Vbulletin@* Security Vulnerabilities and Issues — Vbulletin@* CVE List

Lucene search

JelsoftVbulletin*

10 matches found

CVE•added 2005/05/10 4:0 a.m.•77 views

CVE-2002-1660

calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.

7.5CVSS8.1AI score0.11742EPSS

CVE•added 2007/03/07 12:19 a.m.•52 views

CVE-2007-1292

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost...

7.5CVSS8AI score0.00901EPSS

CVE•added 2001/09/18 4:0 a.m.•50 views

CVE-2001-0475

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

7.5CVSS7.5AI score0.00888EPSS

CVE•added 2007/03/21 9:19 p.m.•45 views

CVE-2007-1573

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

6CVSS7.8AI score0.00321EPSS

CVE•added 2007/05/30 10:30 a.m.•39 views

CVE-2007-2908

Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.

4.3CVSS5.7AI score0.06478EPSS

CVE•added 2007/05/30 10:30 a.m.•39 views

CVE-2007-2909

Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.

3.5CVSS5.7AI score0.00172EPSS

CVE•added 2007/05/30 10:30 a.m.•36 views

CVE-2007-2911

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.

8.5CVSS7.9AI score0.00389EPSS

CVE•added 2007/05/30 10:30 a.m.•35 views

CVE-2007-2910

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.

4.3CVSS5.8AI score0.00246EPSS

CVE•added 2007/05/30 10:30 a.m.•35 views

CVE-2007-2912

Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.

5CVSS6.8AI score0.00332EPSS

CVE•added 2007/03/08 10:19 p.m.•33 views

CVE-2007-1342

Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.

4.3CVSS5.7AI score0.004EPSS