Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-17131
vBulletin prior to 5.5.4 allows clickjacking.
Vbulletin Vbulletin
685
VMScore
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
800
VMScore
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
516
VMScore
CVE-2018-15493
vBulletin 5.4.3 has an Open Redirect.
Vbulletin Vbulletin 5.4.3
383
VMScore
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x up to and including 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
Dragonbyte-tech Vbsecurity
516
VMScore
CVE-2018-6200
vBulletin 3.x.x and 4.2.x up to and including 4.2.5 has an open redirect via the redirector.php url parameter.
Vbulletin Vbulletin
383
VMScore
CVE-2012-6670
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module prior to 3.0.1 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestme...
Dragonbyte-tech Vbactivity Module
383
VMScore
CVE-2012-6671
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module prior to 1.0.8 for vBulletin when creating a new monster, allow remote malicious users to inject arbitrary web script or HTML via the (1) monster[title] or (2...
Dragonbyte-tech Forumon Rpg Module
383
VMScore
CVE-2012-6682
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and previous versions for vBulletin allows remote malicious users to inject arbitrary web script or HTML via the mirrors[] parameter.
Dragonbyte-tech Vbdownloads Module 1.3.2
383
VMScore
CVE-2012-6668
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module prior to 6.0.6 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2...
Dragonbyte-tech Vbshout Module
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »