Exploits 02/04/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
02/04/2020$25k-$100k$5k-$25kIBM WebSphere Application Server File Name privileges managementNot Defined
 
 
0.04CVE-2020-4163
02/04/2020$5k-$25k$0-$5kSquid Web Proxy Reverse Proxy memory corruptionNot Defined
 
 
0.04CVE-2020-8450
02/04/2020$5k-$25k$5k-$25kIBM Security Directory Server clickjackingNot Defined
 
 
0.06CVE-2019-4548
02/04/2020$5k-$25k$0-$5kSquid Web Proxy exposure of resourceNot Defined
 
 
0.06CVE-2020-8449
02/04/2020$5k-$25k$5k-$25kIBM Security Directory Server Blacklist privileges managementNot Defined
 
 
0.00CVE-2019-4541
02/04/2020$5k-$25k$5k-$25kIBM Security Identity Manager hard-coded credentialsNot Defined
 
 
0.00CVE-2019-4675
02/04/2020$5k-$25k$5k-$25kIBM Security Directory Server missing authenticationNot Defined
 
 
0.00CVE-2019-4551
02/04/2020$5k-$25k$5k-$25kIBM Security Directory Server Debugging information disclosureNot Defined
 
 
0.07CVE-2019-4550
02/04/2020$5k-$25k$5k-$25kIBM Security Directory Server URL information disclosureNot Defined
 
 
0.00CVE-2019-4562
02/04/2020$5k-$25k$0-$5kSquid Web Proxy FTP Server information disclosureNot Defined
 
 
0.09CVE-2019-12528
02/04/2020$5k-$25k$5k-$25kIBM Security Identity Manager path traversalNot Defined
 
 
0.00CVE-2019-4674
02/04/2020$5k-$25k$0-$5kIBM Security Directory Server missing encryptionNot Defined
 
 
0.03CVE-2019-4540
02/04/2020$5k-$25k$0-$5kSquid Web Proxy NTLM Authentication ext_lm_group_acl input validationNot Defined
 
 
0.06CVE-2020-8517
02/04/2020$5k-$25k$0-$5kIBM Security Identity Manager Web UI cross site scritingNot Defined
 
 
0.00CVE-2019-4451
02/04/2020$0-$5k$0-$5kdot-prop Remote Code ExecutionNot Defined
 
 
0.06CVE-2020-8116
02/04/2020$0-$5k$0-$5kNanopb realloc out-of-bounds readNot Defined
 
 
0.00CVE-2020-5235
02/04/2020$0-$5k$0-$5kMiniSNMPD Connection out-of-bounds writeNot Defined
 
 
0.00CVE-2020-6060
02/04/2020$0-$5k$0-$5kSamsung Mobile Phone Hypervisor EL2 out-of-bounds writeNot Defined
 
 
0.05CVE-2019-19273
02/04/2020$0-$5k$0-$5kNextcloud Server Workflow Rule input validationNot Defined
 
 
0.08CVE-2019-15613
02/04/2020$0-$5k$0-$5kim-resize index.js injectionNot Defined
 
 
0.00CVE-2019-10787
02/04/2020$0-$5k$0-$5knetwork-manager execSync input validationNot Defined
 
 
0.00CVE-2019-10786
02/04/2020$0-$5k$0-$5kim-metadata injectionNot Defined
 
 
0.06CVE-2019-10788
02/04/2020$0-$5k$0-$5kurl-parse Security Check input validationNot Defined
 
 
0.00CVE-2020-8124
02/04/2020$0-$5k$0-$5kklona input validationNot Defined
 
 
0.00CVE-2020-8125
02/04/2020$0-$5k$0-$5kSysJust Syuan-Gu-Da-Shih server-side request forgeryNot Defined
 
 
0.00CVE-2020-3938
02/04/2020$0-$5k$0-$5kNextcloud Server Calendar Application server-side request forgeryNot Defined
 
 
0.05CVE-2020-8118
02/04/2020$0-$5k$0-$5kNextcloud Server Expiration Date access controlNot Defined
 
 
0.07CVE-2020-8122
02/04/2020$0-$5k$0-$5kCircles App Email Address improper authorizationNot Defined
 
 
0.00CVE-2019-15610
02/04/2020$0-$5k$0-$5kNextcloud Server Share permissionsNot Defined
 
 
0.00CVE-2019-15621
02/04/2020$0-$5k$0-$5kNextcloud Server Group Admin input validationNot Defined
 
 
0.00CVE-2019-15624
02/04/2020$0-$5k$0-$5kNextcloud Server improper authenticationNot Defined
 
 
0.00CVE-2019-15617
02/04/2020$0-$5k$0-$5kSysJust Syuan-Gu-Da-Shih sql injectionNot Defined
 
 
0.08CVE-2020-3937
02/04/2020$0-$5k$0-$5kMariaDB privileges managementNot Defined
 
 
0.03CVE-2020-7221
02/04/2020$0-$5k$0-$5kNextCloud DNS crlf injectionNot Defined
 
 
0.05CVE-2019-15616
02/04/2020$0-$5k$0-$5kMiniSNMPD SNMP Packet out-of-bounds readNot Defined
 
 
0.00CVE-2020-6058
02/04/2020$0-$5k$0-$5kMiniSNMPD SNMP Packet out-of-bounds readNot Defined
 
 
0.00CVE-2020-6059
02/04/2020$0-$5k$0-$5kNextcloud Server Lookup Server information disclosureNot Defined
 
 
0.00CVE-2019-15623
02/04/2020$0-$5k$0-$5kNextcloud Server Permission insufficient permissions or privilegesNot Defined
 
 
0.00CVE-2020-8117
02/04/2020$0-$5k$0-$5kNextcloud Server Preview improper authorizationNot Defined
 
 
0.08CVE-2020-8119
02/04/2020$0-$5k$0-$5kphppgadmin database.php cross-site request forgeryNot Defined
 
 
0.06CVE-2019-10784
02/04/2020$0-$5k$0-$5kNextcloud Server access controlNot Defined
 
 
0.09CVE-2020-8121
02/04/2020$0-$5k$0-$5kRevive Adserver afr.php Reflected cross site scriptingNot Defined
 
 
0.06CVE-2020-8115
02/04/2020$0-$5k$0-$5kNextcloud App information disclosureNot Defined
 
 
0.00CVE-2019-15611
02/04/2020$0-$5k$0-$5kNextcloud Server svg Generation Reflected cross site scriptingNot Defined
 
 
0.00CVE-2020-8120
02/04/2020$0-$5k$0-$5kSysJust Syuan-Gu-Da-Shih cross site scriptingNot Defined
 
 
0.05CVE-2020-3939
02/04/2020$0-$5k$0-$5kTutor LMS Plugin cross-site request forgeryNot Defined
 
 
0.00CVE-2020-8615
02/04/2020$0-$5k$0-$5kPython ZIP zipfile.py resource consumptionNot Defined
 
 
0.06CVE-2019-9674
02/04/2020$0-$5k$0-$5kNextcloud Talk Access Control improper authenticationNot Defined
 
 
0.00CVE-2019-15620
02/04/2020$0-$5k$0-$5kNextcloud App cross site scriptingNot Defined
 
 
0.00CVE-2019-15614
02/04/2020$0-$5k$0-$5kPandoraFMS Agent Management/Report Builder/Graph Builder cross site scriptingNot Defined
 
 
0.00CVE-2019-19968

Do you know our Splunk app?

Download it now for free!