{"vulnerability": "cve-2020-3517", "sightings": [{"uuid": "ee9e27a6-63a7-44bb-a6b1-476ceadae82d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35175", "type": "seen", "source": "https://t.me/cibsecurity/20708", "content": "\u203c CVE-2020-35175 \u203c\n\nFrappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T04:07:05.000000Z"}, {"uuid": "7b0b9aaf-ce53-46b4-b395-6d4ef086f5df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35176", "type": "seen", "source": "https://t.me/cibsecurity/20671", "content": "\u203c CVE-2020-35176 \u203c\n\nIn AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T02:38:53.000000Z"}, {"uuid": "0ae2d324-cee5-4665-a836-80bde5f8df05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35175", "type": "seen", "source": "https://t.me/cibsecurity/20669", "content": "\u203c CVE-2020-35175 \u203c\n\nFrappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T02:38:51.000000Z"}, {"uuid": "9b86d756-9575-4f06-9814-90a815013bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35176", "type": "seen", "source": "https://t.me/cibsecurity/20651", "content": "\u203c CVE-2020-35176 \u203c\n\nIn AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T02:35:52.000000Z"}, {"uuid": "2a6be2c7-2df0-4562-8ef7-24fd281ab494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35175", "type": "seen", "source": "https://t.me/cibsecurity/20649", "content": "\u203c CVE-2020-35175 \u203c\n\nFrappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T02:35:50.000000Z"}, {"uuid": "a8231831-5b76-4c59-9727-de472507ae85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35176", "type": "seen", "source": "https://t.me/cibsecurity/20710", "content": "\u203c CVE-2020-35176 \u203c\n\nIn AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T04:07:07.000000Z"}, {"uuid": "cded868c-4512-43fd-9ddf-69939eceb8cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35176", "type": "seen", "source": "https://t.me/cibsecurity/20691", "content": "\u203c CVE-2020-35176 \u203c\n\nIn AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T03:25:20.000000Z"}, {"uuid": "0fccda59-fb0b-42f9-a667-d7c6d0dcaf21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35175", "type": "seen", "source": "https://t.me/cibsecurity/20689", "content": "\u203c CVE-2020-35175 \u203c\n\nFrappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T03:25:18.000000Z"}, {"uuid": "adc54b2c-78c1-4b03-9900-745c6142248f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35170", "type": "seen", "source": "https://t.me/cibsecurity/21635", "content": "\u203c CVE-2020-35170 \u203c\n\nDell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users\u00e2\u20ac\u2122 sessions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T00:44:31.000000Z"}, {"uuid": "a71d9af7-7952-456f-8136-852eabf0b0f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-35177", "type": "seen", "source": "https://t.me/cibsecurity/20973", "content": "\u203c CVE-2020-35177 \u203c\n\nHashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-17T07:42:20.000000Z"}]}