CNA 2017

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined64
Itech14
Elefant8
TrueConf8
Solare7

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Hindu Matrimonial Script15
PHPList8
Elefant CMS8
TrueConf Server8
Solare Solar-Log7

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix95
Temporary Fix0
Workaround0
Unavailable39
Not Defined39

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept91
Unproven0
Not Defined82

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local16
Adjacent17
Network140

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High2
Low132
None39

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required65
None108

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤310
≤443
≤529
≤626
≤748
≤813
≤93
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k42
<2k96
<5k35
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
258621Zimbra zm-admin-ajax Form Textbox Field Error XFormItem.js XFormItem.prototype.setError cross site scriptingVulDBVulDB03/29/202403/29/2024CVE-2017-20191
 
accepted
249421Zimbra zm-ajax XFormItem.js XFormItem.prototype.setError cross site scriptingVulDBVulDB12/31/202301/22/2024CVE-2017-20188
 
accepted
244482Magnesium-PHP Base.php formatEmailString injectionVulDBVulDB11/04/202312/02/2023CVE-2017-20187
 
accepted
238156nikooo777 ckSurf Spectator List Name misc.sp SpecListMenuDead denial of serviceVulDBVulDB08/26/202309/20/2023CVE-2017-20186
 
accepted
230669Fuzzy SWMP GET Parameter swmp.php cross site scriptingVulDBVulDB06/04/202306/30/2023CVE-2017-20185
 
accepted
227950External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scriptingVulDBVulDB05/03/202305/27/2023CVE-2017-20183
 
accepted
222611Mobile Vikings Django AJAX Utilities Backslash pagination.js Pagination cross site scriptingVulDBVulDB03/08/202304/01/2023CVE-2017-20182
 
accepted
222328hgzojer Vocable Trainer VocableTrainerProvider.java path traversalVulDBVulDB03/04/202303/31/2023CVE-2017-20181
 
accepted
222318Zerocoin libzerocoin Proof CoinSpend.cpp CoinSpend data authenticityVulDBVulDB03/04/202303/31/2023CVE-2017-20180
 
accepted
221507InSTEDD Pollit tour_controller.rb TourController Privilege EscalationVulDBVulDB02/19/202303/23/2023CVE-2017-20179
 
accepted
221498Codiad process.php saveJSON information disclosureVulDBVulDB02/19/202303/23/2023CVE-2017-20178
 
accepted
220214WangGuard Plugin WGG User List wangguard-user-info.php wangguard_users_info cross site scriptingVulDBVulDB02/05/202303/05/2023CVE-2017-20177
 
accepted
220204ciubotaru share-on-diaspora new_window.php cross site scriptingVulDBVulDB02/04/202303/05/2023CVE-2017-20176
 
accepted
220203DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scriptingVulDBVulDB02/04/202303/05/2023CVE-2017-20175
 
accepted
218894bastianallgeier Kirby Webmentions Plugin injectionVulDBVulDB01/18/202302/15/2023CVE-2017-20174
 
accepted
218492AlexRed contentmap contentmap.php Load sql injectionVulDBVulDB01/17/202302/09/2023CVE-2017-20173
 
accepted
218490ridhoq soundslike songs.py get_song_relations sql injectionVulDBVulDB01/17/202302/09/2023CVE-2017-20172
 
accepted
218457PrivateSky apersistence mysqlUtils.js sql injectionVulDBVulDB01/16/202302/09/2023CVE-2017-20171
 
accepted
218418ollpu parontalli index.php sql injectionVulDBVulDB01/16/202302/08/2023CVE-2017-20170
 
accepted
218306GGGGGGGG ToN-MasterServer svr_request_pub.php sql injectionVulDBVulDB01/13/202302/07/2023CVE-2017-20169
 
accepted
218006jfm-so piWallet api.php sql injectionVulDBVulDB01/11/202302/01/2023CVE-2017-20168
 
accepted
217785Minichan reports.php cross site scriptingVulDBVulDB01/10/202301/31/2023CVE-2017-20167
 
accepted
217665debug-js debug node.js useColors redosVulDBVulDB01/09/202301/30/2023CVE-2017-20165
 
accepted
217626Symbiote Seed Login SecurityLoginExtension.php onBeforeSecurityLogin redirectVulDBVulDB01/07/202301/30/2023CVE-2017-20164
 
accepted
217516Red Snapper NView Session.php mutate sql injectionVulDBVulDB01/05/202301/29/2023CVE-2017-20163
 
accepted
217451vercel ms index.js parse redosVulDBVulDB01/05/202301/28/2023CVE-2017-20162
 
accepted
217188rofl0r MacGeiger ESSID macgeiger.c dump_wlan_at injectionVulDBVulDB01/02/202301/26/2023CVE-2017-20161
 
accepted
217149flitto express-param fetchParams.js parameter pollutionVulDBVulDB12/31/202201/26/2023CVE-2017-20160
 
