Jelsoft

Vbulletin

51 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-4453

  • EPSS 0.4%
  • Published 21.08.2007 18:17:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) c...

9.3

CVE-2007-4120

Exploit
  • EPSS 0.9%
  • Published 01.08.2007 16:17:00
  • Last modified 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cr...

5.8

CVE-2007-3326

  • EPSS 0.49%
  • Published 21.06.2007 18:30:00
  • Last modified 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post...

5

CVE-2007-2912

Exploit
  • EPSS 0.33%
  • Published 30.05.2007 10:30:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.

8.5

CVE-2007-2911

  • EPSS 0.39%
  • Published 30.05.2007 10:30:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related i...

4.3

CVE-2007-2910

  • EPSS 0.25%
  • Published 30.05.2007 10:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.

3.5

CVE-2007-2909

  • EPSS 0.17%
  • Published 30.05.2007 10:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.

4.3

CVE-2007-2908

  • EPSS 6.88%
  • Published 30.05.2007 10:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.

6

CVE-2007-1573

Exploit
  • EPSS 0.32%
  • Published 21.03.2007 21:19:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

4.3

CVE-2007-1342

  • EPSS 0.4%
  • Published 08.03.2007 22:19:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.