Jelsoft

Vbulletin

51 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2007-1292

  • EPSS 1.13%
  • Published 07.03.2007 00:19:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that th...

4.3

CVE-2007-0869

  • EPSS 0.35%
  • Published 09.02.2007 19:28:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-200...

3.5

CVE-2007-0830

  • EPSS 0.29%
  • Published 07.02.2007 22:28:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group...

6.8

CVE-2006-6779

Exploit
  • EPSS 1%
  • Published 28.12.2006 00:28:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.

6.8

CVE-2006-6040

Exploit
  • EPSS 1.01%
  • Published 22.11.2006 00:07:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a...

7.5

CVE-2006-5104

Exploit
  • EPSS 0.34%
  • Published 03.10.2006 04:03:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.

6.8

CVE-2006-4273

Exploit
  • EPSS 0.73%
  • Published 21.08.2006 21:04:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Mi...

7.5

CVE-2006-4272

  • EPSS 1.06%
  • Published 21.08.2006 21:04:00
  • Last modified 03.04.2025 01:03:51

Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If y...

7.5

CVE-2006-4271

Exploit
  • EPSS 2.54%
  • Published 21.08.2006 21:04:00
  • Last modified 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The defaul...

2.6

CVE-2006-3253

Exploit
  • EPSS 7.46%
  • Published 28.06.2006 01:45:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate ...