27 matches found
vBulletin Cross-Site Scripting Vulnerability
vBulletin is the United States InternetBrands and vBulletinSolutions, Inc. of a PHP and MySQL-based open source Web forum program . A cross-site scripting vulnerability exists in vBulletin version 5.x. The vulnerability stems from the lack of proper validation of client-side data by the WEB...
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...
vBulletin 5.x Remote Code Execution
!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...
vBulletin 5 SQL Injection
SQL Injection vulnerability in vBulletin nodeId parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2:...
Rash of Exploits Targets Critical vBulletin RCE Bug
A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...
Exploit for Code Injection in Vbulletin
PoC exploit for CVE-2019-16759, an RCE vulnerability in vBulleti...
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
description = vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 local http = require "http" local shortport = require "shortport" local vulns = require "vulns" local stdnse = require "stdnse" local string = require "string" --- -- @usage -- nmap -p...
Cross site request forgery (csrf)
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
vBulletin 5.x Pre-Auth Remote Code Execution
!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Fsociety Hacking Tools Pack
Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...
vBulletin 5 cacheTemplates Unauthenticated Remote Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as...
CVE-2015-3419
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...
CVE-2015-3419
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...
CVE-2015-7808
The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...
Design/Logic Flaw
The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...
vBulletin 5.x - Remote Code Execution
Title: Vbulletin 5.x - Remote Code Execution Exploit + Product: vbulletin + Vendor: http://vbulletin.com + Vulnerable Versions: Vbulletin 5.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website : www.reza.es...
vBulletin 5.x / 4.x Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...