Exploits 07/02/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
07/02/2020$0-$5k$0-$5kEverywhere CMS sql injectionNot Defined
 
 
0.09
07/02/2020$5k-$25k$5k-$25kApache Guacamole RDP memory corruptionNot Defined
 
 
0.00CVE-2020-9498
07/02/2020$5k-$25k$0-$5kApache Guacamole RDP information disclosureNot Defined
 
 
0.00CVE-2020-9497
07/02/2020$0-$5k$0-$5kUniFi Protect Command privilege escalationNot Defined
 
 
0.00CVE-2020-8188
07/02/2020$0-$5k$0-$5kRuby on Rails denial of serviceNot Defined
 
 
0.00CVE-2020-8185
07/02/2020$0-$5k$0-$5kNextcloud Deck Access Control Injection privilege escalationNot Defined
 
 
0.00CVE-2020-8179
07/02/2020$0-$5k$0-$5kkoa-shopify-auth enable_cookies cross site scriptingNot Defined
 
 
0.00CVE-2020-8176
07/02/2020$0-$5k$0-$5kRuby on Rails cross site request forgeryNot Defined
 
 
0.00CVE-2020-8166
07/02/2020$0-$5k$0-$5kRuby on Rails render Code Injection privilege escalationNot Defined
 
 
0.11CVE-2020-8163
07/02/2020$0-$5k$0-$5kRack Directory directory traversalNot Defined
 
 
0.00CVE-2020-8161
07/02/2020$0-$5k$0-$5kNexacro14-17 ExtCommonApiV13 Registry Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-7821
07/02/2020$0-$5k$0-$5kNexacro14-17 ExtCommonApiV13 Library API Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-7820
07/02/2020$0-$5k$0-$5kNginx Controller Kubernetes Package Download HTTP weak encryptionNot Defined
 
 
0.00CVE-2020-5911
07/02/2020$0-$5k$0-$5kNginx Controller NATS Messaging System weak authenticationNot Defined
 
 
0.00CVE-2020-5910
07/02/2020$0-$5k$0-$5kNginx Controller User Interface weak authenticationNot Defined
 
 
0.00CVE-2020-5909
07/02/2020$0-$5k$0-$5kPrestaShop Authentication Command privilege escalationNot Defined
 
 
0.11CVE-2020-4074
07/02/2020$0-$5k$0-$5kOctober Froala Richeditor Reflected cross site scriptingNot Defined
 
 
0.00CVE-2020-4061
07/02/2020$5k-$25k$0-$5kCisco Unified Communications Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2020-3282
07/02/2020$0-$5k$0-$5kLink Column Plugin Permission Stored cross site scriptingNot Defined
 
 
0.00CVE-2020-2219
07/02/2020$0-$5k$0-$5kHP ALM Quality Center Plugin Global Configuration weak encryptionNot Defined
 
 
0.00CVE-2020-2218
07/02/2020$0-$5k$0-$5kCompatibility Action Storage Plugin MongoDB Test Connection Reflected cross site scriptingNot Defined
 
 
0.00CVE-2020-2217
07/02/2020$0-$5k$0-$5kZephyr for JIRA Test Management Plugin Permission Check privilege escalationNot Defined
 
 
0.00CVE-2020-2216
07/02/2020$0-$5k$0-$5kZephyr for JIRA Test Management Plugin cross site request forgeryNot Defined
 
 
0.00CVE-2020-2215
07/02/2020$0-$5k$0-$5kZAP Pipeline Plugin CSP privilege escalationNot Defined
 
 
0.00CVE-2020-2214
07/02/2020$0-$5k$0-$5kWhite Source Plugin Global Configuration config.xml weak encryptionNot Defined
 
 
0.00CVE-2020-2213
07/02/2020$0-$5k$0-$5kGitHub Coverage Reporter Plugin Global Configuration weak encryptionNot Defined
 
