10 matches found
EUVD-2017-16574
Malware in sbrugna...
EUVD-2005-0430
Malware in sbrugna...
CVE-2025-48828
vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution (RCE) flaw in the ajax/api/ad/replaceAdTemplate endpoint caused by improper use of PHP’s Reflection API. An unauthenticated attacker can inject a crafted template (eg, using vb:if with code via passthru($POST[...])) and trigge...
CVE-2019-17132
vBulletin through 5.5.4 mishandles custom avatars...
CVE-2013-6129
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...
Authorization
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure...
vbulletin306.txt
Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...
vBulletin misc.php template Parameter PHP Code Injection
The remote version of vBulletin fails to sanitize input to the 'template' parameter of the 'misc.php' script. Provided the 'Add Template Name in HTML Comments' setting in vBulletin is enabled, an unauthenticated attacker may use this flaw to execute arbitrary PHP commands on the remote host...
vBulletin newreply.php WYSIWYG_HTML Parameter XSS
According to its banner, the remote version of vBulletin is vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing scrip...
memberlist.php of vBulletin
vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...