Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-01-31 CVE-2016-9403 Permissions, Privileges, and Access Controls vulnerability in Mybb
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check.
network
low complexity
mybb CWE-264
critical
 9.8
9.8
2017-01-31 CVE-2016-9402 SQL Injection vulnerability in Mybb
SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
 9.8
9.8
2017-01-31 CVE-2015-8974 SQL Injection vulnerability in Mybb Merge System and Mybb
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mybb CWE-89
critical
 10.0
10
2017-01-31 CVE-2016-10043 OS Command Injection vulnerability in MRF web Panel 9.0.1
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1.
network
low complexity
mrf CWE-78
critical
 10.0
10
2017-01-30 CVE-2016-9132 Integer Overflow or Wraparound vulnerability in Botan Project Botan
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed.
network
low complexity
botan-project CWE-190
critical
 9.8
9.8
2017-01-30 CVE-2016-6604 NULL Pointer Dereference vulnerability in Samsung Exynos Fimg2D
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors.
network
low complexity
samsung CWE-476
critical
 9.8
9.8
2017-01-30 CVE-2016-6269 Path Traversal vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
network
low complexity
trendmicro CWE-22
critical
 9.1
9.1
2017-01-30 CVE-2017-5611 SQL Injection vulnerability in multiple products
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
network
low complexity
wordpress debian oracle CWE-89
critical
 9.8
9.8
2017-01-30 CVE-2016-10182 Command Injection vulnerability in Dlink Dwr-932B Firmware 02.02Eu
An issue was discovered on the D-Link DWR-932B router.
network
low complexity
dlink CWE-77
critical
 9.8
9.8
2017-01-30 CVE-2016-10178 7PK - Security Features vulnerability in Dlink Dwr-932B Firmware 02.02Eu
An issue was discovered on the D-Link DWR-932B router.
network
low complexity
dlink CWE-254
critical
 9.8
9.8