Vbulletin@2.0 rc3 Security Vulnerabilities and Issues — Vbulletin@2.0 rc3 CVE List

Lucene search

JelsoftVbulletin2.0 rc3

11 matches found

CVE•added 2005/08/04 4:0 a.m.•46 views

CVE-2004-2288

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.

4.3CVSS6.1AI score0.00353EPSS

CVE•added 2005/09/21 10:3 p.m.•46 views

CVE-2005-3020

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby p...

4.3CVSS5.8AI score0.00475EPSS

CVE•added 2005/09/21 10:3 p.m.•43 views

CVE-2005-3025

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.

4.3CVSS5.8AI score0.00351EPSS

CVE•added 2005/06/28 4:0 a.m.•42 views

CVE-2002-1922

Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.

4.3CVSS6AI score0.00519EPSS

CVE•added 2005/09/21 10:3 p.m.•41 views

CVE-2005-3023

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) im...

4.3CVSS6AI score0.00351EPSS

CVE•added 2005/09/21 10:3 p.m.•40 views

CVE-2005-3019

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.

7.5CVSS8.5AI score0.00646EPSS

CVE•added 2005/09/21 10:3 p.m.•40 views

CVE-2005-3024

Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendar...

7.5CVSS8.5AI score0.00518EPSS

CVE•added 2005/09/21 10:3 p.m.•39 views

CVE-2005-3022

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, ...

7.5CVSS8.5AI score0.00518EPSS

CVE•added 2005/06/21 4:0 a.m.•36 views

CVE-2002-1678

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

4.3CVSS6.4AI score0.00448EPSS

CVE•added 2006/01/06 11:0 a.m.•36 views

CVE-2005-4621

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.

4.3CVSS6AI score0.00346EPSS

CVE•added 2005/09/21 10:3 p.m.•31 views

CVE-2005-3021

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.

2.1CVSS7.2AI score0.00197EPSS