Exploits 04/22/2019info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
04/22/2019$0-$5k$0-$5kCheck Point ZoneAlarm/Endpoint Security Client Log File Archive privilege escalationProof-of-ConceptPowerShellLink0.00CVE-2019-8452
04/22/2019$0-$5k$0-$5kLenovo System X Integrated Management Module II Private Key information disclosureNot Defined
 
 
0.00CVE-2019-6157
04/22/2019$5k-$25k$0-$5kIBM System X/BladeCenter SMI denial of serviceNot Defined
 
 
0.00CVE-2019-6155
04/22/2019$0-$5k$0-$5kc3p0 XML Configuration Recursion denial of serviceNot Defined
 
 
0.00CVE-2019-5427
04/22/2019$0-$5k$0-$5kMercurial Subrepository Symlink privilege escalationNot Defined
 
 
0.00CVE-2019-3902
04/22/2019$0-$5k$0-$5kLinux Kernel setuid Program perf_event_open race condition information disclosureNot Defined
 
 
0.00CVE-2019-3901
04/22/2019$0-$5k$0-$5kOpenShift Container Platform 3 Heketi weak authenticationNot Defined
 
 
0.00CVE-2019-3899
04/22/2019$0-$5k$0-$5kGNOME Nautilus Sandbox privilege escalationNot Defined
 
 
0.00CVE-2019-11461
04/22/2019$0-$5k$0-$5kGNOME gnome-desktop Sandbox privilege escalationNot Defined
 
 
0.00CVE-2019-11460
04/22/2019$0-$5k$0-$5kGNOME Evince TIFF File tiff_document_get_thumbnail Uninitialized Memory denial of serviceNot Defined
 
 
0.00CVE-2019-11459
04/22/2019$0-$5k$0-$5kGila CMS cross site request forgeryNot Defined
 
 
0.00CVE-2019-11456
04/22/2019$0-$5k$0-$5kTildeslash Monit util.c Util_urlDecode memory corruptionNot Defined
 
 
0.00CVE-2019-11455
04/22/2019$0-$5k$0-$5kTildeslash Monit HTTP Basic Authentication cervlet.c _viewlog Persistent cross site scriptingNot Defined
 
 
0.00CVE-2019-11454
04/22/2019$0-$5k$0-$5kwhatsns sql injectionNot Defined
 
 
0.00CVE-2019-11452
04/22/2019$0-$5k$0-$5kwhatsns sql injectionNot Defined
 
 
0.00CVE-2019-11451
04/22/2019$0-$5k$0-$5kwhatsns sql injectionNot Defined
 
 
0.00CVE-2019-11450
04/22/2019$0-$5k$0-$5kI, Librarian notes.php cross site scriptingNot Defined
 
 
0.00CVE-2019-11449
04/22/2019$0-$5k$0-$5kZoho ManageEngine Applications Manager Popup_SLA.jsp sql injectionProof-of-Concept
 
Link0.00CVE-2019-11448
04/22/2019$0-$5k$0-$5kCutePHP CuteNews Remote Code ExecutionProof-of-Concept
 
Link0.00CVE-2019-11447
04/22/2019$0-$5k$0-$5kATutor upload.php Command privilege escalationNot Defined
 
 
0.00CVE-2019-11446
04/22/2019$0-$5k$0-$5kOpenKM JSP File okm:root Remote Code ExecutionNot Defined
 
 
0.00CVE-2019-11445
04/22/2019$0-$5k$0-$5kLiferay Portal CE [command].execute() OS Command Injection privilege escalationNot Defined
 
 
0.10CVE-2019-11444
04/22/2019$0-$5k$0-$5kI, Librarian export.php cross site scriptingNot Defined
 
 
0.00CVE-2019-11428
04/22/2019$0-$5k$0-$5kidreamsoft iCMS search.app.php cross site scriptingNot Defined
 
 
0.00CVE-2019-11427
04/22/2019$0-$5k$0-$5kidreamsoft iCMS admincp.header.php cross site scriptingNot Defined
 
 
0.08CVE-2019-11426
04/22/2019$0-$5k$0-$5kTRENDnet TEW-632BRP HNAP Interface apply.cgi memory corruptionNot Defined
 
 
0.00CVE-2019-11418
04/22/2019$0-$5k$0-$5kTRENDnet TV-IP110WN system.cgi respondAsp memory corruptionNot Defined
 
 
0.00CVE-2019-11417
04/22/2019$0-$5k$0-$5kIntelbras IWR 3000N user cross site request forgeryNot Defined
 
 
0.00CVE-2019-11416
04/22/2019$0-$5k$0-$5kIntelbras IWR 3000N login denial of serviceNot Defined
 
 
0.00CVE-2019-11415
04/22/2019$0-$5k$0-$5kIntelbras IWR 3000N weak authenticationNot Defined
 
 
0.00CVE-2019-11414
04/22/2019$0-$5k$0-$5kArtifex MuJS regexp.c match Recursion denial of serviceNot Defined
 
 
0.00CVE-2019-11413
04/22/2019$0-$5k$0-$5kArtifex MuJS jscompile.c denial of serviceNot Defined
 
 
0.00CVE-2019-11412
04/22/2019$0-$5k$0-$5kArtifex MuJS jsnumber.c numtostr Stack-based memory corruptionNot Defined
 
 
0.00CVE-2019-11411
04/22/2019$0-$5k$0-$5kOpenAPI Tools OpenAPI Generator 7PK Security FeaturesNot Defined
 
 
0.06CVE-2019-11405
04/22/2019$0-$5k$0-$5karrow-kt Arrow Gradle Build Artifact Resolver weak encryptionNot Defined
 
 
0.00CVE-2019-11404
04/22/2019$0-$5k$0-$5kGradle Enterprise Build Cache Node Password information disclosureNot Defined
 
 
0.00CVE-2019-11403
04/22/2019$0-$5k$0-$5kGradle Enterprise Build Cache Node weak encryptionNot Defined
 
 
0.00CVE-2019-11402
04/22/2019$0-$5k$0-$5kSiteServer CMS Remote Code ExecutionNot Defined
 
 
0.00CVE-2019-11401
04/22/2019$0-$5k$0-$5kMailCarrier memory corruptionNot Defined
 
 
0.00CVE-2019-11395
04/22/2019$0-$5k$0-$5kMonit update privilege escalationNot Defined
 
 
0.00CVE-2019-11393

Want to stay up to date on a daily basis?

Enable the mail alert feature now!