Re: [Observium] SQL Injection?

Yeah, these were all fixed a few weeks ago. :)

Adam.

From: observium observium-bounces@observium.org On Behalf Of Hamilton, Kent via observium Sent: 05 October 2020 22:06 To: Observium observium@observium.org Cc: Hamilton, Kent KHamilton@Exegy.com Subject: Re: [Observium] SQL Injection?

Guess I should ask about these as well.

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNjksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz NiZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.WBHqNmysb7Dr0bk7LCj80AYIH LI7zogy-hmR8zb3EF4/s/1193564013/br/86429125654-l

CVE-2020-25136 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzYifQ.W1tW5 y4spG-SqWEIl_EeAHWUtrjqCIXAXNHsJXJOuos/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpLzVhZTMzNWEwODBiYTQwOTk2 ZDQwMjAxODE3NTllMDJmIn0.gvModKDAU081LhrAglnlxY9g7-ixRKQ0GesFgT3izIo/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz MSZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.15QzNqJyYIQ6GH2hq9RawZhFN tExexVdGs-GdPgnBbE/s/1193564013/br/86429125654-l

CVE-2020-25131 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzMsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzEifQ.EPnGy UZg-0AAOHjIvVhvbu-QZbswFeVlFqBnaJOjpZw/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzQsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpLzllYWI2NzViZGFmYjc5NzRk MDExNDU3OGYxZWMxODQ1In0.lxswGP5ohzoeSGzfaPvIYMD59DNNuTthzNuAnzZUtEI/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzUsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 MyZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.OZ61qo72schYm_iGgOorCi4Rt p_bixffsZIgH4vcSEg/s/1193564013/br/86429125654-l

CVE-2020-25143 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzYsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDMifQ.qL8gF KjiSQYHa0wrTpiS8i8Mz0_Numlte4tabO5tpfM/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzcsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy9lNzUzODgwODYwNjFjZTUyNjE2OTY3YmE5 ZWM2MzgyMCJ9.HaKkTw0DW6HB0-uqYgh-2TmOrkUoC0B7DB3cj_LSf70/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzgsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz NSZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.vincON92mwFUPnXfU4Ov9d4JG IwUqLmY2_mEleRKjSo/s/1193564013/br/86429125654-l

CVE-2020-25135 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozNzksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzUifQ.M36cG 6JMYm8IVVBtvwXbguf3muks52Og5i0Nx8INaoU/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpLzllYjk0YTYxN2E3MTkzYzZk M2I0NTVmNTM0OGJjYzFlIn0.cQ51MZjidFZUPBUImtTJluDUpqLJrp0kQytiCkixao4/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 NCZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.e3QQ69uc5oZXnCFrOoXXlNCSD 9d8NQVaO1m18puqMao/s/1193564013/br/86429125654-l

CVE-2020-25144 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDQifQ.rMe60 q5FxvDtxvtNYybjAvcchJIa09YAoV7JNG-kAI8/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODMsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy9mMjg0M2RlZWE3ZjkwZTViMzcxZTVjMDM3 MGZiNzc3NSJ9.KQSLUX8RfuP40djw2gl91m4HcN7vzqK7FPwwRldoZ28/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODQsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 NSZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.JIOGQV6SOXRH0kvEqq_qIsbCB vkt4fUsxetIEBEzhwY/s/1193564013/br/86429125654-l

CVE-2020-25145 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODUsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDUifQ.jYYSe VjfbVeIOEJI2G7jPSGtPfxPxvhtEpKeha8wwY0/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODYsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy81NzgxODY2NjdlMTg2MDdiYjM3YmFiOWIw ZjY2YWQ5OSJ9.dvpgBx7hJFlz5_7fNJFgsm7KUcurL8u8dsfxdhJ2bXc/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODcsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 OSZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.BHynULuETaVceXg9wuZbToeQx HyqXD3KEzXArJ76_lQ/s/1193564013/br/86429125654-l

CVE-2020-25149 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODgsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDkifQ.PnFPf CF7hPpBPZ0ZxcjXcSzKAGVoDOzNvwESvOsapCM/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozODksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy9jZmE2ZGQxYzNiZjY5MjRiMjY4ZjFjYTM4 MTk4YjQwZCJ9.tb5RrKGJcbW9WapAhMVh0BA_gXJOtlLwRpyKle91IOE/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field.

