CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2004-2695
https://notcve.org/view.php?id=CVE-2004-2695
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. • http://secunia.com/advisories/12531 http://www.securiteam.com/unixfocus/5BP0E15E0M.html http://www.securityfocus.com/bid/11193 http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379 http://www.vbulletin.com/forum/showthread.php?t=124876 https://exchange.xforce.ibmcloud.com/vulnerabilities/17365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 2CVE-2004-2288 – vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
https://notcve.org/view.php?id=CVE-2004-2288
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. • https://www.exploit-db.com/exploits/24124 http://www.infosecurity.org.cn/article/hacker/exploit/16557.html http://www.securityfocus.com/bid/10362 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2004-0620 – vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0620
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) newreply.php o (2) newthread.php en vBulletin 3.0.1 permite a atacantes remotos inyectar HTML arbitrario o script como otros usuarios mediante el panel edición. • https://www.exploit-db.com/exploits/24234 http://marc.info/?l=bugtraq&m=108809720026642&w=2 http://www.securityfocus.com/bid/10602 https://exchange.xforce.ibmcloud.com/vulnerabilities/16502 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0091
https://notcve.org/view.php?id=CVE-2004-0091
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft. ** DISPUTADA ** NOTA: Este caso ha sido disputado por el fabricante. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de versiones desconocidas de vBulletin permite a atacantes remotos inyectar HTML arbitrario o script web mediante el parámetro reg_site. NOTA: El fabricante dice "No hay ningún campo oculto llamado "reg_site", ni ninguna variable "reg_site" en el código fuente de vBulletin 2 o vBulletin 3 o sus plantillas, ni nunca lo existido. • http://marc.info/?l=bugtraq&m=107462349324945&w=2 http://marc.info/?l=vuln-dev&m=107462499927040&w=2 http://marc.info/?l=vuln-dev&m=107478592401619&w=2 http://marc.info/?l=vuln-dev&m=107488880317647&w=2 http://securitytracker.com/id? •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1031 – vBulletin 3.0 - 'register.php' HTML Injection
https://notcve.org/view.php?id=CVE-2003-1031
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de vBulletin 3.0 Beta 2 permite a atacantes remotos inyectar HTML arbitrario o script web mediante campos opcionales como (1) "Intereses-Aficiones", (2) "Bigrafía", o (3) "Ocupación". • https://www.exploit-db.com/exploits/22990 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html •