39 matches found
vBulletin 5.0.0-5.5.4 - Remote Command Execution
vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widgetphp routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system...
CVE-2020-17496
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...
CVE-2020-7373
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...
CVE-2020-7373
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...
Design/Logic Flaw
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...
CVE-2020-7373
Summary (CVE-2020-17496 / CVE-2020-7373): vBulletin 5.5.4–5.6.2 is vulnerable to remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This issue stems from an incomplete fix of CVE-2019-16759, and CVE-2020-7373 is a duplicate of CVE-2020-17...
CVE-2020-7373
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...
CVE-2020-7373
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...
Exploit for Code Injection in Vbulletin
CVE-2019-16759vBulletinRoutestring-RCE-PoC A vulnerability...
Exploit for Code Injection in Vbulletin
It is an exploit module for Apache Struts 2. CVE-2019-16759 is t...
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...
vBulletin 5.x Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x /ajax/render/widgettabbedcontainertabpanel PHP remote code execution.', 'Description' = %q This module exploits a logic bug within...
vBulletin 5.x Remote Code Execution Exploit
This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widgettabbedcontainertabpanel template while also providing the widgetphp argument. This causes the former template to load...
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Date: 2020-08-09 Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu 19.04 CVE : None vBulletin 5.5.4 throu...
A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly
A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that's already under active exploitation in the wild. vBulletin is a...
Researcher Publishes Patch Bypass for vBulletin 0-Day
A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation,” Austin-bas...
vBulletin CVE-2019-16759 Bypass Remote Code Execution (CVE-2020-17496) (direct check)
The version of vBulletin running on the remote host is affected by an input-validation flaw in the ajax/render/widgetphp API that allows for remote code execution. This plugin tests for a bypass to the fix for CVE-2019-16759. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
01034813302.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1165804 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...