CVE-2007-4453
- EPSS 1.02%
- Veröffentlicht 21.08.2007 18:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:07
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) c...
CVE-2007-4120
- EPSS 2.15%
- Veröffentlicht 01.08.2007 16:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:26
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cr...
CVE-2007-3326
- EPSS 1.24%
- Veröffentlicht 21.06.2007 18:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:46
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post...
- EPSS 1.23%
- Veröffentlicht 30.05.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:41
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
CVE-2007-2911
- EPSS 1.31%
- Veröffentlicht 30.05.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:41
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related i...
CVE-2007-2910
- EPSS 0.85%
- Veröffentlicht 30.05.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:41
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
CVE-2007-2909
- EPSS 0.69%
- Veröffentlicht 30.05.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:41
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
CVE-2007-2908
- EPSS 1.77%
- Veröffentlicht 30.05.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:40
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
- EPSS 0.9%
- Veröffentlicht 21.03.2007 21:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:51
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
CVE-2007-1342
- EPSS 1.03%
- Veröffentlicht 08.03.2007 22:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:23
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.