Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vbulletin vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2002-1660
calendar.php in vBulletin prior to 2.2.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the command parameter.
Jelsoft Vbulletin
1 EDB exploit
715
VMScore
CVE-2014-2022
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and previous versions allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
Vbulletin Vbulletin
Vbulletin Vbulletin 4.2.1
Vbulletin Vbulletin 4.2.0
1 EDB exploit
685
VMScore
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
685
VMScore
CVE-2010-1077
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
Vbseo Vbseo 3.1.0
1 EDB exploit
685
VMScore
CVE-2006-6779
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote malicious users to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.
Jelsoft Vbulletin 3.5.4
Jelsoft Vbulletin 3.6.0
Jelsoft Vbulletin 3.6.3
Jelsoft Vbulletin 3.6.4
Jelsoft Vbulletin 3.5.1
Jelsoft Vbulletin 3.5.2
Jelsoft Vbulletin 3.6.1
Jelsoft Vbulletin 3.6.2
1 EDB exploit
685
VMScore
CVE-2006-6040
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote malicious users to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
Jelsoft Vbulletin 3.6.0
Jelsoft Vbulletin 3.6.1
Jelsoft Vbulletin 3.6.2
Jelsoft Vbulletin 3.6.3
1 EDB exploit
685
VMScore
CVE-2006-4273
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote malicious users to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explore...
Jelsoft Vbulletin 3.5.4
Jelsoft Vbulletin 3.6.0
1 EDB exploit
685
VMScore
CVE-2003-0295
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote malicious users to inject arbitrary web script and HTML via the "Preview Message" capability.
Jelsoft Vbulletin 3.0.0 Beta 2
1 EDB exploit
668
VMScore
CVE-2020-7373
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CV...
Vbulletin Vbulletin
1 Github repository
668
VMScore
CVE-2020-17496
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Vbulletin Vbulletin
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »