CNA 2013

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined9
fanzila4
Telecommunication Software3
BestWebSoft1
dd321

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

fanzila WebFinance4
Telecommunication Software SAMwin Contact Center S ...3
Exit Box Lite Plugin2
Exit Strategy Plugin2
EELV Newsletter Plugin1

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix28
Temporary Fix0
Workaround0
Unavailable0
Not Defined1

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined27

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local0
Adjacent10
Network19

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High0
Low20
None9

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required10
None19

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤31
≤46
≤56
≤610
≤76
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k1
<2k27
<5k1
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
230672Exit Box Lite Plugin wordpress-exit-box-lite.php information disclosureVulDBVulDB06/04/202306/30/2023CVE-2013-10030
 
accepted
230671Exit Box Lite Plugin wordpress-exit-box-lite.php exitboxadmin cross-site request forgeryVulDBVulDB06/04/202306/30/2023CVE-2013-10029
 
accepted
230660EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scriptingVulDBVulDB06/03/202306/30/2023CVE-2013-10028
 
accepted
230658Blogger Importer Plugin blogger-importer.php restart cross-site request forgeryVulDBVulDB06/03/202306/30/2023CVE-2013-10027
 
accepted
227765Mail Subscribe List Plugin index.php cross site scriptingVulDBVulDB04/30/202305/24/2023CVE-2013-10026
 
accepted
225266Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgeryVulDBVulDB04/07/202304/24/2023CVE-2013-10025
 
accepted
225265Exit Strategy Plugin exitpage.php information disclosureVulDBVulDB04/07/202304/24/2023CVE-2013-10024
 
accepted
225151Editorial Calendar Plugin edcal.php edcal_filter_where sql injectionVulDBVulDB04/06/202304/23/2023CVE-2013-10023
 
accepted
225002BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scriptingVulDBVulDB04/05/202304/22/2023CVE-2013-10022
 
accepted
222739dd32 Debug Bar Plugin class-debug-bar-queries.php render cross site scriptingVulDBVulDB03/10/202304/02/2023CVE-2013-10021
 
accepted
222609MMDeveloper A Forms Plugin a-forms.php cross site scriptingVulDBVulDB03/08/202304/01/2023CVE-2013-10020
 
accepted
221489OCLC-Research OAICat sql injectionVulDBVulDB02/18/202303/23/2023CVE-2013-10019
 
accepted
220057fanzila WebFinance save_contact.php sql injectionVulDBVulDB02/02/202303/04/2023CVE-2013-10018
 
accepted
220056fanzila WebFinance save_roles.php sql injectionVulDBVulDB02/02/202303/04/2023CVE-2013-10017
 
accepted
220055fanzila WebFinance save_taxes.php sql injectionVulDBVulDB02/02/202303/04/2023CVE-2013-10016
 
accepted
220054fanzila WebFinance save_Contract_Signer_Role.php sql injectionVulDBVulDB02/02/202303/04/2023CVE-2013-10015
 
accepted
218898oktora24 2moons sql injectionVulDBVulDB01/18/202302/15/2023CVE-2013-10014
 
accepted
218428Bricco Authenticator Plugin DBAuthenticator.java compare sql injectionVulDBVulDB01/16/202302/08/2023CVE-2013-10013
 
accepted
218388antonbolling clan7ups Login/Session sql injectionVulDBVulDB01/15/202302/07/2023CVE-2013-10012
 
accepted
218156aeharding classroom-engagement-system sql injectionVulDBVulDB01/12/202302/05/2023CVE-2013-10011
 
accepted
218007zerochplus thread.res.pl PrintResList cross site scriptingVulDBVulDB01/11/202302/01/2023CVE-2013-10010
 
accepted
217634DrAzraelTod pyChao __init__.py lesen sql injectionVulDBVulDB01/07/202301/30/2023CVE-2013-10009
 
accepted
217572sheilazpy eShop sql injectionVulDBVulDB01/06/202301/29/2023CVE-2013-10008
 
accepted
217269ethitter WP-Print-Friendly wp-print-friendly.php information disclosureVulDBVulDB01/03/202301/27/2023CVE-2013-10007
 
accepted
217171Ziftr primecoin bitcoinrpc.cpp HTTPAuthorized timing discrepancyVulDBVulDB01/01/202301/26/2023CVE-2013-10006
 
accepted
12790Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authenticationVulDBVulDB04/03/201405/24/2022CVE-2013-10004
 
accepted
12789Telecommunication Software SAMwin Contact Center Suite Database SAMwinLIBVB.dll getCurrentDBVersion sql injectionVulDBVulDB04/03/201405/24/2022CVE-2013-10003
 
accepted
12788Telecommunication Software SAMwin Contact Center Suite Credential SAMwinLIBVB.dll getCurrentDBVersion hard-coded credentialsVulDBVulDB04/03/201405/24/2022CVE-2013-10002
 
accepted
8900HTC One/Sense Mail Client certificate validationVulDBVulDB05/28/201305/17/2022CVE-2013-10001
 
accepted

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!