Exploit Prices 08/04/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix18
Temporary Fix0
Workaround1
Unavailable0
Not Defined26

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept8
Unproven0
Not Defined37

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤47
≤57
≤613
≤77
≤85
≤95
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤58
≤615
≤76
≤83
≤95
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k4
<2k15
<5k22
<10k2
<25k2
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k22
<2k16
<5k5
<10k1
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTIEPSSCVE
08/04/2022$5k-$25k$5k-$25kD-Link DIR820LA1 ping.ccp buffer overflowNot Defined
 
 
2.05-0.00885CVE-2022-34973
08/04/2022$5k-$25k$5k-$25kD-Link DIR810LA1 Ping_addr command injectionNot Defined
 
 
1.97-0.01005CVE-2022-34974
08/04/2022$5k-$25k$0-$5kApache JSPWiki Email UserPreferences.jsp cross-site request forgeryNot Defined
 
 
1.83-0.00885CVE-2022-28731
08/04/2022$5k-$25k$0-$5kApache JSPWiki Image Plugin cross-site request forgeryNot Defined
 
 
1.94-0.00885CVE-2022-34158
08/04/2022$0-$5k$0-$5kApache JSPWiki Request XHRHtml2Markup.jsp cross site scriptingNot Defined
 
 
2.91-0.00885CVE-2022-27166
08/04/2022$0-$5k$0-$5kApache JSPWiki WeblogPlugin cross site scriptingNot Defined
 
 
2.41-0.00885CVE-2022-28732
08/04/2022$0-$5k$0-$5kApache JSPWiki Request AJAXPreview.jsp cross site scriptingNot Defined
 
 
1.65-0.00885CVE-2022-28730
08/04/2022$0-$5k$0-$5kDjango Header FileResponse information disclosureNot Defined
 
 
2.51-0.00950CVE-2022-36359
08/04/2022$0-$5k$0-$5kSante DICOM Viewer Pro J2K File Parser out-of-bounds writeNot Defined
 
 
1.73-0.02293CVE-2022-28668
08/04/2022$0-$5k$0-$5kxhyve e1000 Virtual Device stack-based overflowNot Defined
 
 
2.75-0.02559CVE-2022-35867
08/04/2022$0-$5k$0-$5kBackdoor.Win32.Jokerdoor Service Port 27374 stack-based overflowProof-of-Concept
 
Link2.21-0.00000
08/04/2022$0-$5k$0-$5kDevExpress SafeBinaryFormatter deserializationNot Defined
 
 
1.94-0.02722CVE-2022-28684
08/04/2022$0-$5k$0-$5kConnMan gweb received_data heap-based overflowNot Defined
 
 
2.10-0.03948CVE-2022-32292
08/04/2022$0-$5k$0-$5kAES Crypt buffer overflowNot Defined
 
 
2.17-0.00885CVE-2022-35928
08/04/2022$0-$5k$0-$5kjeecg-boot unrestricted uploadProof-of-Concept
 
Link3.81-0.00000CVE-2022-2647
08/04/2022$0-$5k$0-$5kJetBrains Rider Project Dialog code injectionNot Defined
 
 
1.73-0.02559CVE-2022-37396
08/04/2022$0-$5k$0-$5kOMICARD EDM hard-coded credentialsNot Defined
 
 
2.800.00000CVE-2022-32965
08/04/2022$0-$5k$0-$5kv4l2loopback Card Label format stringNot Defined
 
 
1.800.00000CVE-2022-2652
08/04/2022$0-$5k$0-$5kOMICARD EDM API Function sql injectionNot Defined
 
 
2.160.00000CVE-2022-32964
08/04/2022$0-$5k$0-$5kSante PACS Server sql injectionNot Defined
 
 
1.87-0.01055CVE-2022-2272
08/04/2022$0-$5k$0-$5kTripleCross stack-based overflowNot Defined
 
 
1.99-0.00885CVE-2022-35506
08/04/2022$0-$5k$0-$5kConnMan WISPR HTTP Query use after freeNot Defined
 