2020-09-25

4 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz MCZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6Ti9BOk4ifQ.EOwXvY1uYFngrGfQk4xieQsoj NqnrtBLNjNz65UJ2Wk/s/1193564013/br/86429125654-l

CVE-2020-25130 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzAifQ.Xmtd0 hjQ3qV1JLMY80dxu9qTAocfnlwBlAuWbdEcfBw/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpLzI0M2QxZTdjMDdhZGM3MzZi YWU4MDY5ZmU4MzE3NDVjIn0.QAQ5lmf3tHztDWxHVXcEGoPjGGB5UmWsGsMXhoXzTZ8/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTMsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz OSZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.QERV0KIjvyMd6qB9idQKK-8r8 a35MUlh8uCgbtGJeQs/s/1193564013/br/86429125654-l

CVE-2020-25139 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTQsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzkifQ.oO2O_ gd9AkGwZf_ufBfeGIgWUh3saMwhlC9EuGz-VXw/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTUsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpLzFlNzUyNjAyN2FlYzdhODll Nzg5NTBlNWU1N2QwMDdkIn0.RMMPkw7dlllmioaZ98w0HNGXs9-V1KJb9yw1bIDy0ho/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTYsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz MyZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.KxGvYrA9Bz37M0-4ZTBLzToRu wXo6Z3CUiWSWq8kcr0/s/1193564013/br/86429125654-l

CVE-2020-25133 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTcsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzMifQ.d7E_5 IFs281zr4afdcme8YvpRJ5al9XBd0XvUTNL5Tg/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTgsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpL2U5Nzk2YzlkODNlODIwMzAy ZWEyZmZlYzVmZjliMjk4In0.97jbg3QshhgmyaVSjm_Erfzgy57MBOlPEueQXmcw5nU/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjozOTksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 MCZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ._uXOSo46MQbrqX0UNJFCF5NaT sNA5DDomNm3F6yUm7c/s/1193564013/br/86429125654-l

CVE-2020-25140 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDAifQ._iJ0F kTWvZJwqjrss9LVrc4kDW3olFbQlMhjVhgE5uo/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2RvY3Mub2JzZXJ2aXVtLm9yZy9jaGFuZ2Vsb2cvIn0.ZIgXu0SXYtYloCFdfyaKnQZK 4GZZMzQTakTABs2BxAs/s/1193564013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz NyZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.m4SGEFy2-gXvncrYdiMMjtemd LxIZPWI-KuNPVrCDpA/s/1193564013/br/86429125654-l

CVE-2020-25137 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDMsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzcifQ.BOcb7 -nI8DzIOHCiPVPm8F1xyafT4UZoCYCf3uQFsrk/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDQsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpLzAxNWI2MDVhOWJkMzFmNDNh ODA4MGExMDVjNDMxMmE4In0.ev4rXUiRGyHRdpA0GGMjUUkdBgumpOhkQviScu-IgX8/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDUsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz OCZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.O54kQh1X8y42ujMOmclDoj5tW XO_nokEfjghD6k0ouw/s/1193564013/br/86429125654-l

CVE-2020-25138 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDYsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzgifQ.FqMLE Jg0u9uWT0M3nW7ErPcZMVV0YR4xRrukU3o3WVg/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDcsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpL2JmYjZkZWE3MzU4NmRiYjY2 OGQyODBkNDEyZWNiNmQ4In0.s2wHngt75yxZ5U_K3gc2aJxnACW5TCTCRB7y1s0AdZk/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.

2020-09-25

6.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDgsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz NCZ2ZWN0b3I9QVY6Ti9BQzpML0F1OlMvQzpQL0k6UC9BOlAifQ.Gal_rZgMPMjdk7VzaYKq5duce Xp2MtBOgMGe6hfQcAc/s/1193564013/br/86429125654-l

CVE-2020-25134 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MDksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzQifQ.C7Zqd Ts7w1-xJavjPJVE3lI1L2W6HG4BPHjmESjiwAY/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpL2EzZDE4ZmMzZDcxMTNjZjlj MDA0MTYxZWJkOTQyMGM5In0.eksH1hHN0qnE2iEfVrDq1-SbGnhao7RtHWVirZgwGxc/s/119356 4013/br/86429125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 MSZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.UVVImXpMyafrjg_5Dgrmf4sVO ioAee4A0dx-bQoIXq4/s/1193564013/br/86429125654-l

CVE-2020-25141 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDEifQ.HI_mo 7N_hJAvrEMeN0aiLNDz7B6A51vwwHaTktMqcZ4/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTMsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy9kYTUwYTgzZWIyODZjYzY0ZGRmZmE0YTBh YTlhZGRhNSJ9.-N1olWIXgvnXCpN3Tjbz7zY4AC_cdsMCjCp6wWtKDzk/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTQsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 MiZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.hWikSc3xwcrtId1tWyx3dac2U P8zdDKrPss3r_p4CtY/s/1193564013/br/86429125654-l

CVE-2020-25142 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTUsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDIifQ.6z0f1 TEKCZIbEKDRrU-uS8-WEPtleJkzeynK6dWNv4c/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTYsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy83NmFhODFlYzgyNjQ0YTg5YzIwODhhYjNl YTk5ZjA3YyJ9.7rx_j0g5ndm9jU1-M4ge69JUDoCScjDfNAPnf8xL8m0/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTcsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 NiZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.yr03m8mTl9AXuQ3aVU26yiw_F DL3BhOFTOSKN8KCsEQ/s/1193564013/br/86429125654-l

CVE-2020-25146 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTgsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDYifQ.0r8S4 vRSXuEJtKG4c3YY2UYQSt7Oe7LC6jJ1XmDZ1mQ/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MTksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy83ZjYzNjBlMTEyZTc5NTM5ZmViMTY2NjYw YmJiNzE5MyJ9.LVIvF3lqXwFA9wDKjI7IzjOFtTq9x9Ekm5aECBmOQ2w/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.

