![]() |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106276 |
Categoría: | Web application abuses |
Título: | MyBB < 1.8.7 Multiple Vulnerabilities |
Resumen: | MyBB is prone to multiple vulnerabilities. |
Descripción: | Summary: MyBB is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Possible SQL Injection in moderation tool - Missing permission check in newreply.php - Possible XSS Injection on login - Possible XSS Injection in member validation - Possible XSS Injection in User CP - Possible XSS Injection in Mod CP logs - Possible XSS Injection when editing users in Mod CP - Possible XSS Injection when pruning logs in ACP - Possibility of retrieving database details through templates - Disclosure of ACP path when sending mails from ACP - Low adminsid & sid entropy - Clickjacking in ACP - Missing directory listing protection in upload directories Vulnerability Impact: The impact range from an authenticated attacker may be able to inject SQL commands or execute an arbitrary script on the user's web browser. Affected Software/OS: MyBB version 1.8.6 and prior. Solution: Update to version 1.8.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-9402 BugTraq ID: 94395 http://www.securityfocus.com/bid/94395 http://www.openwall.com/lists/oss-security/2016/11/10/8 http://www.openwall.com/lists/oss-security/2016/11/18/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-9403 Common Vulnerability Exposure (CVE) ID: CVE-2016-9404 Common Vulnerability Exposure (CVE) ID: CVE-2016-9405 Common Vulnerability Exposure (CVE) ID: CVE-2016-9406 Common Vulnerability Exposure (CVE) ID: CVE-2016-9407 Common Vulnerability Exposure (CVE) ID: CVE-2016-9408 Common Vulnerability Exposure (CVE) ID: CVE-2016-9409 Common Vulnerability Exposure (CVE) ID: CVE-2016-9410 Common Vulnerability Exposure (CVE) ID: CVE-2016-9411 Common Vulnerability Exposure (CVE) ID: CVE-2016-9412 Common Vulnerability Exposure (CVE) ID: CVE-2016-9413 Common Vulnerability Exposure (CVE) ID: CVE-2016-9414 |
Copyright | Copyright (C) 2016 Greenbone AG |
Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |