|
273681
|
8.3 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to…
|
CWE-284
Improper Access Control
|
CVE-2015-8973
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273682
|
9.8 |
CRITICAL
Network
|
gnu
|
chess
|
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large inp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8972
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273683
|
7.8 |
HIGH
Local
|
debian
enlightenment
|
debian_linux
terminology
|
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
|
CWE-77
Command Injection
|
CVE-2015-8971
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273684
|
6.1 |
MEDIUM
Network
|
mustache.js_project
|
mustache.js
|
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8862
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273685
|
6.1 |
MEDIUM
Network
|
handlebars.js_project
|
handlebars.js
|
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8861
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273686
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
|
CWE-59
Link Following
|
CVE-2015-8860
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273687
|
5.3 |
MEDIUM
Network
|
send_project
|
send
|
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-8859
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273688
|
7.5 |
HIGH
Network
|
uglifyjs_project
|
uglifyjs
|
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
|
CWE-399
Resource Management Errors
|
CVE-2015-8858
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273689
|
9.8 |
CRITICAL
Network
|
uglifyjs_project
|
uglifyjs
|
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possi…
|
CWE-254
7PK - Security Features
|
CVE-2015-8857
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273690
|
6.1 |
MEDIUM
Network
|
openjsf
|
serve-index
|
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8856
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
