11 matches found
📄 vBulletin 4.x movepm PHP Object Injection
In vBulletin 4.x, a flawed security patch from 2014 has introduced a new post-auth PHP object injection vector by replacing serialize with jsonencode — ironically making it possible to get vBulletin to sign attacker-controlled base64-encoded payloads, potentially allowing users to perform remote...
Tapatalk < 5.2.2 Blind SQLi Vulnerability
Tapatalk is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tapatalk:tapatalk"; if...
Tapatalk for vBulletin 4.x - Blind SQL Injection
!/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 : self.stopwatchstart=time.time self.target = targ...
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164 Author: Dave FW/...
vBulletin 4.x SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================ == Overview - -------- date : 10/12/2014 cvss : 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C base cwe : 89 vend...
vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================== Overview -------- date : 10/12/2014 cvss : 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C base cwe : 89 vendor : vBulletin Solutions product : vBulletin 4...
vBulletin 5.x / 4.x Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164...
Easy Forms for vBulletin 4.X - Upload Shell Code / Remote Code Execute
Easy Forms vBuletin 4.x have suffers from a remote code execute and upload shell code. This is private exploit. You can buy it at https://0day.today...
vBulletin 3. x / 4. x AjaxReg SQL injection and fix-vulnerability warning-the black bar safety net
!/ usr/bin/php ? vBulletin 3. x/4. x AjaxReg remote Blind SQL Injection Exploit https://lh3.googleusercontent.com/-4HcW64E57CI/ULWN9mDnK8I/AAAAAAAAABo/cc0UA9eVak/s640/11-26-2012%25206-02-5s3%2520AM.png livedemo : http://www.youtube.com/watch?v=LlKaYyJxH7E check it :...
Security Alert : vBulletin 4.X Security SQL Injection & CSRF/XSRF Exploits available !
Security Alert : vBulletin 4.X - SQL Injection & CSRF/XSRF Exploits available ! Two Serious Security Flaws are detected in vBulletin 4.X Versions and also their Security SQL Injection & CSRF/XSRF Exploits are now also available. Impact of these Flaws: Lots of big Forums are on vBulletin 4.X...