Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:7 p.m.14 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS7.1AI score0.99728EPSS
Exploits29References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.6 views

CVE-2019-17496

Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion...

6.1CVSS5.4AI score0.00831EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/12/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-17496

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

9.8CVSS8AI score0.99728EPSS
Exploits28References1
NVD
NVD
added 2020/10/30 5:15 p.m.36 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS9.8AI score0.46031EPSS
Exploits3References4
OSV
OSV
added 2020/10/30 5:15 p.m.2 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS7.7AI score0.46031EPSS
Exploits3References4
Prion
Prion
added 2020/10/30 5:15 p.m.36 views

Design/Logic Flaw

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

7.5CVSS9.7AI score0.99728EPSS
Exploits29References4Affected Software1
CVE
CVE
added 2020/10/30 4:50 p.m.119 views

CVE-2020-7373

Summary (CVE-2020-17496 / CVE-2020-7373): vBulletin 5.5.4–5.6.2 is vulnerable to remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This issue stems from an incomplete fix of CVE-2019-16759, and CVE-2020-7373 is a duplicate of CVE-2020-17...

9.8CVSS9.7AI score0.46031EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/10/30 4:50 p.m.31 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8AI score0.46031EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2020/10/30 12:0 a.m.77 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS3.7AI score0.99728EPSS
Exploits29References5
Circl
Circl
added 2020/08/12 6:11 p.m.12 views

CVE-2020-17496

creationtimestamp| type| source ---|---|--- 2020-08-12 18:11:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vbulletinwidgettemplaterce.rb 2020-10-09 13:24:43+00:00| seen| MISP/b14f5ca4-fb33-4da3-ad29-dcaf9e3d3fc4 2020-11-01 13:37:36+00:00|...

9.8CVSS7.4AI score0.8774EPSS
In wildExploits2References8
NVD
NVD
added 2020/08/12 2:15 p.m.37 views

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

9.8CVSS9.9AI score0.8774EPSS
Exploits2References5
Cvelist
Cvelist
added 2020/08/12 1:7 p.m.42 views

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

9.9AI score0.8774EPSS
Exploits2References4
CVE
CVE
added 2020/08/12 1:7 p.m.1062 views

CVE-2020-17496

Vulnerability: vBulletin 5.5.4–5.6.2 allows remote code execution via crafted subWidgets data in ajax/render/widget_tabbedcontainer_tab_panel requests. Root cause: an incomplete patch for CVE-2019-16759 left a logic bug in widget handling, enabling pre-auth code execution. Impact: remote PHP code...

9.8CVSS9.8AI score0.8774EPSS
In wildExploits2References5Affected Software1
Vulnrichment
Vulnrichment
added 2020/08/12 1:7 p.m.14 views

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

7.5AI score0.8774EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2020/08/12 12:0 a.m.397 views

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. Recent assessments: zeroSteiner at September 02, 2020 1:23pm UTC reported: A...

9.8CVSS10AI score0.99728EPSS
In wildExploits28References6
Tenable Nessus
Tenable Nessus
added 2020/08/10 12:0 a.m.313 views

vBulletin CVE-2019-16759 Bypass Remote Code Execution (CVE-2020-17496) (direct check)

The version of vBulletin running on the remote host is affected by an input-validation flaw in the ajax/render/widgetphp API that allows for remote code execution. This plugin tests for a bypass to the fix for CVE-2019-16759. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

9.8CVSS9.2AI score0.99728EPSS
Exploits28References3
CVE
CVE
added 2019/10/10 11:32 p.m.149 views

CVE-2019-17496

Craft CMS prior to 3.3.8 is affected by a stored XSS in the site deletion flow where the name field is mishandled. The issue enables injection through the name field and is limited to Craft CMS versions before 3.3.8; upgrading to 3.3.8 or later is the documented remediation. The CVE description a...

6.1CVSS5.8AI score0.00831EPSS
Exploits0References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2019/09/25 12:0 a.m.15 views

vBulletin Forum Remote Code Execution (CVE-2019-16759; CVE-2020-17496)

A remote code execution vulnerability exists in vBulletin Forum. Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code on the affected system...

7.5CVSS7.1AI score0.99728EPSS
Exploits28
CVE
CVE
added 2019/03/19 7:47 p.m.46 views

CVE-2018-17496

CVE-2018-17496 affects the eVisitorPass kiosk application. The vulnerability stems from an error in kiosk mode that, when a user visits the kiosk and presses ctrl+shift+esc, allows opening the Task Manager to kill or launch processes, enabling local privilege escalation. The NVD description notes...

8.4CVSS7.6AI score0.00384EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/12/10 10:0 p.m.30 views

CVE-2017-17496

CVE-2017-17496 entry is rejected and does not represent an active vulnerability.

7.4AI score
Exploits0
Rows per page
Query Builder