Lucene search
K

52 matches found

NVD
NVD
added 2017/01/31 10:59 p.m.18 views

CVE-2016-9420

MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives."...

9.8CVSS9.6AI score0.02563EPSS
Exploits0References4
OSV
OSV
added 2017/01/31 10:59 p.m.5 views

CVE-2016-9419

Cross-site scripting XSS vulnerability in the Admin control panel in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01041EPSS
Exploits0References4
OSV
OSV
added 2017/01/31 10:59 p.m.6 views

CVE-2016-9409

Cross-site scripting XSS vulnerability in the Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs...

6.1CVSS5.9AI score0.01273EPSS
Exploits0References4
OSV
OSV
added 2017/01/31 10:59 p.m.5 views

CVE-2016-9416

SQL injection vulnerability in the users data handler in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

9.8CVSS6.1AI score0.02116EPSS
Exploits0References4
NVD
NVD
added 2017/01/31 10:59 p.m.15 views

CVE-2016-9416

SQL injection vulnerability in the users data handler in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

9.8CVSS9.9AI score0.02116EPSS
Exploits0References4
NVD
NVD
added 2017/01/31 10:59 p.m.17 views

CVE-2016-9406

Cross-site scripting XSS vulnerability in the User control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.01273EPSS
Exploits0References4
Prion
Prion
added 2017/01/31 10:59 p.m.13 views

Design/Logic Flaw

MyBB aka MyBulletinBoard before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files...

5CVSS7.1AI score0.02247EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 10:59 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs...

4.3CVSS6.1AI score0.01271EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 10:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login...

4.3CVSS6.1AI score0.01271EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 10:59 p.m.11 views

Server side request forgery (ssrf)

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

5.8CVSS7.3AI score0.01651EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 10:59 p.m.13 views

Code injection

MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy...

7.5CVSS7.4AI score0.02168EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 10:59 p.m.15 views

Design/Logic Flaw

MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories...

5CVSS6.7AI score0.02283EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 10:59 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Admin control panel in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.2AI score0.01041EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2017/01/31 10:59 p.m.18 views

CVE-2015-8977

MyBB aka MyBulletinBoard before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files...

7.5CVSS7.4AI score0.02247EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/01/31 10:0 p.m.23 views

CVE-2015-8973

xmlhttp.php in MyBB aka MyBulletinBoard before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password...

8.1AI score0.01631EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/01/31 10:0 p.m.20 views

CVE-2016-9412

MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy...

9.7AI score0.02168EPSS
Exploits0References4
CVE
CVE
added 2017/01/31 10:0 p.m.39 views

CVE-2015-8977

CVE-2015-8977 affects MyBB (MyBulletinBoard) versions prior to 1.6.18 and 1.8.x prior to 1.8.6, plus the MyBB Merge System before 1.8.6. The issue allows remote attackers to disclose the installation path via vectors involving error log files, resulting in information disclosure. Root cause, as s...

7.5CVSS7.3AI score0.02247EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2017/01/31 10:0 p.m.22 views

CVE-2016-9403

newreply.php in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check...

9.7AI score0.02563EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/01/31 10:0 p.m.18 views

CVE-2016-9409

Cross-site scripting XSS vulnerability in the Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs...

6.2AI score0.01273EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/01/31 10:0 p.m.21 views

CVE-2016-9417

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

7.4AI score0.01651EPSS
Exploits0References4
Rows per page
Query Builder