Exploits 11/16/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
11/16/2020$5k-$25k$5k-$25kCitrix Virtual Apps/XenDesktop os command injectionNot Defined
 
 
0.00CVE-2020-8270
11/16/2020$5k-$25k$5k-$25kCitrix Virtual Apps/XenDesktop access controlNot Defined
 
 
0.29CVE-2020-8269
11/16/2020$5k-$25k$0-$5kCitrix SD-WAN Center os command injectionNot Defined
 
 
0.06CVE-2020-8273
11/16/2020$5k-$25k$0-$5kCitrix SD-WAN Center path traversalNot Defined
 
 
0.00CVE-2020-8271
11/16/2020$5k-$25k$0-$5kIBM Sterling B2B Integrator Standard Edition Privileges access controlNot Defined
 
 
0.05CVE-2020-4700
11/16/2020$5k-$25k$0-$5kIBM Sterling File Gateway sql injectionNot Defined
 
 
0.06CVE-2020-4647
11/16/2020$5k-$25k$0-$5kIBM Sterling B2B Integrator Standard Edition sql injectionNot Defined
 
 
0.00CVE-2020-4655
11/16/2020$5k-$25k$0-$5kCitrix SD-WAN Center improper authenticationNot Defined
 
 
0.17CVE-2020-8272
11/16/2020$5k-$25k$0-$5kIBM Sterling File Gateway information exposureNot Defined
 
 
0.00CVE-2020-4476
11/16/2020$5k-$25k$0-$5kIBM Sterling File Gateway Authorization Token missing secure attributeNot Defined
 
 
0.00CVE-2020-4763
11/16/2020$5k-$25k$0-$5kIBM Sterling File Gateway Authorization Token missing secure attributeNot Defined
 
 
0.00CVE-2020-4665
11/16/2020$5k-$25k$0-$5kIBM Sterling B2B Integrator Standard Edition log fileNot Defined
 
 
0.00CVE-2020-4671
11/16/2020$5k-$25k$0-$5kIBM Sterling B2B Integrator Standard Edition information exposureNot Defined
 
 
0.05CVE-2020-4475
11/16/2020$5k-$25k$0-$5kIBM Sterling B2B Integrator Standard Edition Dashboard UI information disclosureNot Defined
 
 
0.00CVE-2020-4692
11/16/2020$5k-$25k$0-$5kIBM Sterling B2B Integrator Standard Edition log fileNot Defined
 
 
0.00CVE-2020-4566
11/16/2020$0-$5k$0-$5kIBM Business Automation Workflow Web UI cross site scriptingNot Defined
 
 
0.05CVE-2020-4672
11/16/2020$0-$5k$0-$5kIBM Sterling B2B Integrator Standard Edition Web UI cross site scriptingNot Defined
 
 
0.00CVE-2020-4705
11/16/2020$0-$5k$0-$5kQNAP QTS command injectionNot Defined
 
 
0.00CVE-2020-2490
11/16/2020$0-$5k$0-$5kInfiniteWP Admin Panel Password resetPasswordSendMail weak password recoveryNot Defined
 
 
0.07CVE-2020-28642
11/16/2020$0-$5k$0-$5kJetBrains ToolBox Browser Protocol Remote Privilege EscalationNot Defined
 
 
0.06CVE-2020-25207
11/16/2020$0-$5k$0-$5kAnuko Time Tracker weak password recoveryNot Defined
 
 
0.07CVE-2020-27422
11/16/2020$0-$5k$0-$5kFirebase util DeepCopy.ts deepExtend code injectionNot Defined
 
 
0.06CVE-2020-7765
11/16/2020$0-$5k$0-$5kcontrolled-merge Prototype code injectionNot Defined
 
 
0.00CVE-2020-28268
11/16/2020$0-$5k$0-$5kXooNIps deserializationNot Defined
 
 
0.08CVE-2020-5664
11/16/2020$0-$5k$0-$5kGila CMS unrestricted uploadNot Defined
 
 
0.00CVE-2020-28692
11/16/2020$0-$5k$0-$5kWPBakery XSS Protection Mechanism kses_remove_filters protection mechanism failureNot Defined
 
 
0.06CVE-2020-28650
11/16/2020$0-$5k$0-$5kAvideo import.json.php access controlNot Defined
 
 
0.07CVE-2020-23489
11/16/2020$0-$5k$0-$5kPostgreSQL permissionNot Defined
 
 
0.35CVE-2020-25695
11/16/2020$0-$5k$0-$5kNagios XI Auto-Discovery input validationNot Defined
 
 
0.06CVE-2020-28648
11/16/2020$0-$5k$0-$5kPHPGurukul User Registration & Login/User Management System sql injectionProof-of-Concept
 
Link0.23CVE-2020-25952
11/16/2020$0-$5k$0-$5kLionWiki index.php file inclusionNot Defined
 
 
0.30CVE-2020-27191
11/16/2020$0-$5k$0-$5kJetBrains TeamCity Audit Record unknown vulnerabilityNot Defined
 
 
0.05CVE-2020-27628
11/16/2020$0-$5k$0-$5kJetBrains TeamCity Dependency unknown vulnerabilityNot Defined
 
 
0.06CVE-2020-27629
11/16/2020$0-$5k$0-$5kJetBrains YouTrack REST API access controlNot Defined
 
 
0.07CVE-2020-25209
11/16/2020$0-$5k$0-$5kQNAP QTS os command injectionNot Defined
 
 
0.06CVE-2020-2492
11/16/2020$0-$5k$0-$5kXooNIps sql injectionNot Defined
 
 
0.06CVE-2020-5659
11/16/2020$0-$5k$0-$5kIvanti Endpoint Manager alert_log.aspx sql injectionNot Defined
 
 
0.04CVE-2020-13769
11/16/2020$0-$5k$0-$5kJetBrains Ktor request smugglingNot Defined
 
 
0.00CVE-2020-26129
11/16/2020$0-$5k$0-$5kJetBrains YouTrack server-side request forgeryNot Defined
 
 
0.06CVE-2020-27626
11/16/2020$0-$5k$0-$5kJetBrains YouTrack Workflow Rule behavioral workflowNot Defined
 
 
0.04CVE-2020-25210
11/16/2020$0-$5k$0-$5kJetBrains YouTrack server-side request forgeryNot Defined
 
 
0.06CVE-2020-27624
11/16/2020$0-$5k$0-$5kJetBrains TeamCity URL injectionNot Defined
 
 
0.07CVE-2020-27627
11/16/2020$0-$5k$0-$5kNextcloud Server insufficiently protected credentialsNot Defined
 
 
0.08CVE-2020-8259
11/16/2020$0-$5k$0-$5korbisius-child-theme-creator orbisius_ctc_theme_editor_manage_file cross-site request forgeryNot Defined
 
 
0.04CVE-2020-28649
11/16/2020$0-$5k$0-$5kPostgreSQL Client Application downgradeNot Defined
 
 
0.06CVE-2020-25694
11/16/2020$0-$5k$0-$5kNextcloud Server insufficiently protected credentialsNot Defined
 
 
0.09CVE-2020-8152
11/16/2020$0-$5k$0-$5kVolkswagen Polo Discover Media Infotainment System insufficient verification of data authenticityNot Defined
 
 
0.33CVE-2020-28656
11/16/2020$0-$5k$0-$5kXooNIps cross site scriptingNot Defined
 
 
0.06CVE-2020-5662
11/16/2020$0-$5k$0-$5kXooNIps cross site scriptingNot Defined
 
 
0.06CVE-2020-5663
11/16/2020$0-$5k$0-$5kIvanti Endpoint Manager frm_splitfrm.aspx cross site scriptingNot Defined
 
 
0.05CVE-2020-13773

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!