CNA 2016

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined	7
NUUO	1
go4rayyan	1
Deis	1
Doc2k	1

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

NUUO NVRmini 2	1
go4rayyan Scumblr	1
Deis Workflow Manager	1
Doc2k RE-Chat	1
Dynacase Webdesk	1

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix	32
Temporary Fix	0
Workaround	0
Unavailable	1
Not Defined	2

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High	0
Functional	0
Proof-of-Concept	2
Unproven	0
Not Defined	33

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined	0
Physical	0
Local	3
Adjacent	13
Network	19

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined	0
High	2
Low	27
None	6

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined	0
Required	11
None	24

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤1	0
≤2	1
≤3	3
≤4	12
≤5	3
≤6	11
≤7	2
≤8	3
≤9	0
≤10	0

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k	7
<2k	25
<5k	3
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

ID	Vulnerability	Scope	Responsible	Submission	Created	Updated	CVE	Submit	CNA
258780	NUUO NVRmini 2 deletefile.php path traversal	VulDB	VulDB		03/30/2024	03/30/2024	CVE-2016-15038		accepted
251570	go4rayyan Scumblr Task cross site scripting	VulDB	VulDB		01/19/2024	02/15/2024	CVE-2016-15037		accepted
248847	Deis Workflow Manager race condition	VulDB	VulDB		12/22/2023	01/18/2024	CVE-2016-15036		accepted
238155	Doc2k RE-Chat re_chat.js cross site scripting	VulDB	VulDB		08/26/2023	09/20/2023	CVE-2016-15035		accepted
233366	Dynacase Webdesk freedomrss_search.php freedomrss_search sql injection	VulDB	VulDB		07/08/2023	07/26/2023	CVE-2016-15034		accepted
230391	mback2k mh_httpbl Extension class.tx_mhhttpbl.php stopOutput cross site scripting	VulDB	VulDB		05/31/2023	06/25/2023	CVE-2016-15032		accepted
228022	PHP-Login POST Parameter class.loginscript.php checkLogin sql injection	VulDB	VulDB		05/04/2023	05/27/2023	CVE-2016-15031		accepted
223803	Arno0x TwoFactorAuth login.php redirect	VulDB	VulDB		03/24/2023	04/14/2023	CVE-2016-15030		accepted
223402	Ydalb mapicoin stats.php cross site scripting	VulDB	VulDB		03/19/2023	04/12/2023	CVE-2016-15029		accepted
222847	ICEPAY REST-API-NET Checksum Validation RestClient.cs RestClient integrity check	VulDB	VulDB		03/11/2023	04/04/2023	CVE-2016-15028		accepted
221496	meta4creations Post Duplicator Plugin notices.php mtphr_post_duplicator_notice cross site scripting	VulDB	VulDB		02/19/2023	03/23/2023	CVE-2016-15027		accepted
221486	3breadt dd-plist xml external entity reference	VulDB	VulDB		02/18/2023	03/23/2023	CVE-2016-15026		accepted
221484	generator-hottowel 404 Error _app.js cross site scripting	VulDB	VulDB		02/18/2023	03/23/2023	CVE-2016-15025		accepted
221478	doomsider shadow denial of service	VulDB	VulDB		02/18/2023	03/23/2023	CVE-2016-15024		accepted
219765	SiteFusion Application Server Extension getextension.php path traversal	VulDB	VulDB		01/30/2023	02/25/2023	CVE-2016-15023		accepted
219715	mosbth cimage check_system.php cross site scripting	VulDB	VulDB		01/28/2023	02/25/2023	CVE-2016-15022		accepted
218429	nickzren alsdb sql injection	VulDB	VulDB		01/16/2023	02/08/2023	CVE-2016-15021		accepted
218391	liftkit database Query.php processOrderBy sql injection	VulDB	VulDB		01/15/2023	02/07/2023	CVE-2016-15020		accepted
218375	tombh jekbox server.rb exposure of information through directory listing	VulDB	VulDB		01/14/2023	02/07/2023	CVE-2016-15019		accepted
218373	krail-jpa sql injection	VulDB	VulDB		01/14/2023	02/07/2023	CVE-2016-15018		accepted
217786	fabarea media_upload UploadFileService.php getUploadedFileList pathname traversal	VulDB	VulDB		01/10/2023	01/31/2023	CVE-2016-15017		accepted
217653	mrtnmtth joomla_mod_einsatz_stats helper.php getStatsByType sql injection	VulDB	VulDB		01/08/2023	01/30/2023	CVE-2016-15016		accepted
217650	viafintech Barzahlen Payment Module PHP SDK Webhook.php verify timing discrepancy	VulDB	VulDB		01/08/2023	01/30/2023	CVE-2016-15015		accepted
217633	CESNET theme-cesnet resetpassword.php insufficiently protected credentials	VulDB	VulDB		01/07/2023	01/30/2023	CVE-2016-15014		accepted
217628	ForumHulp searchresults listener.php list_keywords sql injection	VulDB	VulDB		01/07/2023	01/30/2023	CVE-2016-15013		accepted
217619	forcedotcom SalesforceMobileSDK-Windows QuerySpec.cs ComputeCountSql sql injection	VulDB	VulDB		01/07/2023	01/29/2023	CVE-2016-15012		accepted
217549	e-Contract dssp SignResponseVerifier.java checkSignResponse xml external entity reference	VulDB	VulDB		01/06/2023	01/29/2023	CVE-2016-15011		accepted
217441	University of Cambridge django-ucamlookup Lookup cross site scripting	VulDB	VulDB		01/05/2023	01/28/2023	CVE-2016-15010		accepted
217440	OpenACS bug-tracker Search nav-bar.adp cross-site request forgery	VulDB	VulDB		01/05/2023	01/28/2023	CVE-2016-15009		accepted
217355	oxguy3 coebot-www channel.js showChannelBoir cross site scripting	VulDB	VulDB		01/04/2023	01/28/2023	CVE-2016-15008		accepted
217195	Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection	VulDB	VulDB		01/02/2023	01/27/2023	CVE-2016-15007		accepted
217181	enigmaX Scrambling Table main.c getSeed prng seed	VulDB	VulDB		01/02/2023	01/26/2023	CVE-2016-15006		accepted
98355	MONyog Ultimate Cookie privileges management	VulDB	VulDB	03/21/2017	03/22/2017	11/14/2022	CVE-2016-15002	22	accepted
97204	FileZilla Client Installer uninstall.exe unquoted search path	VulDB	VulDB		02/22/2017	07/16/2022	CVE-2016-15003		accepted
96073	InfiniteWP Client Plugin injection	VulDB	VulDB		01/27/2017	11/04/2022	CVE-2016-15004		accepted

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!