Exploits 03/07/2019info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
03/07/2019$0-$5k$0-$5kFlowPaper Flexpaper Command privilege escalationNot Defined
 
 
0.00CVE-2018-11686
03/07/2019$0-$5k$0-$5kPHPSHE cart.php sql injectionNot Defined
 
 
0.00CVE-2019-9626
03/07/2019$0-$5k$0-$5kJBMC DirectAdmin CMD_ACCOUNT_ADMIN cross site request forgeryNot Defined
 
 
0.00CVE-2019-9625
03/07/2019$0-$5k$0-$5kCScms pay cross site request forgeryNot Defined
 
 
0.00CVE-2019-9598
03/07/2019$0-$5k$0-$5kBolt Filemanager FilesystemManager.php PHP Code Execution privilege escalationNot Defined
 
 
0.08CVE-2019-9185
03/07/2019$0-$5k$0-$5kMotorola C1/M2 HNAP1 command injectionNot Defined
 
 
0.00CVE-2019-9121
03/07/2019$0-$5k$0-$5kMotorola C1/M2 HNAP1 command injectionNot Defined
 
 
0.00CVE-2019-9120
03/07/2019$0-$5k$0-$5kMotorola C1/M2 HNAP1 command injectionNot Defined
 
 
0.00CVE-2019-9119
03/07/2019$0-$5k$0-$5kMotorola C1/M2 HNAP1 command injectionNot Defined
 
 
0.00CVE-2019-9118
03/07/2019$0-$5k$0-$5kMotorola C1/M2 HNAP1 command injectionNot Defined
 
 
0.00CVE-2019-9117
03/07/2019$0-$5k$0-$5kTIBCO JasperReports Server SOAP API information disclosureNot Defined
 
 
0.00CVE-2019-8986
03/07/2019$0-$5k$0-$5kDiliCMS index.php Stored cross site scriptingNot Defined
 
 
0.00CVE-2019-8440
03/07/2019$0-$5k$0-$5kDiliCMS index.php Stored cross site scriptingNot Defined
 
 
0.00CVE-2019-8439
03/07/2019$0-$5k$0-$5kDiliCMS index.php Stored cross site scriptingNot Defined
 
 
0.00CVE-2019-8438
03/07/2019$0-$5k$0-$5knjiandan-cms user_new cross site request forgeryNot Defined
 
 
0.00CVE-2019-8437
03/07/2019$0-$5k$0-$5kPHPMyWind connect.php Reflected cross site scriptingNot Defined
 
 
0.00CVE-2019-7661
03/07/2019$0-$5k$0-$5kPHPMyWind index.php Stored cross site scriptingNot Defined
 
 
0.00CVE-2019-7660
03/07/2019$0-$5k$0-$5kImageMagick pcd.c DecodeImage Memory Leak denial of serviceNot Defined
 
 
0.00CVE-2019-7175
03/07/2019$0-$5k$0-$5kZyXEL NBG-418N v2 login.cgi cross site request forgeryProof-of-Concept
 
Link0.00CVE-2019-6710
03/07/2019$0-$5k$0-$5kRainbow PDF Office Server Document Converter PowerPoint Document Conversion getSummaryInformation Out-of-Bounds memory corruptionNot Defined
 
 
0.00CVE-2019-5019
03/07/2019$0-$5k$0-$5kCloud Foundry Stratos Session privilege escalationNot Defined
 
 
0.00CVE-2019-3784
03/07/2019$0-$5k$0-$5kCloud Foundry Stratos Session Store Secret weak authenticationNot Defined
 
 
0.00CVE-2019-3783
03/07/2019$0-$5k$0-$5kCloud Foundry CLI Log information disclosureNot Defined
 
 
0.00CVE-2019-3781
03/07/2019$0-$5k$0-$5kSpring Security OAuth Authorization Endpoint Open RedirectNot Defined
 
 
0.00CVE-2019-3778
03/07/2019$0-$5k$0-$5kPivotal Application Service Cloud Controller Proxy Certificate weak authenticationNot Defined
 
 
0.00CVE-2019-3777
03/07/2019$0-$5k$0-$5kPivotal Operations Manager Reflected cross site scriptingNot Defined
 
 
0.00CVE-2019-3776
03/07/2019$0-$5k$0-$5kCloud Foundry UAA Email Address spoofingNot Defined
 
 
0.00CVE-2019-3775
03/07/2019$5k-$25k$0-$5kDell WES Wyse Device Agent/Wyse ThinLinux Hagent FTP Client memory corruptionNot Defined
 
 
0.00CVE-2019-3712
03/07/2019$5k-$25k$0-$5kCisco FXOS/NX-OS File System Permission information disclosureNot Defined
 
 
0.00CVE-2019-1600
03/07/2019$5k-$25k$0-$5kCisco NX-OS Network Stack denial of serviceNot Defined
 
 
0.00CVE-2019-1599
03/07/2019$5k-$25k$0-$5kCisco FXOS/NX-OS LDAP denial of serviceNot Defined
 
 
0.00CVE-2019-1598
03/07/2019$5k-$25k$0-$5kCisco FXOS/NX-OS LDAP denial of serviceNot Defined
 
 
0.00CVE-2019-1597
03/07/2019$5k-$25k$0-$5kCisco NX-OS bash privilege escalationNot Defined
 
 
0.00CVE-2019-1596
03/07/2019$5k-$25k$5k-$25kApache Solr Config API Remote Code ExecutionNot Defined
 
 
0.00CVE-2019-0192
03/07/2019$0-$5k$0-$5kyaml-cpp YAML File HandleFlowSequence denial of serviceNot Defined
 
 
0.00CVE-2018-20710
03/07/2019$0-$5k$0-$5kTIBCO JasperReports Server Repository Persistent cross site scriptingNot Defined
 
 
0.00CVE-2018-18816
03/07/2019$0-$5k$0-$5kTIBCO JasperReports Server REST API weak authenticationNot Defined
 
 
0.00CVE-2018-18815
03/07/2019$0-$5k$0-$5kTIBCO JasperReports Library Default Server directory traversalNot Defined
 
 
0.00CVE-2018-18809
03/07/2019$0-$5k$0-$5kTIBCO JasperReports Server Domain Management privilege escalationNot Defined
 
 
0.06CVE-2018-18808
03/07/2019$0-$5k$0-$5kEmpireCMS ListUser.php cross site request forgeryNot Defined
 
 
0.00CVE-2018-18449

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!