Exploits 03/27/2018info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCVE
03/27/2018$0-$5k$0-$5kRoland Gruber Softwareentwicklung LDAP Account Manager cross site scriptingNot Defined
 
 
CVE-2018-8763
03/27/2018$0-$5k$0-$5kNordVPN XPC Service Remote Code ExecutionNot Defined
 
 
CVE-2018-9105
03/27/2018$0-$5k$0-$5kminiCMS conf.php cross site request forgeryProof-of-Concept
 
LinkCVE-2018-9092
03/27/2018$0-$5k$0-$5kLong Range Zip lrz File runzip.c runzip_fd denial of serviceNot Defined
 
 
CVE-2018-9058
03/27/2018$0-$5k$0-$5kHashicorp Terraform Amazon Web Services PRNG resource_aws_iam_user_login_profile.go weak authenticationNot Defined
 
 
CVE-2018-9057
03/27/2018$0-$5k$0-$5kCPU Speculative Execution BranchScope information disclosureNot Defined
 
 
CVE-2018-9056
03/27/2018$0-$5k$0-$5kRoland Gruber Softwareentwicklung LDAP Account Manager CSRF Protection cross site request forgeryNot Defined
 
 
CVE-2018-8764
03/27/2018$0-$5k$0-$5kRoland Gruber Softwareentwicklung LDAP Account Manager cmd.php cross site scriptingNot Defined
 
 
CVE-2018-8763
03/27/2018$0-$5k$0-$5kMailer Plugin sendTestMail cross site request forgeryProof-of-Concept
 
LinkCVE-2018-8718
03/27/2018$0-$5k$0-$5kLoofah Gem Whitelist privilege escalationNot Defined
 
 
CVE-2018-8048
03/27/2018$0-$5k$0-$5kDeDeCMS tag_test_action.php cross site request forgeryNot Defined
 
 
CVE-2018-7700
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket index.php cross site scriptingNot Defined
 
 
CVE-2018-7196
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket Password Reset weak authenticationNot Defined
 
 
CVE-2018-7195
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket Integer denial of serviceNot Defined
 
 
CVE-2018-7194
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket directory.php cross site scriptingNot Defined
 
 
CVE-2018-7193
03/27/2018$0-$5k$0-$5kEnhancesoft osTicket help-topic cross site scriptingNot Defined
 
 
CVE-2018-7192
03/27/2018$0-$5k$0-$5kSynacor Zimbra Collaboration ZmMailMsgViewgetAttachmentLinkHtml cross site scriptingNot Defined
 
 
CVE-2018-6882
03/27/2018$0-$5k$0-$5kSwisscom TVMediaHelper DLL Loader SwisscomTVMediaHelper.exe privilege escalationNot Defined
 
 
CVE-2018-6766
03/27/2018$0-$5k$0-$5kSwisscom MySwisscomAssistant DLL Loader MySwisscomAssistant_Setup.exe privilege escalationNot Defined
 
 
CVE-2018-6765
03/27/2018$5k-$25k$0-$5kApache Struts REST Plugin Xstream denial of serviceNot Defined
 
 
CVE-2018-1327
03/27/2018$0-$5k$0-$5kCloud Foundry Silk CNI Plugin ASG privilege escalationNot Defined
 
 
CVE-2018-1267
03/27/2018$0-$5k$0-$5kCloud Foundry Cloud Controller directory traversalNot Defined
 
 
CVE-2018-1266
03/27/2018$5k-$25k$0-$5kDell EMC ScaleIO Light Installation Agent command injectionNot Defined
 
 
CVE-2018-1238
03/27/2018$5k-$25k$0-$5kDell EMC ScaleIO Light Installation Agent privilege escalationNot Defined
 
 
CVE-2018-1237
03/27/2018$0-$5k$0-$5kCloud Foundry BOSH CLI privilege escalationNot Defined
 
 
CVE-2018-1231
03/27/2018$5k-$25k$0-$5kDell EMC SaleIO MDM Service Crash denial of serviceNot Defined
 
 
CVE-2018-1205
03/27/2018$0-$5k$0-$5kLinux Kernel ptrace.c flush_tmregs_to_thread denial of serviceNot Defined
 
 
CVE-2018-1091
03/27/2018$5k-$25k$0-$5kOpenSSL ASN.1 Exhaustion denial of serviceNot Defined
 
 
CVE-2018-0739
03/27/2018$5k-$25k$0-$5kOpenSSL PA-RISC CRYPTO_memcmp weak authenticationNot Defined
 
 
CVE-2018-0733
03/27/2018$5k-$25k$0-$5kCisco ClamAV clamscan pdfng.c denial of serviceNot Defined
 
 
CVE-2018-0202

Want to stay up to date on a daily basis?

Enable the mail alert feature now!