 
1.88-0.01549CVE-2022-32293
08/04/2022$0-$5k$0-$5kLuadec UnsetPending heap-based overflowNot Defined
 
 
2.09-0.00885CVE-2022-34992
08/04/2022$0-$5k$0-$5kGVRET SerialConsole.cpp handleConfigCmd buffer overflowNot Defined
 
 
2.29-0.00885CVE-2022-35161
08/04/2022$0-$5k$0-$5kTripleCross Control Command memory corruptionNot Defined
 
 
1.77-0.00885CVE-2022-35505
08/04/2022$0-$5k$0-$5kFortinet FortiOS CLI access controlNot Defined
 
 
3.10-0.00885CVE-2022-23442
08/04/2022$0-$5k$0-$5kHCL Launch authorizationNot Defined
 
 
3.34-0.00885CVE-2022-27551
08/04/2022$0-$5k$0-$5kSourceCodester Online Admission System POST Parameter sql injectionProof-of-Concept
 
Link3.73-0.00000CVE-2022-2643
08/04/2022$0-$5k$0-$5kSourceCodester Multi Language Hotel Management Software sql injectionProof-of-Concept
 
Link3.81-0.00000CVE-2022-2648
08/04/2022$0-$5k$0-$5kSourceCodester Multi Language Hotel Management Software sql injectionProof-of-Concept
 
Link4.02-0.00000CVE-2022-2656
08/04/2022$0-$5k$0-$5kPostgreSQL JDBC Driver java.sql.ResultRow.refreshRow sql injectionNot Defined
 
 
2.84-0.00885CVE-2022-31197
08/04/2022$0-$5k$0-$5kOMICARD EDM path traversalNot Defined
 
 
2.190.00000CVE-2022-32963
08/04/2022$0-$5k$0-$5kOMICARD EDM Mail Image Relay path traversalNot Defined
 
 
1.870.00000CVE-2022-35216
08/04/2022$0-$5k$0-$5kVinchin Backup and Recovery hard-coded credentialsNot Defined
 
 
2.34-0.01055CVE-2022-35866
08/04/2022$0-$5k$0-$5kBMC Track-It! HTTP Request missing authenticationNot Defined
 
 
2.05-0.03948CVE-2022-35865
08/04/2022$0-$5k$0-$5kCentreon Virtual Metrics sql injectionNot Defined
 
 
1.99-0.01055CVE-2022-34872
08/04/2022$0-$5k$0-$5kCentreon sql injectionNot Defined
 
 
1.98-0.01055CVE-2022-34871
08/04/2022$0-$5k$0-$5kBMC Track-It! Endpoint GetPopupSubQueryDetails sql injectionNot Defined
 
 
1.88-0.01055CVE-2022-35864
08/04/2022$0-$5k$0-$5kBookWyrm authentication bypassNot Defined
 
 
2.41-0.00000CVE-2022-2651
08/04/2022$0-$5k$0-$5kSourceCodester Online Admission System GET Parameter sql injectionProof-of-Concept
 
Link3.23-0.00000CVE-2022-2644
08/04/2022$0-$5k$0-$5kPlanka Environment Variable environ path traversalNot Defined
 
 
2.010.00000CVE-2022-2653
08/04/2022$0-$5k$0-$5kCKEditor 5 cross site scriptingNot Defined
 
 
2.10-0.00950CVE-2022-31175
08/04/2022$0-$5k$0-$5kSourceCodester Garage Management System edituser.php cross site scriptingProof-of-Concept
 
 
3.41-0.00000CVE-2022-2645
08/04/2022$0-$5k$0-$5kSourceCodester Online Admission System index.php cross site scriptingProof-of-Concept
 
Link3.34-0.00000CVE-2022-2646
08/04/2022$0-$5k$0-$5kTencent TscanCode tsclua denial of serviceNot Defined
 
 
2.03-0.00885CVE-2022-35158

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!