Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
570
VMScore
CVE-2019-17130
vBulletin up to and including 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Vbulletin Vbulletin
800
VMScore
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
516
VMScore
CVE-2018-15493
vBulletin 5.4.3 has an Open Redirect.
Vbulletin Vbulletin 5.4.3
383
VMScore
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x up to and including 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
Dragonbyte-tech Vbsecurity
516
VMScore
CVE-2018-6200
vBulletin 3.x.x and 4.2.x up to and including 4.2.5 has an open redirect via the redirector.php url parameter.
Vbulletin Vbulletin
383
VMScore
CVE-2012-6668
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module prior to 6.0.6 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2...
Dragonbyte-tech Vbshout Module
383
VMScore
CVE-2012-6670
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module prior to 3.0.1 for vBulletin allow remote malicious users to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestme...
Dragonbyte-tech Vbactivity Module
383
VMScore
CVE-2012-6671
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module prior to 1.0.8 for vBulletin when creating a new monster, allow remote malicious users to inject arbitrary web script or HTML via the (1) monster[title] or (2...
Dragonbyte-tech Forumon Rpg Module
383
VMScore
CVE-2012-6682
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and previous versions for vBulletin allows remote malicious users to inject arbitrary web script or HTML via the mirrors[] parameter.
Dragonbyte-tech Vbdownloads Module 1.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »