Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2006-1816
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote malicious users to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.
Jelsoft Vbulletin 3.5.2
Jelsoft Vbulletin 3.5.4
Jelsoft Vbulletin 3.5.1
578
VMScore
CVE-2008-6256
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.
Vbulletin Vbulletin 3.7.3
312
VMScore
CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Vbulletin Vbulletin 5.6.3
312
VMScore
CVE-2020-25117
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
Vbulletin Vbulletin 5.6.3
312
VMScore
CVE-2020-25119
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
Vbulletin Vbulletin 5.6.3
312
VMScore
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
Vbulletin Vbulletin 5.6.3
312
VMScore
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
Vbulletin Vbulletin 5.6.3
755
VMScore
CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote malicious users to execute arbitrary SQL commands via the announcementid parameter.
Vbulletin Vbulletin 4.1.10
1 EDB exploit
578
VMScore
CVE-2008-6255
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) ipe...
Vbulletin Vbulletin 3.7.4
660
VMScore
CVE-2013-3522
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and previous versions allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
Vbulletin Vbulletin 5.0.0
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »