Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-4540

Malware in sbrugna...

6.1CVSS6.3AI score0.00647EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/06/09 12:0 a.m.92 views

📄 vBulletin 4.x movepm PHP Object Injection

In vBulletin 4.x, a flawed security patch from 2014 has introduced a new post-auth PHP object injection vector by replacing serialize with jsonencode — ironically making it possible to get vBulletin to sign attacker-controlled base64-encoded payloads, potentially allowing users to perform remote...

8.6AI score
Exploits0
Prion
Prion
added 2018/06/19 4:29 p.m.11 views

Design/Logic Flaw

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

4.3CVSS6.3AI score0.00647EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/19 4:29 p.m.16 views

CVE-2018-12580

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session'useragent' in the "Login Sessions" feature...

6.1CVSS6.3AI score0.00647EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.159 views

vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

7.8AI score
Exploits0
exploitpack
exploitpack
added 2015/03/02 12:0 a.m.33 views

vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection

vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection + Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage:...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2014/11/27 12:0 a.m.34 views

Tapatalk < 5.2.2 Blind SQLi Vulnerability

Tapatalk is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tapatalk:tapatalk"; if...

9.8CVSS9.8AI score0.04145EPSS
Exploits5References2
0day.today
0day.today
added 2014/10/28 12:0 a.m.29 views

vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164 Author: Dave FW/...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/10/28 12:0 a.m.27 views

Tapatalk for vBulletin 4.x - Blind SQL Injection

!/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 : self.stopwatchstart=time.time self.target = targ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/10/13 12:0 a.m.69 views

vBulletin 4.x SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================ == Overview - -------- date : 10/12/2014 cvss : 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C base cwe : 89 vend...

7.1CVSS0.3AI score0.04145EPSS
Exploits7
Packet Storm
Packet Storm
added 2014/10/12 12:0 a.m.54 views

vBulletin 5.x / 4.x Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...

3.5CVSS9.6AI score0.04145EPSS
Exploits7
Exploit DB
Exploit DB
added 2014/10/12 12:0 a.m.55 views

vBulletin 4.x - breadcrumbs via xmlrpc API (Authenticated) SQL Injection

CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API post-auth ============================================================================== Overview -------- date : 10/12/2014 cvss : 7.1 AV:N/AC:H/Au:S/C:C/I:C/A:C base cwe : 89 vendor : vBulletin Solutions product : vBulletin 4...

7.1CVSS9.6AI score0.02712EPSS
Exploits4
exploitpack
exploitpack
added 2014/09/20 12:0 a.m.27 views

vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection

vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164...

0.3AI score
Exploits0
0day.today
0day.today
added 2014/09/03 12:0 a.m.101 views

Easy Forms for vBulletin 4.X - Upload Shell Code / Remote Code Execute

Easy Forms vBuletin 4.x have suffers from a remote code execute and upload shell code. This is private exploit. You can buy it at https://0day.today...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability

No description provided by source. Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

7.1AI score
Exploits0
myhack58
myhack58
added 2012/12/13 12:0 a.m.14 views

vBulletin 3. x / 4. x AjaxReg SQL injection and fix-vulnerability warning-the black bar safety net

!/ usr/bin/php ? vBulletin 3. x/4. x AjaxReg remote Blind SQL Injection Exploit https://lh3.googleusercontent.com/-4HcW64E57CI/ULWN9mDnK8I/AAAAAAAAABo/cc0UA9eVak/s640/11-26-2012%25206-02-5s3%2520AM.png livedemo : http://www.youtube.com/watch?v=LlKaYyJxH7E check it :...

8.5AI score
Exploits0
Packet Storm
Packet Storm
added 2011/07/21 12:0 a.m.18 views

vBulletin 4.1.3 SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2011/07/21 12:0 a.m.21 views

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2011/07/21 12:0 a.m.21 views

vBulletin 4.0.x 4.1.3 - &#039;messagegroupid&#039; SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2011/05/25 3:37 p.m.6 views

Security Alert : vBulletin 4.X Security SQL Injection & CSRF/XSRF Exploits available !

Security Alert : vBulletin 4.X - SQL Injection & CSRF/XSRF Exploits available ! Two Serious Security Flaws are detected in vBulletin 4.X Versions and also their Security SQL Injection & CSRF/XSRF Exploits are now also available. Impact of these Flaws: Lots of big Forums are on vBulletin 4.X...

8AI score
Exploits0
Rows per page
Query Builder