Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2908
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin prior to 3.6.6 allows remote malicious users to inject arbitrary web script or HTML via the title field in a single add action.
Jelsoft Vbulletin
1 EDB exploit
NA
CVE-2007-2911
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin prior to 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related...
Jelsoft Vbulletin
NA
CVE-2001-0475
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote malicious users to execute arbitrary PHP code via special characters in the templatecache parameter.
Jelsoft Vbulletin
NA
CVE-2006-4271
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote malicious users to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires...
Jelsoft Vbulletin 3.5.4
NA
CVE-2006-4272
Jelsoft vBulletin 3.5.4 allows remote malicious users to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA ...
Jelsoft Vbulletin 3.5.4
NA
CVE-2007-3326
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote malicious users to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php...
Jelsoft Vbulletin 3.0.0
NA
CVE-2007-4120
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) spec...
Jelsoft Vbulletin 3.6.5
NA
CVE-2002-1679
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote malicious users to execute arbitrary script as other users by injecting script into a bulletin board message.
Jelsoft Vbulletin 2.2.0
NA
CVE-2004-0091
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote malicious users to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has...
Jelsoft Vbulletin 3.0 Beta 2
NA
CVE-2006-0080
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
Jelsoft Vbulletin 3.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »