Exploits 04/08/2021info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
04/08/2021$25k-$100k$5k-$25kCisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruptionNot Defined
 
 
2.66CVE-2021-1459
04/08/2021$25k-$100k$5k-$25kIBM WebSphere Application Server server-side request forgeryNot Defined
 
 
0.81CVE-2021-20480
04/08/2021$25k-$100k$5k-$25kCisco SD-WAN vManage Software memory corruptionNot Defined
 
 
2.51CVE-2021-1479
04/08/2021$25k-$100k$5k-$25kCisco SD-WAN vManage Software memory corruptionNot Defined
 
 
2.29CVE-2021-1480
04/08/2021$5k-$25k$5k-$25kCisco Unified Communications Manager SOAP API Endpoint code injectionNot Defined
 
 
1.55CVE-2021-1362
04/08/2021$5k-$25k$5k-$25kCisco SD-WAN vManage Software memory corruptionNot Defined
 
 
1.40CVE-2021-1137
04/08/2021$5k-$25k$5k-$25kCisco Small Business RV Series Router Web-based Management Interface memory corruptionNot Defined
 
 
0.96CVE-2021-1472
04/08/2021$5k-$25k$5k-$25kCisco Small Business RV Series Router Web-based Management Interface memory corruptionNot Defined
 
 
1.40CVE-2021-1473
04/08/2021$5k-$25k$5k-$25kCisco Advanced Malware Protection/Immunet DLL Loader uncontrolled search pathNot Defined
 
 
1.26CVE-2021-1386
04/08/2021$5k-$25k$0-$5kClamAV Antivirus PDF Parser buffer overflowNot Defined
 
 
0.07CVE-2021-1405
04/08/2021$5k-$25k$0-$5kCisco Small Business RV Series Router Link Layer Discovery Protocol memory corruptionNot Defined
 
 
0.96CVE-2021-1251
04/08/2021$5k-$25k$0-$5kCisco Small Business RV Series Router Link Layer Discovery Protocol memory corruptionNot Defined
 
 
1.33CVE-2021-1308
04/08/2021$5k-$25k$0-$5kCisco Small Business RV Series Router Link Layer Discovery Protocol memory corruptionNot Defined
 
 
1.40CVE-2021-1309
04/08/2021$5k-$25k$0-$5kCisco RV340/RV340W/RV345/RV345P Web-based Management Interface deserializationNot Defined
 
 
1.25CVE-2021-1413
04/08/2021$5k-$25k$0-$5kCisco RV340/RV340W/RV345/RV345P Web-based Management Interface deserializationNot Defined
 
 
1.18CVE-2021-1414
04/08/2021$5k-$25k$0-$5kCisco RV340/RV340W/RV345/RV345P Web-based Management Interface deserializationNot Defined
 
 
1.18CVE-2021-1415
04/08/2021$5k-$25k$0-$5kCisco Umbrella Scheduled Report csv injectionNot Defined
 
 
1.63CVE-2021-1474
04/08/2021$5k-$25k$0-$5kCisco Umbrella Scheduled Report csv injectionNot Defined
 
 
1.04CVE-2021-1475
04/08/2021$5k-$25k$0-$5kCisco IOS XR CLI argument injectionNot Defined
 
 
1.26CVE-2021-1485
04/08/2021$5k-$25k$0-$5kFreeBSD Shared Memory Page use after freeNot Defined
 
 
2.06CVE-2021-29626
04/08/2021$5k-$25k$0-$5kFreeBSD Listening Socket accf_create use after freeNot Defined
 
 
1.69CVE-2021-29627
04/08/2021$5k-$25k$0-$5kCisco Webex Meetings Client Avatar access controlNot Defined
 
 
0.88CVE-2021-1467
04/08/2021$5k-$25k$0-$5kCisco Unified Communications Manager Self Care Portal improper authenticationNot Defined
 
 
1.32CVE-2021-1399
04/08/2021$5k-$25k$0-$5kCisco Unified Communications Manager file information disclosureNot Defined
 
 
1.33CVE-2021-1406
04/08/2021$5k-$25k$0-$5kCisco Unified Communications Manager Web-based Management Interface cross site scriptingNot Defined
 
