Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2019-17130
vBulletin up to and including 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Vbulletin Vbulletin
4.3
CVSSv2
CVE-2019-17131
vBulletin prior to 5.5.4 allows clickjacking.
Vbulletin Vbulletin
7.5
CVSSv2
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
5.8
CVSSv2
CVE-2018-15493
vBulletin 5.4.3 has an Open Redirect.
Vbulletin Vbulletin 5.4.3
4.3
CVSSv2
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x up to and including 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
Dragonbyte-tech Vbsecurity
5.8
CVSSv2
CVE-2018-6200
vBulletin 3.x.x and 4.2.x up to and including 4.2.5 has an open redirect via the redirector.php url parameter.
Vbulletin Vbulletin
4.3
CVSSv2
CVE-2012-6668
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module prior to 6.0.6 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2...
Dragonbyte-tech Vbshout Module
4.3
CVSSv2
CVE-2012-6670
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module prior to 3.0.1 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestme...
Dragonbyte-tech Vbactivity Module
4.3
CVSSv2
CVE-2012-6671
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module prior to 1.0.8 for vBulletin when creating a new monster, allow remote malicious users to inject arbitrary web script or HTML via the (1) monster[title] or (2...
Dragonbyte-tech Forumon Rpg Module
4.3
CVSSv2
CVE-2012-6682
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and previous versions for vBulletin allows remote malicious users to inject arbitrary web script or HTML via the mirrors[] parameter.
Dragonbyte-tech Vbdownloads Module 1.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »