Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-16574

Malware in sbrugna...

8.6CVSS8.8AI score0.01238EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2005-0430

Malware in sbrugna...

5CVSS6.4AI score0.01934EPSS
Exploits0References3
CVE
CVE
added 2025/05/27 12:0 a.m.179 views

CVE-2025-48828

vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution (RCE) flaw in the ajax/api/ad/replaceAdTemplate endpoint caused by improper use of PHP’s Reflection API. An unauthenticated attacker can inject a crafted template (eg, using vb:if with code via passthru($POST[...])) and trigge...

9CVSS9.5AI score0.48582EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.8 views

CVE-2019-17132

vBulletin through 5.5.4 mishandles custom avatars...

9.8CVSS6.9AI score0.1178EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:9 a.m.11 views

CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

7.5CVSS6.9AI score0.51887EPSS
Exploits7References1
Prion
Prion
added 2017/09/19 3:29 p.m.16 views

Authorization

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...

4CVSS6.7AI score0.00977EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2005/02/26 12:0 a.m.35 views

vbulletin306.txt

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/24 12:0 a.m.66 views

vBulletin misc.php template Parameter PHP Code Injection

The remote version of vBulletin fails to sanitize input to the 'template' parameter of the 'misc.php' script. Provided the 'Add Template Name in HTML Comments' setting in vBulletin is enabled, an unauthenticated attacker may use this flaw to execute arbitrary PHP commands on the remote host...

7.5CVSS6AI score0.35818EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2004/09/22 12:0 a.m.53 views

vBulletin newreply.php WYSIWYG_HTML Parameter XSS

According to its banner, the remote version of vBulletin is vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing scrip...

4.3CVSS5.2AI score0.03617EPSS
Exploits1References2
securityvulns
securityvulns
added 2002/03/25 12:0 a.m.167 views

memberlist.php of vBulletin

vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...

7.3AI score
Exploits0
Rows per page
Query Builder