 
1.32CVE-2021-1380
04/08/2021$5k-$25k$0-$5kCisco Unified Communications Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.81CVE-2021-1407
04/08/2021$5k-$25k$0-$5kCisco Unified Communications Manager Web-based Management Interface cross site scriptingNot Defined
 
 
1.03CVE-2021-1408
04/08/2021$5k-$25k$0-$5kCisco Unified Communications Manager Web-based Management Interface cross site scriptingNot Defined
 
 
1.40CVE-2021-1409
04/08/2021$5k-$25k$0-$5kCisco Webex Meetings cross site scritingNot Defined
 
 
1.18CVE-2021-1420
04/08/2021$5k-$25k$0-$5kCisco Unified Intelligence Center Web-based Management Interface cross site scriptingNot Defined
 
 
1.10CVE-2021-1463
04/08/2021$5k-$25k$0-$5kFreeBSD jail race conditionNot Defined
 
 
1.61CVE-2020-25584
04/08/2021$5k-$25k$0-$5kClamAV Antivirus Excel XLM Macro Parsing Module denial of serviceNot Defined
 
 
0.00CVE-2021-1252
04/08/2021$5k-$25k$0-$5kClamAV Antivirus parsing module denial of serviceNot Defined
 
 
0.30CVE-2021-1404
04/08/2021$0-$5k$0-$5kASUS GPUTweak II Physical Memory AsIO2_64.sys Remote Privilege EscalationNot Defined
 
 
0.07CVE-2021-28685
04/08/2021$0-$5k$0-$5kBackdoor.Win32.Small.n Service Port 1337 backdoorProof-of-Concept
 
Link0.81
04/08/2021$0-$5k$0-$5kVestaCP sudo Configuration bin access controlNot Defined
 
 
0.15CVE-2021-30462
04/08/2021$0-$5k$0-$5kFFmpeg libavcodec buffer overflowNot Defined
 
 
1.77CVE-2021-30123
04/08/2021$0-$5k$0-$5kGrav Admin Plugin access controlNot Defined
 
 
1.99CVE-2021-21425
04/08/2021$0-$5k$0-$5kLitespeed Technologies OpenLiteSpeed access controlProof-of-Concept
 
Link2.71CVE-2021-26758
04/08/2021$0-$5k$0-$5kTrojan.Win32.Sharer.h FTP Server backdoorProof-of-Concept
 
Link1.72
04/08/2021$0-$5k$0-$5kTrojan.Win32.Sharer.h HFS HTTP File Server buffer overflowProof-of-Concept
 
Link1.92CVE-2020-13432
04/08/2021$0-$5k$0-$5kBackdoor.Win32.Hupigon.das Service Port 8080 winserv.com backdoorProof-of-Concept
 
Link0.86
04/08/2021$0-$5k$0-$5kLearnsite Cookie index.aspx JudgIsAdmin access controlNot Defined
 
 
0.15CVE-2021-27522
04/08/2021$0-$5k$0-$5kDirectus Upload Directory unrestricted uploadNot Defined
 
 
1.48CVE-2021-29641
04/08/2021$0-$5k$0-$5kTrojan-Downloader.Win32.FraudLoad.xevn permissionProof-of-Concept
 
Link1.25
04/08/2021$0-$5k$0-$5kTrojan.Win32.Hosts2.yqf mlekaocYUmaae permissionProof-of-Concept
 
Link1.31
04/08/2021$0-$5k$0-$5kTrojan.Win32.Hotkeychick.d Sniperscan permissionProof-of-Concept
 
Link0.13
04/08/2021$0-$5k$0-$5kTrojan-Downloader.Win32.Genome.qiw tmp permissionProof-of-Concept
 
Link0.00
04/08/2021$0-$5k$0-$5kTrojan-Downloader.Win32.Genome.omht permissionProof-of-Concept
 
Link0.07
04/08/2021$0-$5k$0-$5kid-map Crate Clone clone clone_from double freeNot Defined
 
 
1.26CVE-2021-30455

Interested in the pricing of exploits?

See the underground prices here!