Exploit Prices 08/21/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
08/21/2021$5k-$25k$0-$5kAdobe Character Animator memory corruptionNot Defined
 
 
0.00CVE-2021-36000
08/21/2021$5k-$25k$0-$5kAdobe Illustrator out-of-bounds writeNot Defined
 
 
0.00CVE-2021-28592
08/21/2021$5k-$25k$0-$5kAdobe Media Encoder memory corruptionNot Defined
 
 
0.04CVE-2021-36015
08/21/2021$5k-$25k$0-$5kAdobe Illustrator out-of-bounds writeNot Defined
 
 
0.08CVE-2021-28591
08/21/2021$5k-$25k$0-$5kAdobe Bridge out-of-bounds writeNot Defined
 
 
0.00CVE-2021-35989
08/21/2021$5k-$25k$0-$5kAdobe Premiere Pro memory corruptionNot Defined
 
 
0.03CVE-2021-35997
08/21/2021$5k-$25k$0-$5kAdobe Prelude memory corruptionNot Defined
 
 
0.00CVE-2021-35999
08/21/2021$5k-$25k$0-$5kAdobe Illustrator memory corruptionNot Defined
 
 
0.00CVE-2021-36009
08/21/2021$5k-$25k$0-$5kAdobe Context heap-based overflowNot Defined
 
 
0.00CVE-2021-28624
08/21/2021$5k-$25k$0-$5kAdobe Bridge out-of-bounds writeNot Defined
 
 
0.00CVE-2021-35990
08/21/2021$5k-$25k$0-$5kAdobe Illustrator use after freeNot Defined
 
 
0.02CVE-2021-28593
08/21/2021$5k-$25k$0-$5kAdobe Illustrator use after freeNot Defined
 
 
0.08CVE-2021-36008
08/21/2021$5k-$25k$0-$5kAdobe Dimension uncontrolled search pathNot Defined
 
 
0.04CVE-2021-28595
08/21/2021$5k-$25k$0-$5kAdobe Photoshop stack-based overflowNot Defined
 
 
0.00CVE-2021-36005
08/21/2021$5k-$25k$0-$5kAdobe Illustrator os command injectionNot Defined
 
 
0.00CVE-2021-36011
08/21/2021$5k-$25k$0-$5kAdobe Photoshop input validationNot Defined
 
 
0.00CVE-2021-36006
08/21/2021$0-$5k$0-$5kAT&T Xmill XML Decompression DecodeTreeBlock heap-based overflowNot Defined
 
 
0.00CVE-2021-21826
08/21/2021$0-$5k$0-$5kAT&T Xmill XML Decompression heap-based overflowNot Defined
 
 
0.00CVE-2021-21827
08/21/2021$0-$5k$0-$5kAT&T Xmill XML Decompression AddLabel heap-based overflowNot Defined
 
 
0.00CVE-2021-21828
08/21/2021$0-$5k$0-$5kAdobe Bridge uninitialized pointerNot Defined
 
 
0.00CVE-2021-35991
08/21/2021$0-$5k$0-$5kAdobe Character Animator out-of-bounds readNot Defined
 
 
0.00CVE-2021-36001
08/21/2021$0-$5k$0-$5kAdobe Bridge out-of-bounds readNot Defined
 
 
0.00CVE-2021-35992
08/21/2021$0-$5k$0-$5kAdobe Media Encoder out-of-bounds readNot Defined
 
 
0.00CVE-2021-28590
08/21/2021$0-$5k$0-$5kAdobe Media Encoder uninitialized pointerNot Defined
 
 
0.03CVE-2021-36014
08/21/2021$0-$5k$0-$5kAdobe Media Encoder out-of-bounds readNot Defined
 
 
0.03CVE-2021-28589
08/21/2021$0-$5k$0-$5kAdobe Prelude uninitialized pointerNot Defined
 
 
0.00CVE-2021-36007
08/21/2021$0-$5k$0-$5kAdobe Media Encoder out-of-bounds readNot Defined
 
 
0.00CVE-2021-36016
08/21/2021$0-$5k$0-$5kAdobe Illustrator out-of-bounds readNot Defined
 
 
0.04CVE-2021-36010
08/21/2021$0-$5k$0-$5krConfig Connection server-side request forgeryNot Defined
 
 
0.02CVE-2020-25353
08/21/2021$0-$5k$0-$5kSEOPanel Import Website unrestricted uploadProof-of-Concept
 
Link0.00CVE-2020-27461
08/21/2021$0-$5k$0-$5kBaserow File Upload server-side request forgeryNot Defined
 
 
0.00CVE-2021-22255
08/21/2021$0-$5k$0-$5kFFmpeg Argument adtsenc.c adts_decode_extradata return valueNot Defined
 
 
0.00CVE-2021-38171
08/21/2021$0-$5k$0-$5kPrestahome Blog sql injectionNot Defined
 
 
0.00CVE-2021-36748
08/21/2021$0-$5k$0-$5kEclipse Californium DTLS Handshake certificate validationNot Defined
 
 
0.05CVE-2021-34433
08/21/2021$0-$5k$0-$5kKomoot Friend Finder information disclosureNot Defined
 
 
0.07CVE-2021-21823
08/21/2021$0-$5k$0-$5kGitLab Community Edition/Enterprise Edition Shell information disclosureNot Defined
 
 
0.04CVE-2021-22254
08/21/2021$0-$5k$0-$5kHitachi ABB Power Grids Retail Operations insufficiently protected credentialsNot Defined
 
 
0.00CVE-2021-35529
08/21/2021$0-$5k$0-$5kTOTOLINK A3002R tcpipwan.htm cross site scriptingNot Defined
 
 
0.00CVE-2021-34215
08/21/2021$0-$5k$0-$5kTOTOLINK A3002R tr069config.htm cross site scriptingNot Defined
 
 
0.05CVE-2021-34220
08/21/2021$0-$5k$0-$5kPonzu CMS configure.html cross-site request forgeryNot Defined
 
 
0.04CVE-2020-24130
08/21/2021$0-$5k$0-$5kGitLab Design Feature cross site scriptingNot Defined
 
 
0.00CVE-2021-22238
08/21/2021$0-$5k$0-$5kTOTOLINK A3002R ddns.htm cross site scriptingNot Defined
 
 
0.07CVE-2021-34207
08/21/2021$0-$5k$0-$5kTOTOLINK A3002R urlfilter.htm cross site scriptingNot Defined
 
 
0.07CVE-2021-34223
08/21/2021$0-$5k$0-$5kTOTOLINK A3002R parent_control.htm cross site scriptingNot Defined
 
 
0.00CVE-2021-34228
08/21/2021$0-$5k$0-$5kTOTOLINK A702R Login Portal file information disclosureNot Defined
 
 
0.00CVE-2021-34218
08/21/2021$0-$5k$0-$5kGitLab Webhook denial of serviceNot Defined
 
 
0.04CVE-2021-22246

Interested in the pricing of exploits?

See the underground prices here!