Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Metasploit
Metasploitadded 2020/08/13 5:40 p.m.135 views

vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.

This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...

9.8CVSS10AI score0.99728EPSS
Exploits28
Tenable Nessus
Tenable Nessusadded 2020/08/10 12:0 a.m.312 views

vBulletin CVE-2019-16759 Bypass Remote Code Execution (CVE-2020-17496) (direct check)

The version of vBulletin running on the remote host is affected by an input-validation flaw in the ajax/render/widgetphp API that allows for remote code execution. This plugin tests for a bypass to the fix for CVE-2019-16759. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

9.8CVSS9.2AI score0.99728EPSS
Exploits28References3
VulnCheck KEV
VulnCheck KEVadded 2019/10/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-16759

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8CVSS8AI score0.99728EPSS
Exploits27References1
Saint
Saintadded 2019/09/27 12:0 a.m.143 views

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

7.7AI score
Exploits0
Saint
Saintadded 2019/09/27 12:0 a.m.28 views

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

7.7AI score
Exploits0
OSV
OSVadded 2019/09/24 10:15 p.m.4 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8CVSS7.7AI score0.99728EPSS
Exploits27References11
Packet Storm
Packet Stormadded 2019/09/24 12:0 a.m.986 views

vBulletin 5.x Pre-Auth Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

0.2AI score
Exploits0
Rows per page
Query Builder