10 matches found
EUVD-2018-4540
Malware in sbrugna...
Design/Logic Flaw
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...
CVE-2018-12580
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...
Open redirect
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...
CVE-2018-6200
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...
vBulletin ChangUonDyU Advanced Statistics - SQL Injection Vulnerability
No description provided by source. Exploit Title: vBulletin ChangUonDyU Advanced Statistics - SQL Injection Vulnerability Google Dork: No Dork Date: 19/10/2012 Exploit Author: Junookyo Vendor Homepage: http://hoiquantinhoc.com Software Link:...
vBulletin 3. x / 4. x AjaxReg SQL injection and fix-vulnerability warning-the black bar safety net
!/ usr/bin/php ? vBulletin 3. x/4. x AjaxReg remote Blind SQL Injection Exploit https://lh3.googleusercontent.com/-4HcW64E57CI/ULWN9mDnK8I/AAAAAAAAABo/cc0UA9eVak/s640/11-26-2012%25206-02-5s3%2520AM.png livedemo : http://www.youtube.com/watch?v=LlKaYyJxH7E check it :...
vBulletin多个产品'blog_post.php'安全绕过漏洞
vBulletin是一款基于PHP的应用程序 vBulletin blogpost.php脚本不正确检查权限,远程攻击者可以利用漏洞张贴博客日志 0 vBulletin 3.x vBulletin Publishing Suite 4.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://www.vbulletin.com/forum/showthread.php/394259 http://tracker.vbulletin.com/browse/VBIV-13921...
XSS в vBulletin 3.x
Здравствуйте, vuln. Параметры posthash и poststarttime в скриптах newreply.php и newthread.php не фильтруются в POST-запросе это для версии 3.0.9 для 3.5.4 уязвим только параметр posthash и только в скрипте newthread.php В результате чего возможна атака типа XSS. ПРИМЕР: POST /forum/newthread.php...
[SA17359] vBulletin Image Script Insertion Vulnerability
TITLE: vBulletin Image Script Insertion Vulnerability SECUNIA ADVISORY ID: SA17359 VERIFY ADVISORY: http://secunia.com/advisories/17359/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: vBulletin 3.x http://secunia.com/product/3212/ vBulletin 2.x...