CNA 2010

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Acritum1
Stars Alliance1
frioux1
simplesamlphp1
lierdakil1

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Acritum Femitter Server1
Stars Alliance PsychoStats1
frioux ptome1
simplesamlphp simplesamlphp-module-openidprovider1
lierdakil click-reminder1

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix10
Temporary Fix0
Workaround0
Unavailable0
Not Defined1

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined9

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local0
Adjacent4
Network7

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High0
Low8
None3

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required5
None6

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤31
≤44
≤51
≤64
≤71
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k2
<2k9
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
250446Acritum Femitter Server path traversalVulDBVulDB01/11/202401/30/2024CVE-2010-10011
 
accepted
230265Stars Alliance PsychoStats login.php cross site scriptingVulDBVulDB05/30/202306/24/2023CVE-2010-10010
 
accepted
218519frioux ptome sql injectionVulDBVulDB01/17/202302/09/2023CVE-2010-10009
 
accepted
218473simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scriptingVulDBVulDB01/17/202302/09/2023CVE-2010-10008
 
accepted
218465lierdakil click-reminder BaseAction.php db_query sql injectionVulDBVulDB01/17/202302/09/2023CVE-2010-10007
 
accepted
218460michaelliao jopenid OpenIdManager.java getAuthentication timing discrepancyVulDBVulDB01/17/202302/09/2023CVE-2010-10006
 
accepted
218392msmania poodim Command Line Argument stack-based overflow [False-Positive]VulDBVulDB01/15/202302/07/2023CVE-2010-10005
 
revoked
217661Information Cards Module cross site scriptingVulDBVulDB01/09/202301/30/2023CVE-2010-10004
 
accepted
217351gesellix titlelink plugin_content_title.php sql injectionVulDBVulDB01/04/202301/28/2023CVE-2010-10003
 
accepted
217170SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scriptingVulDBVulDB01/01/202301/26/2023CVE-2010-10002
 
accepted
4143Shemes GrabIt NZB Date Parser denial of serviceVulDBVulDB07/08/201001/28/2022CVE-2010-10001
 
accepted

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!