2 matches found
Directory traversal
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. dot dot in 1 the loc parameter to admincp/index.php and 2 the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripti...
CVE-2005-3025
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to 1 modcp/index.php or 2 admincp/index.php, or the ip parameter to 3 modcp/user.php or 4 admincp/usertitle.php...