2020-09-25

4.3 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MjAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 OCZ2ZWN0b3I9QVY6Ti9BQzpNL0F1Ok4vQzpOL0k6UC9BOk4ifQ.O05_v04IwX2RfhQO06qpRLSuI lcfLkbwoCB8eqq6fSo/s/1193564013/br/86429125654-l

CVE-2020-25148 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MjEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDgifQ.6z_xa 1RdL9BN4UoMVDaNIUcyxDIFE5pcsomz5x_FXwk/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjo0MjIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy9mZGUwMWQxYTk0NGZlMjM3MDEwYTFlNTI0 ZGQxOTE4MCJ9.hpL0wdXWVIGkdcTNfPDBieNTzs0nv4rd-ZBfihD-nRA/s/1193564013/br/864 29125654-l

From: observium <observium-bounces@observium.org mailto:observium-bounces@observium.org > On Behalf Of Hamilton, Kent via observium Sent: Monday, October 5, 2020 4:03 PM To: Observium <observium@observium.org mailto:observium@observium.org > Cc: Hamilton, Kent <KHamilton@Exegy.com mailto:KHamilton@Exegy.com > Subject: [Observium] SQL Injection?

WARNING This email originated from outside of Exegy. DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.

I noted these on this weeks CERT vulnerability report have they been addressed? I don't see anything about them on the mailing list, site or bug tracker, I could have overlooked them I guess.

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.

2020-09-25

7.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMzcsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTE0 NyZ2ZWN0b3I9QVY6Ti9BQzpML0F1Ok4vQzpQL0k6UC9BOlAifQ.OymDOix-Kyp2nK0UaHc07aGKR b9NwszLd-f-eJlajfU/s/1193564013/br/86429125654-l

CVE-2020-25147 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMzgsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxNDcifQ.uFDCw lXvH7lyCJrt_mfhrw2vTuGrF1BexWPavE7MWNs/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMzksInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9haHBhbGV1cy9jOWVlMTEwOGQxNDZhOTQ0NzBmMTkxZmM0 MjNiZWUxMCJ9.nXH-0l_ZDTF6nmS8lEOCMMNRkFqc8dwszWIueTeA8qc/s/1193564013/br/864 29125654-l

observium -- observium

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.

2020-09-25

7.5 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxNDAsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9jdnNzLmNmbT92ZXJzaW9uPTImbmFtZT1DVkUtMjAyMC0yNTEz MiZ2ZWN0b3I9QVY6Ti9BQzpML0F1Ok4vQzpQL0k6UC9BOlAifQ.I8onUoz4rDMVmCuomVvfEGfmB JEYnpbSRnM2mluoMBg/s/1193564013/br/86429125654-l

CVE-2020-25132 https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxNDEsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL252ZC5uaXN0Lmdvdi9udmQuY2ZtP2N2ZW5hbWU9Q1ZFLTIwMjAtMjUxMzIifQ.BVtTc TRKhxCJiXegl88Yh5uus3kFP2l_vtODL-DlDRA/s/1193564013/br/86429125654-l MISC https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxNDIsInVy aSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDEwMDUuMjgyMzU3NTEiLCJ1cmwiOiJo dHRwczovL2dpc3QuZ2l0aHViLmNvbS9tYXJpdXN6cG9wbGF3c2tpL2U3MGJjMGFmZTU4NTNlMjgz ZDNmZDM1MTFhMWNlMDlkIn0.mgEK-iytzOoDsSud_7dZpzcPUSGG1LPvQZaTU_JGGH4/s/119356 4013/br/86429125654-l

_____

This e-mail and any documents accompanying it may contain legally privileged and/or confidential information belonging to Exegy, Inc. Such information may be protected from disclosure by law. The information is intended for use by only the addressee. If you are not the intended recipient, you are hereby notified that any disclosure or use of the information is strictly prohibited. If you have received this e-mail in error, please immediately contact the sender by e-mail or phone regarding instructions for return or destruction and do not use or disclose the content to others.

_____

This e-mail and any documents accompanying it may contain legally privileged and/or confidential information belonging to Exegy, Inc. Such information may be protected from disclosure by law. The information is intended for use by only the addressee. If you are not the intended recipient, you are hereby notified that any disclosure or use of the information is strictly prohibited. If you have received this e-mail in error, please immediately contact the sender by e-mail or phone regarding instructions for return or destruction and do not use or disclose the content to others.