-8081-009cadb21941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18838", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:40:54.000000Z"}, {"uuid": "d25ebbbc-35f3-42b1-8e4b-6f5d9d49bd9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18836", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:40:51.000000Z"}, {"uuid": "fe72a1bd-e7f5-4cf7-a3f9-91f43dbd89b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18820", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:33:55.000000Z"}, {"uuid": "3ff3adef-e4cb-42af-9ad2-b9e8a9a4a54b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18816", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:33:49.000000Z"}, {"uuid": "38c6377a-e8cf-4607-a885-b6bdf910127b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18800", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:25:19.000000Z"}, {"uuid": "45c61474-9150-4be7-8ee5-5aa83835a74f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18782", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:03:19.000000Z"}, {"uuid": "6dd6d6b1-f24e-4b3b-be2f-3d4a99e3f82e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18798", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:25:17.000000Z"}, {"uuid": "0db0faeb-fcf0-4b85-8736-201830bbe744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18743", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:41:13.000000Z"}, {"uuid": "1bd3b300-2b5d-4edf-ac50-cec85018f273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18719", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:33:46.000000Z"}, {"uuid": "89fd7dab-8a6d-412c-9f50-d78c8b629754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18780", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:03:17.000000Z"}, {"uuid": "5387fd68-b2af-49ad-8ce4-813d75e4c28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18778", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:03:15.000000Z"}, {"uuid": "75166997-787b-4aa4-910b-0930ea0330d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18763", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T13:25:28.000000Z"}, {"uuid": "8bf33221-76e6-4ec7-b440-337b76344872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/19011", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:23:38.000000Z"}, {"uuid": "293f99ab-2a6d-4a64-8c5b-d69d2749a55c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/19049", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:33:13.000000Z"}, {"uuid": "4ab0506b-1968-4d45-88c7-8fb446a8cab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/19047", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:33:11.000000Z"}, {"uuid": "0f5716d4-84b5-402d-b0ab-b027a6aaa767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18898", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:25:18.000000Z"}, {"uuid": "d7b8757f-cf2b-4185-a201-59c329a3ce36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18896", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:25:16.000000Z"}, {"uuid": "adb3754a-dff9-4098-b21b-1499231de9bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18894", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:25:14.000000Z"}, {"uuid": "380eb29b-8fd5-4fc7-8920-61dbc6b683db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18761", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T13:25:23.000000Z"}, {"uuid": "ee7cc51f-8310-4c35-bb47-729b3911763d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18759", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T13:25:22.000000Z"}, {"uuid": "cfa25615-cb80-45c8-9f88-56a3e5ffdbab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18741", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:41:08.000000Z"}, {"uuid": "a622e16c-1a72-44be-8ffe-cd8947da4f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29666", "type": "seen", "source": "https://t.me/cibsecurity/18739", "content": "\u203c CVE-2020-29666 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:41:06.000000Z"}, {"uuid": "45b7b3a6-641c-4037-963e-42dd8408822d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/18723", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:33:50.000000Z"}, {"uuid": "f5efbb1c-7c02-482e-952f-36921bfabe5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29667", "type": "seen", "source": "https://t.me/cibsecurity/18721", "content": "\u203c CVE-2020-29667 \u203c\n\nIn Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:33:48.000000Z"}, {"uuid": "7aabdef0-cd99-422c-bccd-c8dd853a7a6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18071", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:22:47.000000Z"}, {"uuid": "97641473-98f9-4486-a906-4c4102f99bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/17997", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:32:46.000000Z"}, {"uuid": "965f221a-433b-4829-97c8-12745e459b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/17994", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:32:40.000000Z"}, {"uuid": "1b555ec3-58a0-4148-8c78-467724ee3654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18014", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:35:42.000000Z"}, {"uuid": "0d813afe-90ff-44a7-891e-4ae145fcc56b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18033", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:44:37.000000Z"}, {"uuid": "fc07ffa0-483d-4e10-86f6-88cfc7992f74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18036", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:44:40.000000Z"}, {"uuid": "fe324a5e-feac-4592-a035-a7306d649aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18052", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:02:22.000000Z"}, {"uuid": "63ddf203-311c-4ed4-a496-1e3885fe6eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18055", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:02:25.000000Z"}, {"uuid": "61710646-20b7-42c1-8cfb-5c1243fe2d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29668", "type": "seen", "source": "https://t.me/cibsecurity/19148", "content": "\u203c CVE-2020-29668 \u203c\n\nSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:25:17.000000Z"}, {"uuid": "69e8e881-f8e7-46b1-9ecb-74f8d879059c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18147", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:32:21.000000Z"}, {"uuid": "de269cc1-6115-4f07-9fdb-87b2ae9db23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18113", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:22:54.000000Z"}, {"uuid": "e3638854-cad4-4f5c-b163-8d85a6277eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18189", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:52:47.000000Z"}, {"uuid": "fdeb2301-3a9b-4bb9-87fc-15323ce59542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18150", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:32:25.000000Z"}, {"uuid": "ad822242-1c8f-451a-b94b-95a855d68786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18228", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T23:25:17.000000Z"}, {"uuid": "bdfec513-e9c1-4fe0-9ffc-c1883716823c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18208", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T23:22:47.000000Z"}, {"uuid": "68ec9965-46a4-4b59-819c-ad251ace13ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18110", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:22:48.000000Z"}, {"uuid": "26591b1d-9e41-4a3d-9cec-7c3bc414ad59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18170", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:35:25.000000Z"}, {"uuid": "389a9a5b-f6f2-45ff-b6de-44cad18b70ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18130", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T22:25:09.000000Z"}, {"uuid": "12b5a0c6-0302-4bbd-b666-12d19714538b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29660", "type": "seen", "source": "https://t.me/cibsecurity/18091", "content": "\u203c CVE-2020-29660 \u203c\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:25:13.000000Z"}, {"uuid": "88bf5144-339c-4215-a248-4e177f5e2a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18017", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T20:35:48.000000Z"}, {"uuid": "5b57fbc1-9c6b-4d59-ad7d-3f4ab873ff70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-29661", "type": "seen", "source": "https://t.me/cibsecurity/18074", "content": "\u203c CVE-2020-29661 \u203c\n\nA locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T21:22:53.000000Z"}]}