|
267771
|
6.1 |
MEDIUM
Network
|
mybb
|
mybb
merge_system
|
Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inj…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8975
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267772
|
10.0 |
CRITICAL
Network
|
mybb
|
mybb
merge_system
|
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remo…
|
CWE-89
SQL Injection
|
CVE-2015-8974
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267773
|
8.3 |
HIGH
Network
|
mybb
|
mybb
merge_system
|
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to…
|
CWE-284
Improper Access Control
|
CVE-2015-8973
|
2024-11-21 11:39 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267774
|
9.8 |
CRITICAL
Network
|
gnu
|
chess
|
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large inp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8972
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267775
|
7.8 |
HIGH
Local
|
debian
enlightenment
|
debian_linux
terminology
|
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
|
CWE-77
Command Injection
|
CVE-2015-8971
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267776
|
6.1 |
MEDIUM
Network
|
mustache.js_project
|
mustache.js
|
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8862
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267777
|
6.1 |
MEDIUM
Network
|
handlebars.js_project
|
handlebars.js
|
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8861
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267778
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
|
CWE-59
Link Following
|
CVE-2015-8860
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267779
|
5.3 |
MEDIUM
Network
|
send_project
|
send
|
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-8859
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267780
|
7.5 |
HIGH
Network
|
uglifyjs_project
|
uglifyjs
|
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
|
CWE-399
Resource Management Errors
|
CVE-2015-8858
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