 
0.00CVE-2020-2212
07/02/2020$0-$5k$0-$5kElasticBox Jenkins Kubernetes CI-CD Plugin YAML Parser Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-2211
07/02/2020$0-$5k$0-$5kStash Branch Parameter Plugin Credentials weak encryptionNot Defined
 
 
0.00CVE-2020-2210
07/02/2020$0-$5k$0-$5kJenkins TestComplete Support Plugin config.xml information disclosureNot Defined
 
 
0.00CVE-2020-2209
07/02/2020$0-$5k$0-$5kSlack Upload Plugin config.xml information disclosureNot Defined
 
 
0.00CVE-2020-2208
07/02/2020$0-$5k$0-$5kVncViewer Plugin checkVncServ Reflected cross site scriptingNot Defined
 
 
0.00CVE-2020-2207
07/02/2020$0-$5k$0-$5kVncRecorder Plugin checkVncServ Reflected cross site scriptingNot Defined
 
 
0.00CVE-2020-2206
07/02/2020$0-$5k$0-$5kVncRecorder Plugin Validation Endpoint checkVncServ Stored cross site scriptingNot Defined
 
 
0.00CVE-2020-2205
07/02/2020$0-$5k$0-$5kFortify on Demand Plugin Demand Endpoint privilege escalationNot Defined
 
 
0.00CVE-2020-2204
07/02/2020$0-$5k$0-$5kFortify on Demand Plugin Demand Endpoint cross site request forgeryNot Defined
 
 
0.00CVE-2020-2203
07/02/2020$0-$5k$0-$5kFortify on Demand Plugin Permission Check Credentials information disclosureNot Defined
 
 
0.00CVE-2020-2202
07/02/2020$0-$5k$0-$5kSonargraph Integration Plugin Stored cross site scriptingNot Defined
 
 
0.00CVE-2020-2201
07/02/2020$0-$5k$0-$5kLibRaw unpack_thumb.cpp memory corruptionNot Defined
 
 
0.00CVE-2020-15503
07/02/2020$5k-$25k$0-$5kDuckDuckGo App duckduckgo.com information disclosureNot Defined
 
 
0.00CVE-2020-15502
07/02/2020$0-$5k$0-$5kQEMU MemoryRegionOps NULL Pointer Dereference denial of serviceNot Defined
 
 
0.00CVE-2020-15469
07/02/2020$0-$5k$0-$5kTendermint Signature denial of serviceNot Defined
 
 
0.00CVE-2020-15091
07/02/2020$0-$5k$0-$5kPrestaShop Reflected cross site scriptingNot Defined
 
 
0.11CVE-2020-15083
07/02/2020$0-$5k$0-$5kPrestaShop Dashboard privilege escalationNot Defined
 
 
0.11CVE-2020-15082
07/02/2020$0-$5k$0-$5kPrestaShop index.php information disclosureNot Defined
 
 
0.11CVE-2020-15081
07/02/2020$0-$5k$0-$5kPrestaShop Release Archive information disclosureNot Defined
 
 
0.00CVE-2020-15080
07/02/2020$0-$5k$0-$5kPrestaShop Carrier Page/Module Manager/Module Positions privilege escalationNot Defined
 
 
0.00CVE-2020-15079
07/02/2020$0-$5k$0-$5kCodePeople Payment Form for PayPal Pro Plugin sql injectionNot Defined
 
 
0.00CVE-2020-14092
07/02/2020$0-$5k$0-$5kSynacor Zimbra Collaboration Suite WebMail Reflected cross site scriptingNot Defined
 
 
0.26CVE-2020-13653
07/02/2020$5k-$25k$0-$5kLedger Live RBF privilege escalationNot Defined
 
 
0.00CVE-2020-12119
07/02/2020$0-$5k$0-$5kPrestaShop Quick Access Item Name Stored cross site scriptingNot Defined
 
 
0.00CVE-2020-11074

Do you want to use VulDB in your project?

Use the official API to access entries easily!