3 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2012-6666

https://notcve.org/view.php?id=CVE-2012-6666

vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. vBSeo versiones anteriores a 3.6.0PL2, permite un ataque de tipo XSS por medio del parámetro u del archivo member.php. • https://www.exploit-db.com/exploits/37944 https://www.securityfocus.com/bid/55908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 2

CVE-2014-9463 – vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection

https://notcve.org/view.php?id=CVE-2014-9463

functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. functions_vbseo_hook.php en el módulo VBSEO para vBulletin permite que usuarios autenticados remotos ejecuten código arbitrario mediante la cabecera HTTP Referer a visitormessage.php. • https://www.exploit-db.com/exploits/36232 https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2

CVE-2010-1077 – vBSEO 3.1.0 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-1077

Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. Vulnerabilidad de salto de directorio en vbseo.php de Crawlability vBSEO plugin v3.1.0 para vBulletin, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro vbseourl. • https://www.exploit-db.com/exploits/11526 http://packetstormsecurity.org/1002-exploits/vbseo-lfi.txt http://www.exploit-db.com/exploits/11526 http://www.vupen.com/english/advisories/2010/0442 https://exchange.xforce.ibmcloud.com/vulnerabilities/56439 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •