Lucene search
+L

17 matches found

CNVD
CNVD
added 2020/08/17 12:0 a.m.8 views

vBulletin Cross-Site Scripting Vulnerability

vBulletin is the United States InternetBrands and vBulletinSolutions, Inc. of a PHP and MySQL-based open source Web forum program . A cross-site scripting vulnerability exists in vBulletin version 5.x. The vulnerability stems from the lack of proper validation of client-side data by the WEB...

9.8CVSS6.4AI score0.46031EPSS
Exploits3References1
Metasploit
Metasploit
added 2020/08/13 5:40 p.m.144 views

vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.

This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...

9.8CVSS10AI score0.99728EPSS
Exploits28
Packet Storm
Packet Storm
added 2020/08/11 12:0 a.m.298 views

vBulletin 5.x Remote Code Execution

!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...

7.5CVSS0.2AI score0.99728EPSS
Exploits27
0day.today
0day.today
added 2019/10/02 12:0 a.m.150 views

vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2:...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/26 5:45 p.m.136 views

Rash of Exploits Targets Critical vBulletin RCE Bug

A critical remote code execution RCE bug affecting default 5.x versions of vBulletin CVE-2019-16759 is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts. A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin...

7.5CVSS10AI score0.99728EPSS
Exploits27References7
GithubExploit
GithubExploit
added 2019/09/26 3:27 a.m.162 views

Exploit for Code Injection in Vbulletin

PoC exploit for CVE-2019-16759, an RCE vulnerability in vBulleti...

9.8CVSS10AI score0.99728EPSS
Exploits27
Packet Storm
Packet Storm
added 2019/09/26 12:0 a.m.254 views

vBulletin 5.x 0-Day Pre-Auth Remote Command Execution

description = vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 local http = require "http" local shortport = require "shortport" local vulns = require "vulns" local stdnse = require "stdnse" local string = require "string" --- -- @usage -- nmap -p...

7.5CVSS0.4AI score0.99728EPSS
Exploits27
Prion
Prion
added 2019/09/24 10:15 p.m.29 views

Cross site request forgery (csrf)

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

7.5CVSS9.6AI score0.99728EPSS
Exploits27References10Affected Software1
Cvelist
Cvelist
added 2019/09/24 9:1 p.m.33 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8AI score0.99728EPSS
Exploits27References10
ATTACKERKB
ATTACKERKB
added 2019/09/24 12:0 a.m.45 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.1AI score0.99728EPSS
In wildExploits27References13
Packet Storm
Packet Storm
added 2019/09/24 12:0 a.m.989 views

vBulletin 5.x Pre-Auth Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

0.2AI score
Exploits0
n0where
n0where
added 2018/01/01 8:31 p.m.75 views

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

0.1AI score
Exploits0References1
NVD
NVD
added 2017/09/19 3:29 p.m.13 views

CVE-2015-3419

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...

6.5CVSS6.1AI score0.00977EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/09/19 3:0 p.m.18 views

CVE-2015-3419

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...

6.1AI score0.00977EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2015/11/23 12:0 a.m.37 views

vBulletin 5.x - Remote Code Execution

Title: Vbulletin 5.x - Remote Code Execution Exploit + Product: vbulletin + Vendor: http://vbulletin.com + Vulnerable Versions: Vbulletin 5.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website : www.reza.es...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/10/12 12:0 a.m.54 views

vBulletin 5.x / 4.x Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...

3.5CVSS9.6AI score0.04145EPSS
Exploits7
Dsquare
Dsquare
added 2013/12/01 12:0 a.m.37 views

vBulletin 5.x Remote Administrator Injection

Remote administrator injection vulnerability in vBulletin upgrade.php Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

7.5CVSS0.8AI score0.51887EPSS
Exploits7References2
Rows per page
Query Builder