Updates August 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Windows63
ActionApps51
SolidState49
Apple iOS39
Apple iPadOS39

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix985
Temporary Fix0
Workaround4
Unavailable141
Not Defined944

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High52
Functional9
Proof-of-Concept979
Unproven77
Not Defined957

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤33
≤4122
≤5226
≤6347
≤7325
≤8815
≤9108
≤10128

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤329
≤4106
≤5369
≤6286
≤7798
≤8322
≤967
≤1097

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k308
<2k409
<5k751
<10k197
<25k209
<50k65
<100k114
≥100k21

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1370
<2k231
<5k249
<10k53
<25k118
<50k51
<100k2
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
08/17/20225.35.0Supasite admin_topics.php code injection(9): vulnerability_cwe, vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, exploit_price_0dayProof-of-ConceptNot Defined0.00CVE-2007-2185
08/17/20227.36.6Supasite admin_news.php memory corruption(8): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, advisory_urlProof-of-ConceptUnavailable0.10CVE-2007-2185
08/17/20227.36.6Supasite admin_mods.php memory corruption(8): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, advisory_urlProof-of-ConceptUnavailable0.16CVE-2007-2185
08/17/20225.35.0Supasite admin_auth_cookies.php code injection(9): vulnerability_cwe, vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, exploit_price_0dayProof-of-ConceptNot Defined0.23CVE-2007-2185
08/17/20224.34.3OneOrZero Helpdesk tupdate.php cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.23CVE-2007-5727
08/17/20226.36.3Dora Emlak kategorisirala.asp sql injection(7): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_aiNot DefinedNot Defined0.23CVE-2007-6140
08/17/20227.36.9Dora Emlak haber_detay.asp sql injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptNot Defined0.31CVE-2007-6140
08/17/20227.36.9TalkBack my-comments-display-tpl.php code injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptNot Defined0.34CVE-2007-6105
08/17/20227.36.6vSupport Integrated Ticket System vBSupport.php sql injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptOfficial Fix0.34CVE-2006-0517
08/17/20224.34.3AXIS 2100 Network Camera wizard_main_first.shtml cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.32CVE-2007-5212
08/17/20225.35.0Swmenu Component Local Privilege Escalation(7): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_aiProof-of-ConceptNot Defined0.31CVE-2007-1699
08/17/20224.74.2Joomla CMS cross site scripting(2): vulnerability_cvss2_nvd_basescore, source_cve_nvd_summaryProof-of-ConceptOfficial Fix0.29CVE-2007-4189
08/17/20224.74.2Joomla CMS content.php cross site scripting(2): vulnerability_cvss2_nvd_basescore, source_cve_nvd_summaryProof-of-ConceptOfficial Fix0.29CVE-2007-4189
08/17/20224.34.3X7 Chat upgradev1.php cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.34CVE-2007-5982
08/17/20227.37.3JiRos Banner System login_confirm.asp sql injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.34CVE-2007-6091
08/17/20227.36.6PhpBB Plus lang_admin_album.php code injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptOfficial Fix0.42CVE-2007-5100
08/17/20227.36.6PhpBB Plus lang_main_album.php code injection(1): source_exploitdbProof-of-ConceptOfficial Fix0.40CVE-2007-5100
08/17/20225.35.3PHP-Blogger information disclosure(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.40CVE-2007-4157
08/17/20224.34.1Fatwire Content Server Search cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptNot Defined0.39CVE-2007-5932
08/17/20224.34.1ELSEIF CMS usrdepot.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.40CVE-2007-5304
08/17/20225.35.0ELSEIF CMS usrarticles.php code injection(10): vulnerability_cwe, vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, exploit_price_0day, source_xforceProof-of-ConceptNot Defined0.53CVE-2007-5305
08/17/20224.34.1ELSEIF CMS fonctions.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.45CVE-2007-5304
08/17/20224.34.1ELSEIF CMS fonctions.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.44CVE-2007-5304
08/17/20224.34.1ELSEIF CMS coeurusr.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.39CVE-2007-5304
08/17/20224.34.1ELSEIF CMS commentaire.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.47CVE-2007-5304
08/17/20226.26.1Device42 CMDB WrImageResource.adx access control(1): software_nameNot DefinedOfficial Fix0.76CVE-2022-1401
08/17/20224.34.1ELSEIF CMS enregistrement.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.47CVE-2007-5304
08/17/20224.34.1ELSEIF CMS espaceperso.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.53CVE-2007-5304
08/17/20224.34.1ELSEIF CMS votes.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.48CVE-2007-5304
08/17/20224.34.1ELSEIF CMS adminforum.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.43CVE-2007-5304
08/17/20223.53.3ELSEIF CMS votesresultats.php cross site scripting(8): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, source_xforceProof-of-ConceptNot Defined0.42CVE-2007-5305
08/17/20226.56.2CMS Creamotion save_config.php code injection(1): source_xforceProof-of-ConceptNot Defined0.50CVE-2007-5298
08/17/20228.88.3IDMOS ia.php cross site scripting(1): source_xforceProof-of-ConceptNot Defined0.52CVE-2007-5889
08/17/202210.010.0Borland Interbase expand_filename2 memory corruption(2): vulnerability_cvss2_nvd_basescore, source_cve_nvd_summaryHighNot Defined0.52CVE-2007-5243
08/17/20227.36.4Borland Interbase jrd8_attach_database memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryHighOfficial Fix0.47CVE-2007-5243
08/17/20227.36.4Borland Interbase memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryHighOfficial Fix0.42CVE-2007-5243
08/17/20227.36.4Borland Interbase memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryHighOfficial Fix0.48CVE-2007-5243
08/17/20227.36.9phpwcms config_PHPLM.php code injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptNot Defined0.53CVE-2007-5185
08/17/20227.37.3mosMedia code injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.54CVE-2007-5362
08/17/20227.37.3mosMedia code injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.56CVE-2007-5362
08/17/20227.37.3NetClassifieds Mysql_db.php information disclosure(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.47CVE-2007-3354
08/17/20227.37.3NetClassifieds imageresizer.php information disclosure(4): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assigned, source_cve_nvd_summaryNot DefinedNot Defined0.52CVE-2007-3354
08/17/20227.37.3NetClassifieds imageresizer.php information disclosure(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.50CVE-2007-3354
08/17/20229.89.8Vonage Motorola Phone Adapter improper authentication(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_nvd_summaryNot DefinedNot Defined0.47CVE-2007-5791
08/17/20227.36.9Backupwordpress Plugin Reader.php code injection(1): source_xforceProof-of-ConceptNot Defined0.47CVE-2007-5800
08/17/20227.36.9Backupwordpress Plugin Writer.php code injection(1): source_xforceProof-of-ConceptNot Defined0.55CVE-2007-5800
08/17/20227.36.9Backupwordpress Plugin Predicate.php code injection(1): source_xforceProof-of-ConceptNot Defined0.48CVE-2007-5800
08/17/20223.33.2PcP-Guestbook faq.php path traversal(7): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_aiProof-of-ConceptNot Defined0.56CVE-2007-1933
08/17/20223.33.2PcP-Guestbook gb.php path traversal(7): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_aiProof-of-ConceptNot Defined0.45CVE-2007-1933
08/17/20223.33.2SkaDate online_list.php path traversal(8): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, source_xforceProof-of-ConceptNot Defined0.50CVE-2007-5299

2024 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!