accepted
217142rf Keynote rumble.rb cross site scriptingVulDBVulDB12/31/202201/26/2023CVE-2017-20159
 
accepted
217141vova07 Yii2 FileAPI Widget UploadAction.php run cross site scriptingVulDBVulDB12/31/202201/26/2023CVE-2017-20158
 
accepted
217140Ariadne Component Library Url.php server-side request forgeryVulDBVulDB12/31/202201/26/2023CVE-2017-20157
 
accepted
217139Exciting Printer Argument prepare_page.rb command injectionVulDBVulDB12/31/202201/26/2023CVE-2017-20156
 
accepted
217069Sterc Google Analytics Dashboard for MODX Internal Search widget.analytics.tpl cross site scriptingVulDBVulDB12/30/202201/26/2023CVE-2017-20155
 
accepted
217068ghostlander Phoenixcoin main.cpp accept denial of serviceVulDBVulDB12/30/202201/26/2023CVE-2017-20154
 
accepted
217057aerouk imageserve cross site scriptingVulDBVulDB12/30/202201/26/2023CVE-2017-20153
 
accepted
217056aerouk imageserve File viewer.php path traversalVulDBVulDB12/30/202201/26/2023CVE-2017-20152
 
accepted
217054iText RUPS XfaFile.java xml external entity referenceVulDBVulDB12/30/202201/26/2023CVE-2017-20151
 
accepted
216989challenge website sql injectionVulDBVulDB12/28/202201/25/2023CVE-2017-20150
 
accepted
105833The Next Generation of Genealogy Sitebuilding timeline2.php sql injectionVulDBVulDB08/29/201708/29/201712/16/2022CVE-2017-2001726
accepted
101974WEKA INTEREST Security Scanner Portscan memory allocationVulDBVulDB06/05/201712/07/2022CVE-2017-20016
 
accepted
101973WEKA INTEREST Security Scanner LAN Viewer denial of serviceVulDBVulDB06/05/201712/07/2022CVE-2017-20015
 
accepted
101972WEKA INTEREST Security Scanner Webspider denial of serviceVulDBVulDB06/05/201712/07/2022CVE-2017-20014
 
accepted
101971WEKA INTEREST Security Scanner Stresstest Configuration denial of serviceVulDBVulDB06/05/201712/07/2022CVE-2017-20013
 
accepted
101970WEKA INTEREST Security Scanner Stresstest Scheme denial of serviceVulDBVulDB06/05/201712/07/2022CVE-2017-20012
 
accepted
101969WEKA INTEREST Security Scanner HTTP denial of serviceVulDBVulDB06/05/201712/07/2022CVE-2017-20011
 
accepted
100950XAMPP Installer uncontrolled search pathVulDBVulDB05/09/201705/09/201712/06/2022CVE-2017-2001825
accepted
98935Solare Solar-Log Flash Memory privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20025
 
accepted
98934Solare Solar-Log denial of serviceVulDBVulDB03/28/201711/22/2022CVE-2017-20024
 
accepted
98933Solare Solar-Log Network Config privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20023
 
accepted
98932Solare Solar-Log information disclosureVulDBVulDB03/28/201711/22/2022CVE-2017-20022
 
accepted
98931Solare Solar-Log File Upload privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20021
 
accepted
98930Solare Solar-Log cross-site request forgeryVulDBVulDB03/28/201711/22/2022CVE-2017-20020
 
accepted
98929Solare Solar-Log Config information disclosureVulDBVulDB03/28/201711/22/2022CVE-2017-20019
 
accepted
98925HumHub privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20028
 
accepted
98924HumHub DOM cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20027
 
accepted
98923HumHub Reflected cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20026
 
accepted
98922PHPList Bounce Rule Persistent cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20036
 
accepted
98921PHPList Subscribe Persistent cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20035
 
accepted
98920PHPList List Name Persistent cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20034
 
accepted
98919PHPList Reflected cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20033
 
accepted
98918PHPList Subscription sql injectionVulDBVulDB03/28/201711/22/2022CVE-2017-20032
 
accepted
98917PHPList information disclosureVulDBVulDB03/28/201711/22/2022CVE-2017-20031
 
accepted
98916PHPList Sending Campain sql injectionVulDBVulDB03/28/201711/22/2022CVE-2017-20030
 
accepted
98915PHPList Edit Subscription index.php sql injectionVulDBVulDB03/28/201711/22/2022CVE-2017-20029
 
accepted
98914AXIS P1204/P3225/P3367/M3045/M3005/M3007 Web Interface access controlVulDBVulDB03/28/201711/22/2022CVE-2017-20050
 
accepted
98913AXIS P1204/P3225/P3367/M3045/M3005/M3007 CGI Script privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20049
 
accepted
98912AXIS P1204/P3225/P3367/M3045/M3005/M3007 Script Editor cross-site request forgeryVulDBVulDB03/28/201711/22/2022CVE-2017-20048
 
