Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vbulletin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-17131
vBulletin prior to 5.5.4 allows clickjacking.
Vbulletin Vbulletin
9.8
CVSSv3
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
9.8
CVSSv3
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
6.1
CVSSv3
CVE-2018-15493
vBulletin 5.4.3 has an Open Redirect.
Vbulletin Vbulletin 5.4.3
6.1
CVSSv3
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x up to and including 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
Dragonbyte-tech Vbsecurity
6.1
CVSSv3
CVE-2018-6200
vBulletin 3.x.x and 4.2.x up to and including 4.2.5 has an open redirect via the redirector.php url parameter.
Vbulletin Vbulletin
6.1
CVSSv3
CVE-2012-6668
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module prior to 6.0.6 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2...
Dragonbyte-tech Vbshout Module
6.1
CVSSv3
CVE-2012-6670
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module prior to 3.0.1 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestme...
Dragonbyte-tech Vbactivity Module
6.1
CVSSv3
CVE-2012-6671
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module prior to 1.0.8 for vBulletin when creating a new monster, allow remote malicious users to inject arbitrary web script or HTML via the (1) monster[title] or (2...
Dragonbyte-tech Forumon Rpg Module
6.1
CVSSv3
CVE-2012-6682
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and previous versions for vBulletin allows remote malicious users to inject arbitrary web script or HTML via the mirrors[] parameter.
Dragonbyte-tech Vbdownloads Module 1.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »