EUVD-2004-0036

Malware in sbrugna...

The vulnerability of the forumrunner component in the vBulletin commercial web forum allows a hacker to perform an SSRF attack.

The vulnerability of the forumrunner component in the vBulletin commercial web forum is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the vBulletin commercial web forum, related to improper protection of the alternative path, allows attackers to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the commercial vBulletin web forum is related to improper protection of an alternative path. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...

vBulletin 5.6.2 - (widget_tabbedContainer_tab_panel) Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu...

Data Breach Disclosed by Online Invitation Firm Evite

Online invitation and stationary company Evite has notified customers of a data breach that stemmed from an “inactive data storage file” associated with user accounts. The company over the weekend said that during April 2019, it became aware of a “security incident involving potential unauthorize...

vBulletin 5.1.3 Cross Site Scripting

CVE-2014-9469 vBulletin XSS Cross-Site Scripting Security Vulnerabilities Exploit Title: vBulletin XSS Cross-Site Scripting Security Vulnerabilities Product: vBulletin Forum Vendor: vBulletin Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4 Tested Version: 5.1.3 4.2.2 Advisory...

vBulletin 5.1.x - Persistent Cross-Site Scripting

vBulletin 5.1.x - Persistent Cross-Site Scripting Title: vBulletin 5.1.X - Cross Site Scripting Date: 05.09.14 Version: = 5.1.2 Latest ATM Vendor: vbulletin.com Contact: smash at devilteam.pl 1 Agenda Latest vBulletin forum software suffers on persistent cross site scripting vulnerability, which...

4 5 You can obtain the Webshell program-vulnerability warning-the black bar safety net

1: Go to GoogLe,search some keywords,edit. asp? Korean broiler chickens is more,the majority of MSSQL database! 2,to Google ,site:cq. cn inurl:asp 3, The use of mining chicken and an ASP Trojan. The file name is login. asp ...... The path set is/manage/ The key word is went. asp 'Or'='or'to login...

[waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4

waraxe-2008-SA069 - Multiple Sql Injection in vBulletin 3.7.4 =============================================================================== Author: Janek Vind "waraxe" Date: 17. November 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-69.html Description of vulnerable software:...

vbul30x.txt

hi all, a new SQL injection found in VBulletin Forums 3.0.x the Vulnerabilite found in last.php, last 10 topics hack. last.php?fsel=,user.password%20as%20title,user.%20 %20%20%20username%20as%20lastposter%20FROM%20user, thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT %201 to solve the problem...

CVE-2004-0036

CVE-2004-0036 describes a SQL injection in calendar.php for vBulletin Forum 2.3.x before 2.3.4, exploitable via the eventid parameter to exfiltrate data. Affected component is the calendar feature in vBulletin 2.3.x; root cause is improper input handling in eventid. Impact stated: attackers can s...

CVE-2004-0036

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter...

CVE-2004-0036

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter...

vBulletin Forum 2.3.xx calendar.php SQL Injection

vBulletin Forum 2.3.xx calendar.php SQL Injection ======================================================== Website: www.safechina.net Discovered by: mslug [email protected] Description: ============= There exist a sql injection problem in calendar.php. Notice the eventid field. -------- Cut fr...

vBulletin Multiple Cross Site Scripting Vulnerabilities

SYSTEMS AFFECTED ======== Jelsoft Enterprises vBulletin Forum exploited with a browser CONTENTS ========= Subject: vBulletin Multiple Cross Site Scripting Vulnerabilities Date: 17 September 2003 release from old archive, flaws found on 7 September 2002 Risk: Low DESCRIPTION ========= The vBulleti...