Archive 02/25/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1505228.58.2ISPConfig sql injection$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-9398
1505216.56.2pricing-table-by-supsystic Plugin cross site request forgery$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-9394
1505206.56.2pricing-table-by-supsystic Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-9393
1505195.45.4MiContact Center Business with Site Based Security SDK information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9379
1505186.86.8Gurux GXDLMS Director Code Execution directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8810
1505177.77.3Gurux GXDLMS Director Update files.xml Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-8809
1505167.87.8Druva inSync Mac OS Client Python privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-4000
1505156.86.8Druva inSync Windows Client OS Command Injection privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-3999
1505135.45.4Linux Kernel GNU C Library Heap-based memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2020-9391
1505126.25.7Linux Kernel floppy.c set_fdc Out-of-Bounds memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2020-9383
1505114.13.910Web Photo Gallery Plugin Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-9335
1505104.74.7Envira Photo Gallery Plugin Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9334
1505095.25.2WpJobBoard Plugin Add Job Form Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9019
1505084.84.8LiteCart cross site request forgery$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9018
1505076.76.7LiteCart Customer Profile CSV Injection privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9017
1505064.74.7BlackBoard Learn/PeopleTool Profile Editor Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9008
1505058.58.2OpenSMTPD mta_session.c Out-of-Bounds memory corruption$0-$5k$0-$5kHighOfficial FixCVE-2020-8794
1505044.03.7OpenSMTPD makemap.c information disclosure$0-$5k$0-$5kFunctionalOfficial FixCVE-2020-8793
1505037.37.3Moxa AWK-3131A Web Authentication weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5165
1505027.57.5Moxa AWK-3131A iw_webs memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5162
1505017.57.5Moxa AWK-3131A iw_webs Code Execution memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5153
1505006.46.4Moxa AWK-3131A serviceAgent Integer Underflow denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5148
1504997.57.5Moxa AWK-3131A iw_console Code Execution Format String$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5143
1504985.95.9Moxa AWK-3131A Network Configuration command injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5142
1504977.57.5Moxa AWK-3131A iw_webs Code Injection privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5141
1504967.57.5Moxa AWK-3131A iwwebs Reflected privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5140
1504956.26.2Moxa AWK-3131A Utilities Default Key weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5139
1504948.18.1Moxa AWK-3131A Encrypted Diagnostic Script command injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5138
1504936.46.4Moxa AWK-3131A serviceAgent Default Key weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5137
1504928.88.8Moxa AWK-3131A iw_console privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5136
1504915.35.3IBM QRadar Advisor information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4672
1504906.46.4IBM QRadar Advisor Watson weak encryption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4557
1504893.63.6Solarwinds Orion Platform Settings Screen HTML Injection cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-12863
1504886.46.4Zint libzint upcean.c NULL Pointer Dereference denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9385
1504797.27.2CardGate Payments Plugin PIN Callback cardgate.php privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8819
1504787.27.2CardGate Payments Plugin Callback.php privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8818

Do you need the next level of professionalism?

Upgrade your account now!