Page 10 of 66 results (0.016 seconds)

CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 1

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 https://exchange.xforce.ibmcloud.com/vulnerabilities/22325 •

CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 1

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt •

CVSS: 7.5EPSS: 88%CPEs: 29EXPL: 2

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. • https://www.exploit-db.com/exploits/16896 https://www.exploit-db.com/exploits/832 http://marc.info/?l=bugtraq&m=110910899415763&w=2 http://secunia.com/advisories/14326 http://www.securityfocus.com/bid/12622 http://www.vbulletin.com/forum/showthread.php?postid=819562 •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. • https://www.exploit-db.com/exploits/818 https://www.exploit-db.com/exploits/820 http://marc.info/?l=bugtraq&m=110840807415315&w=2 http://www.securityfocus.com/bid/12542 •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. • https://www.exploit-db.com/exploits/631 http://marc.info/?l=bugtraq&m=110019198507100&w=2 •