Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vbulletin vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2012-4328
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 up to and including 4.1.12, Forum 4.1.2 up to and including 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.
Vbulletin Vbulletin Suite 4.1.2
Vbulletin Vbulletin Suite 4.1.12
Vbulletin Vbulletin Forum 4.1.12
Vbulletin Vbulletin Forum 4.1.2
Vbulletin Mapi 1.4.3
9.3
CVSSv2
CVE-2007-4120
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) spec...
Jelsoft Vbulletin 3.6.5
9
CVSSv2
CVE-2014-9463
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
Vbseo Vbseo -
1 EDB exploit
8.5
CVSSv2
CVE-2007-2911
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin prior to 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related...
Jelsoft Vbulletin
7.5
CVSSv2
CVE-2020-7373
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CV...
Vbulletin Vbulletin
1 Github repository
7.5
CVSSv2
CVE-2020-17496
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Vbulletin Vbulletin
2 Github repositories
7.5
CVSSv2
CVE-2020-12720
vBulletin prior to 5.5.6pl1, 5.6.0 prior to 5.6.0pl1, and 5.6.1 prior to 5.6.1pl1 has incorrect access control.
Vbulletin Vbulletin 5.6.0
Vbulletin Vbulletin
Vbulletin Vbulletin 5.5.6
Vbulletin Vbulletin 5.6.1.-
1 Github repository
7.5
CVSSv2
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
7.5
CVSSv2
CVE-2017-17671
vBulletin up to and including 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ t...
Vbulletin Vbulletin 5.0.0
Vbulletin Vbulletin
7.5
CVSSv2
CVE-2017-17672
In vBulletin up to and including 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplat...
Vbulletin Vbulletin
Vbulletin Vbulletin 5.0.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »