Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
660
VMScore
CVE-2013-3522
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and previous versions allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
Vbulletin Vbulletin 5.0.0
2 EDB exploits
516
VMScore
CVE-2011-5251
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and previous versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
Vbulletin Vbulletin 4.0.7
Vbulletin Vbulletin 4.0.6
Vbulletin Vbulletin 4.0.5
Vbulletin Vbulletin 4.0.4
Vbulletin Vbulletin 4.1.1
Vbulletin Vbulletin 4.0.8
Vbulletin Vbulletin 4.0.3
Vbulletin Vbulletin 4.0.1
Vbulletin Vbulletin
Vbulletin Vbulletin 4.1.2
Vbulletin Vbulletin 4.1
Vbulletin Vbulletin 4.0.2
Vbulletin Vbulletin 4.0.0
755
VMScore
CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote malicious users to execute arbitrary SQL commands via the announcementid parameter.
Vbulletin Vbulletin 4.1.10
1 EDB exploit
890
VMScore
CVE-2012-4328
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 up to and including 4.1.12, Forum 4.1.2 up to and including 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.
Vbulletin Vbulletin Suite 4.1.2
Vbulletin Vbulletin Suite 4.1.12
Vbulletin Vbulletin Forum 4.1.12
Vbulletin Vbulletin Forum 4.1.2
Vbulletin Mapi 1.4.3
383
VMScore
CVE-2012-3844
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote malicious users to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.
Vbulletin Vbulletin 4.1.12
685
VMScore
CVE-2010-1077
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
Vbseo Vbseo 3.1.0
1 EDB exploit
435
VMScore
CVE-2009-2172
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
Dream Radio And Tv Player Addon For Vbulletin
1 EDB exploit
356
VMScore
CVE-2008-6754
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
Mephisteus The Personal Sticky Threads 1.0.3c
578
VMScore
CVE-2008-6255
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) ipe...
Vbulletin Vbulletin 3.7.4
578
VMScore
CVE-2008-6256
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.
Vbulletin Vbulletin 3.7.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »