Exploits 03/27/2018info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

03/27/2018$0-$5k$0-$5kRoland Gruber Softwareentwicklung LDAP Account Manager cross site scriptingNot Defined
03/27/2018$0-$5k$0-$5kNordVPN XPC Service Remote Code ExecutionNot Defined
03/27/2018$0-$5k$0-$5kminiCMS conf.php cross site request forgeryProof-of-Concept
03/27/2018$0-$5k$0-$5kLong Range Zip lrz File runzip.c runzip_fd denial of serviceNot Defined
03/27/2018$0-$5k$0-$5kHashicorp Terraform Amazon Web Services PRNG resource_aws_iam_user_login_profile.go weak authenticationNot Defined
03/27/2018$0-$5k$0-$5kCPU Speculative Execution BranchScope information disclosureNot Defined
03/27/2018$0-$5k$0-$5kRoland Gruber Softwareentwicklung LDAP Account Manager CSRF Protection cross site request forgeryNot Defined
03/27/2018$0-$5k$0-$5kRoland Gruber Softwareentwicklung LDAP Account Manager cmd.php cross site scriptingNot Defined
03/27/2018$0-$5k$0-$5kMailer Plugin sendTestMail cross site request forgeryProof-of-Concept
03/27/2018$0-$5k$0-$5kLoofah Gem Whitelist privilege escalationNot Defined
03/27/2018$0-$5k$0-$5kDeDeCMS tag_test_action.php cross site request forgeryNot Defined
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket index.php cross site scriptingNot Defined
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket Password Reset weak authenticationNot Defined
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket Integer denial of serviceNot Defined
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket directory.php cross site scriptingNot Defined
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket help-topic cross site scriptingNot Defined
03/27/2018$0-$5k$0-$5kSynacor Zimbra Collaboration ZmMailMsgViewgetAttachmentLinkHtml cross site scriptingNot Defined
03/27/2018$0-$5k$0-$5kSwisscom TVMediaHelper DLL Loader SwisscomTVMediaHelper.exe privilege escalationNot Defined
03/27/2018$0-$5k$0-$5kSwisscom MySwisscomAssistant DLL Loader MySwisscomAssistant_Setup.exe privilege escalationNot Defined
03/27/2018$5k-$25k$0-$5kApache Struts REST Plugin Xstream denial of serviceNot Defined
03/27/2018$0-$5k$0-$5kCloud Foundry Silk CNI Plugin ASG privilege escalationNot Defined
03/27/2018$0-$5k$0-$5kCloud Foundry Cloud Controller directory traversalNot Defined
03/27/2018$5k-$25k$0-$5kDell EMC ScaleIO Light Installation Agent command injectionNot Defined
03/27/2018$5k-$25k$0-$5kDell EMC ScaleIO Light Installation Agent privilege escalationNot Defined
03/27/2018$0-$5k$0-$5kCloud Foundry BOSH CLI privilege escalationNot Defined
03/27/2018$5k-$25k$0-$5kDell EMC SaleIO MDM Service Crash denial of serviceNot Defined
03/27/2018$0-$5k$0-$5kLinux Kernel ptrace.c flush_tmregs_to_thread denial of serviceNot Defined
03/27/2018$5k-$25k$0-$5kOpenSSL ASN.1 Exhaustion denial of serviceNot Defined
03/27/2018$5k-$25k$0-$5kOpenSSL PA-RISC CRYPTO_memcmp weak authenticationNot Defined
03/27/2018$5k-$25k$0-$5kCisco ClamAV clamscan pdfng.c denial of serviceNot Defined

Want to stay up to date on a daily basis?

Enable the mail alert feature now!