accepted
98911AXIS P1204/P3225/P3367/M3045/M3005/M3007 cross site scriptingVulDBVulDB03/28/201711/22/2022CVE-2017-20047
 
accepted
98910AXIS P1204/P3225/P3367/M3045/M3005/M3007 cross-site request forgeryVulDBVulDB03/28/201711/22/2022CVE-2017-20046
 
accepted
98908SICUNET Access Controller Password Storage cleartext storageVulDBVulDB03/28/201711/22/2022CVE-2017-20040
 
accepted
98907SICUNET Access Controller hard-coded passwordVulDBVulDB03/28/201711/22/2022CVE-2017-20039
 
accepted
98906SICUNET Access Controller card_scan_decoder.php privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20038
 
accepted
98905SICUNET Access Controller privileges managementVulDBVulDB03/28/201711/22/2022CVE-2017-20037
 
accepted
98214Ucweb UC Browser HTML URL ui layerVulDBVulDB03/17/201706/06/2022CVE-2017-20041
 
accepted
97864Navetti PricePoint cross-site request forgeryVulDBVulDB03/13/201706/06/2022CVE-2017-20045
 
accepted
97863Navetti PricePoint Reflected cross site scriptingVulDBVulDB03/13/201706/06/2022CVE-2017-20044
 
accepted
97862Navetti PricePoint Persistent cross site scriptingVulDBVulDB03/13/201706/06/2022CVE-2017-20043
 
accepted
97861Navetti PricePoint Blind sql injectionVulDBVulDB03/13/201706/06/2022CVE-2017-20042
 
accepted
97837InnoSetup Installer uncontrolled search pathVulDBVulDB03/11/201706/08/2022CVE-2017-20051
 
accepted
97822Python pgAdmin4 uncontrolled search pathVulDBVulDB03/11/201706/13/2022CVE-2017-20052
 
accepted
97389BestWebSoft Contact Form Plugin Stored cross site scriptingVulDBVulDB03/01/201706/13/2022CVE-2017-20055
 
accepted
97388XYZScripts Contact Form Manager Plugin cross site scriptingVulDBVulDB03/01/201706/13/2022CVE-2017-20054
 
accepted
97387XYZScripts Contact Form Manager Plugin cross-site request forgeryVulDBVulDB03/01/201706/13/2022CVE-2017-20053
 
accepted
97386weblizar User Login Log Plugin Stored cross site scriptingVulDBVulDB03/01/201706/13/2022CVE-2017-20056
 
accepted
97385Supsystic Popup Plugin cross-site request forgeryVulDBVulDB03/01/201706/18/2022CVE-2017-20065
 
accepted
97384Adminer Login access controlVulDBVulDB03/01/201706/18/2022CVE-2017-20066
 
accepted
97383VaultPress Plugin code injectionVulDBVulDB03/01/201706/19/2022CVE-2017-20086
 
accepted
97382Alpine PhotoTile for Instagram Plugin cross site scriptingVulDBVulDB03/01/201706/19/2022CVE-2017-20087
 
accepted
97381Google Analytics Dashboard Plugin cross site scriptingVulDBVulDB03/01/201706/23/2022CVE-2017-20092
 
accepted
97380Atahualpa Theme cross-site request forgeryVulDBVulDB03/01/201706/19/2022CVE-2017-20088
 
accepted
97379Gwolle Guestbook Plugin cross site scriptingVulDBVulDB03/01/201706/19/2022CVE-2017-20089
 
accepted
97378Global Content Blocks Plugin cross-site request forgeryVulDBVulDB03/01/201706/19/2022CVE-2017-20090
 
accepted
97377File Manager Plugin cross-site request forgeryVulDBVulDB03/01/201706/19/2022CVE-2017-20091
 
accepted
97375Atahualpa Theme cross site scriptingVulDBVulDB03/01/201706/19/2022CVE-2017-20085
 
accepted
97374Download Manager Plugin cross-site request forgeryVulDBVulDB03/01/201706/23/2022CVE-2017-20093
 
accepted
97373NewStatPress Plugin Persistent cross site scriptingVulDBVulDB03/01/201706/23/2022CVE-2017-20094
 
accepted
97372Simple Ads Manager Plugin code injectionVulDBVulDB03/01/201706/23/2022CVE-2017-20095
 
accepted
97371WP-SpamFree Anti-Spam Plugin cross site scriptingVulDBVulDB03/01/201706/23/2022CVE-2017-20096
 
accepted
97370WP-Filebase Download Manager Plugin cross site scriptingVulDBVulDB03/01/201706/23/2022CVE-2017-20097
 
accepted
97368Admin Custom Login Plugin Persistent cross site scriptingVulDBVulDB03/01/201706/25/2022CVE-2017-20098
 
accepted

73 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 73 results.

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!