133 matches found
CVE-2007-2911
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field GPC'search''datelineafter' variable, a related issue to CVE-2007-1573...
Sql injection
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field...
CVE-2007-1573
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field...
CVE-2007-1573
CVE-2007-1573 affects Jelsoft vBulletin 3.6.5. The vulnerability is an SQL injection in admincp/attachment.php via the Attached Before field, enabling remote authenticated administrators to execute arbitrary SQL commands. The connected sources cite the same vector and impact; no patch/version rem...
CVE-2007-1573
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field...
vbul365-rssxss.txt
vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "alertdocument.cookie; a cool messege box appear with cookies ; earlier versions affected also . ----------------------------------------------------------------------------- Discovered by...
vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.
vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "scriptalertdocument.cookie;/script a cool messege box appear with cookies ; earlier versions affected also . -----------------------------------------------------------------------------...
CVE-2007-0869
CVE-2007-0869 affects Jelsoft vBulletin 3.6.4: an XSS vulnerability in the Attachment Manager (admincp/attachment.php) allows remote attackers to inject arbitrary script/HTML via the Extension field. The entry cites a possible duplicate of CVE-2007-0830 and notes uncertain provenance (information...
CVE-2007-0830
CVE-2007-0830 documents multiple XSS vulnerabilities in the Admin Control Panel of vBulletin 3.6.4. The issues allow remote authenticated administrators to inject arbitrary script/HTML via various AdminCP managers (User Group/Rank/Title, BB Code, Attachment, Calendar, Forums & Moderators). Vendor...
PT-2007-2273 · Vbulletin · Vbulletin
Name of the Vulnerable Software and Affected Versions: vBulletin version 3.6.4 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP of vBulletin. These vulnerabilities allow remote authenticated administrators to inject arbitrary web...
CVE-2006-6040
CVE-2006-6040 affects Jelsoft vBulletin 3.6.x, specifically admincp/index.php. The vulnerability is due to cross-site scripting (XSS) via two parameters: prefs in a buildnavprefs action and navprefs in a savenavprefs action, enabling remote attackers to inject arbitrary script/HTML. Public refere...
CVE-2006-5561
The CVE refers to SQL injection in Discuz! GBK 5.0.0 via the cdb_auth cookie in admincp.php, enabling remote attackers to run arbitrary SQL commands. Affected software: Discuz! with GBK encoding, version 5.0.0. Root cause: unsafely parsed cookie value leads to SQL injection. Impact per sources: p...
vBulletin 1.0.1 lite2.x3.0 - admincpusertools.php?ids SQL Injection
vBulletin 1.0.1 lite2.x3.0 - admincpusertools.php?ids SQL Injection source: https://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in S...