|
273631
|
7.5 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-8977
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273632
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8976
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273633
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inj…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8975
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273634
|
10.0 |
CRITICAL
Network
|
mybb
|
mybb
merge_system
|
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remo…
|
CWE-89
SQL Injection
|
CVE-2015-8974
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273635
|
8.3 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to…
|
CWE-284
Improper Access Control
|
CVE-2015-8973
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273636
|
9.8 |
CRITICAL
Network
|
gnu
|
chess
|
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large inp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8972
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273637
|
7.8 |
HIGH
Local
|
debian
enlightenment
|
debian_linux
terminology
|
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
|
CWE-77
Command Injection
|
CVE-2015-8971
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273638
|
6.1 |
MEDIUM
Network
|
mustache.js_project
|
mustache.js
|
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8862
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273639
|
6.1 |
MEDIUM
Network
|
handlebars.js_project
|
handlebars.js
|
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8861
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273640
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
|
CWE-59
Link Following
|
CVE-2015-8860
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
