{"vulnerability": "CVE-2020-2804", "sightings": [{"uuid": "67ae6d97-a5fc-441a-88e8-2344ab2bd3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28042", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/11760", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1a\u9488\u5bf9JWT\u6e17\u900f\u5f00\u53d1\u7684\u6f0f\u6d1e\u9a8c\u8bc1/\u5bc6\u94a5\u7206\u7834\u5de5\u5177\uff0c\u9488\u5bf9CVE-2015-9235/\u672a\u9a8c\u8bc1\u7b7e\u540d\u653b\u51fb/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042\u7684\u7ed3\u679c\u751f\u6210\u7528\u4e8eFUZZ\uff0c\u4e5f\u53ef\u4f7f\u7528\u5b57\u5178/\u5b57\u7b26\u679a\u4e3e(\u5305\u62ecJJWT)\u7684\u65b9\u5f0f\u8fdb\u884c\u7206\u7834\nURL\uff1ahttps://github.com/z-bool/Venom-JWT\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2025-01-28T13:54:03.000000Z"}, {"uuid": "6dbf6723-76b0-4041-85c5-39fa3f8d2c73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28042", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12590", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1a\u9488\u5bf9JWT\u6e17\u900f\u5f00\u53d1\u7684\u6f0f\u6d1e\u9a8c\u8bc1/\u5bc6\u94a5\u7206\u7834\u5de5\u5177\uff0c\u9488\u5bf9CVE-2015-9235/\u672a\u9a8c\u8bc1\u7b7e\u540d\u653b\u51fb/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042\u7684\u7ed3\u679c\u751f\u6210\u7528\u4e8eFUZZ\uff0c\u4e5f\u53ef\u4f7f\u7528\u5b57\u5178/\u5b57\u7b26\u679a\u4e3e(\u5305\u62ecJJWT)\u7684\u65b9\u5f0f\u8fdb\u884c\u7206\u7834\nURL\uff1ahttps://github.com/kingjly/Directory-Traversal-Scanner\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2025-02-05T19:34:25.000000Z"}, {"uuid": "7429ef26-7b19-441d-9c69-da9f765fc784", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28045", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2060", "content": "#exploit\nVulnerabilities (CVE-2020-28044, CVE-2020-28045, CVE-2020-28046) and tools for the PAX Payment Devices, including D200, S80, S300, S800, S900, S920\nhttps://git.lsd.cat/g/pax-pwn", "creation_timestamp": "2022-02-07T06:20:15.000000Z"}, {"uuid": "6e75a064-088e-40b2-afce-30826209e92b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28042", "type": "seen", "source": "https://t.me/pt_soft/21", "content": "The JSON Web Token Toolkit v2\n\n\ud83d\udc0d A toolkit for testing, tweaking and cracking JSON Web Tokens\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u044c\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n(CVE-2015-2951) alg=none\n(CVE-2016-10555) RS/HS256 public key mismatch\n(CVE-2018-0114) Key injection\n(CVE-2019-20933/CVE-2020-28637) Blank password\n(CVE-2020-28042) Null signature\n\n#json #jwt #jwt_tool #json_web_token", "creation_timestamp": "2023-08-02T10:00:03.000000Z"}, {"uuid": "1586a88c-005c-4a22-a1a5-286c2512177a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28042", "type": "seen", "source": "https://t.me/pt_soft/12", "content": "The JSON Web Token Toolkit v2\n\n\ud83d\udc0d A toolkit for testing, tweaking and cracking JSON Web Tokens\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u044c\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n(CVE-2015-2951) alg=none\n(CVE-2016-10555) RS/HS256 public key mismatch\n(CVE-2018-0114) Key injection\n(CVE-2019-20933/CVE-2020-28637) Blank password\n(CVE-2020-28042) Null signature\n\n#json #jwt #jwt_tool #json_web_token", "creation_timestamp": "2023-08-02T10:00:03.000000Z"}, {"uuid": "45e37c7d-f3cb-442c-b3ac-8d07d2ba79ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28046", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2060", "content": "#exploit\nVulnerabilities (CVE-2020-28044, CVE-2020-28045, CVE-2020-28046) and tools for the PAX Payment Devices, including D200, S80, S300, S800, S900, S920\nhttps://git.lsd.cat/g/pax-pwn", "creation_timestamp": "2022-02-07T06:20:15.000000Z"}, {"uuid": "fc569862-ec06-4083-9d3f-20448d70ba58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28044", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2060", "content": "#exploit\nVulnerabilities (CVE-2020-28044, CVE-2020-28045, CVE-2020-28046) and tools for the PAX Payment Devices, including D200, S80, S300, S800, S900, S920\nhttps://git.lsd.cat/g/pax-pwn", "creation_timestamp": "2022-02-07T06:20:15.000000Z"}, {"uuid": "c4c9f533-98c7-4bd0-8372-a3a73b6f5621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28049", "type": "seen", "source": "https://t.me/cibsecurity/15843", "content": "\u203c CVE-2020-28049 \u203c\n\nAn issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-04T22:42:36.000000Z"}]}