Lucene search
K

27 matches found

CNVD
CNVD
added 2020/08/17 12:0 a.m.6 views

vBulletin Cross-Site Scripting Vulnerability

vBulletin is the United States InternetBrands and vBulletinSolutions, Inc. of a PHP and MySQL-based open source Web forum program . A cross-site scripting vulnerability exists in vBulletin version 5.x. The vulnerability stems from the lack of proper validation of client-side data by the WEB...

9.8CVSS6.4AI score0.46031EPSS
Exploits3References1
Metasploit
Metasploit
added 2020/08/13 5:40 p.m.144 views

vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.

This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...

9.8CVSS10AI score0.99728EPSS
Exploits28
Packet Storm
Packet Storm
added 2020/08/11 12:0 a.m.296 views

vBulletin 5.x Remote Code Execution

!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...

7.5CVSS0.2AI score0.99728EPSS
Exploits27
Dsquare
Dsquare
added 2020/06/25 12:0 a.m.204 views

vBulletin 5 SQL Injection

SQL Injection vulnerability in vBulletin nodeId parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

7.5CVSS0.8AI score0.88948EPSS
Exploits13
0day.today
0day.today
added 2019/10/02 12:0 a.m.150 views

vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2:...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/26 5:45 p.m.136 views

Rash of Exploits Targets Critical vBulletin RCE Bug

A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...

7.5CVSS10AI score0.99728EPSS
Exploits27References7
GithubExploit
GithubExploit
added 2019/09/26 3:27 a.m.114 views

Exploit for Code Injection in Vbulletin

PoC exploit for CVE-2019-16759, an RCE vulnerability in vBulleti...

9.8CVSS10AI score0.99728EPSS
Exploits27
Packet Storm
Packet Storm
added 2019/09/26 12:0 a.m.252 views

vBulletin 5.x 0-Day Pre-Auth Remote Command Execution

description = vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 local http = require "http" local shortport = require "shortport" local vulns = require "vulns" local stdnse = require "stdnse" local string = require "string" --- -- @usage -- nmap -p...

7.5CVSS0.4AI score0.99728EPSS
Exploits27
Prion
Prion
added 2019/09/24 10:15 p.m.29 views

Cross site request forgery (csrf)

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

7.5CVSS9.6AI score0.99728EPSS
Exploits27References10Affected Software1
Cvelist
Cvelist
added 2019/09/24 9:1 p.m.30 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8AI score0.99728EPSS
Exploits27References10
Packet Storm
Packet Storm
added 2019/09/24 12:0 a.m.987 views

vBulletin 5.x Pre-Auth Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

0.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2019/09/24 12:0 a.m.44 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.1AI score0.99728EPSS
In wildExploits27References13
n0where
n0where
added 2018/01/01 8:31 p.m.73 views

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

0.1AI score
Exploits0References1
0day.today
0day.today
added 2017/12/14 12:0 a.m.71 views

vBulletin 5 cacheTemplates Unauthenticated Remote Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found in vBulletin version 5. vBulletin, also known as...

7.5CVSS0.1AI score0.14912EPSS
Exploits6
NVD
NVD
added 2017/09/19 3:29 p.m.13 views

CVE-2015-3419

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...

6.5CVSS6.1AI score0.00977EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/09/19 3:0 p.m.16 views

CVE-2015-3419

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...

6.1AI score0.00977EPSS
Exploits0References2
NVD
NVD
added 2015/11/24 8:59 p.m.16 views

CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

7.5CVSS7.5AI score0.80635EPSS
Exploits12References6
Prion
Prion
added 2015/11/24 8:59 p.m.15 views

Design/Logic Flaw

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

7.5CVSS8AI score0.80635EPSS
Exploits12References6Affected Software1
Exploit DB
Exploit DB
added 2015/11/23 12:0 a.m.35 views

vBulletin 5.x - Remote Code Execution

Title: Vbulletin 5.x - Remote Code Execution Exploit + Product: vbulletin + Vendor: http://vbulletin.com + Vulnerable Versions: Vbulletin 5.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website : www.reza.es...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/10/12 12:0 a.m.54 views

vBulletin 5.x / 4.x Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...

3.5CVSS9.6AI score0.04145EPSS
Exploits7
Rows per page
Query Builder