|
257151
|
9.8 |
CRITICAL
Network
|
mybb
|
merge_system
mybb
|
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspe…
|
CWE-89
SQL Injection
|
CVE-2016-9416
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257152
|
7.5 |
HIGH
Network
|
mybb
|
merge_system
mybb
|
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."
|
CWE-284
Improper Access Control
|
CVE-2016-9415
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257153
|
7.5 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload director…
|
CWE-200
Information Exposure
|
CVE-2016-9414
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257154
|
6.5 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-9413
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257155
|
9.8 |
CRITICAL
Network
|
mybb
|
mybb
merge_system
|
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
|
CWE-284
Improper Access Control
|
CVE-2016-9412
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257156
|
5.3 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.
|
CWE-200
Information Exposure
|
CVE-2016-9411
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257157
|
7.5 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.
|
CWE-200
Information Exposure
|
CVE-2016-9410
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257158
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9409
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257159
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9408
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257160
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9407
|
2024-11-21 12:01 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
