CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2910
https://notcve.org/view.php?id=CVE-2007-2910
30 May 2007 — Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. Una vulnerabilidad de tipo cross-site scripting (XSS) en Jelsoft vBulletin versiones anteriores a 3.6.7 PL1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, relacionados con la actualización del archivo v... • http://osvdb.org/35157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2911
https://notcve.org/view.php?id=CVE-2007-2911
30 May 2007 — SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. Vulnerabilidad de inyección SQL en admincp/attachment.php en Jelsoft vBulletin anterior a 3.6.6 permite a administradores remotos autenticados ejecutar código PHP de su elección mediante el campo "Attached After" (variable GPC['search']['d... • http://osvdb.org/38147 •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2908 – vBulletin 3.6.6 - 'calendar.php' HTML Injection
https://notcve.org/view.php?id=CVE-2007-2908
30 May 2007 — Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en calendar.php de Jelsoft vBulletin versiones anteriores a 3.6.6, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el campo title en un acción add simple. • https://www.exploit-db.com/exploits/30047 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2007-1573
https://notcve.org/view.php?id=CVE-2007-1573
21 Mar 2007 — SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. Una vulnerabilidad de inyección SQL en el archivo admincp/attachment.php en Jelsoft vBulletin versión 3.6.5 permite a los administradores autenticados remotos ejecutar comandos SQL arbitrarios por medio del campo "Attached Before". • http://osvdb.org/34070 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1342
https://notcve.org/view.php?id=CVE-2007-1342
08 Mar 2007 — Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admincp/index.php de Jelsoft vBulletin 3.6.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el formulario "añadir url de rss". • http://securityreason.com/securityalert/2396 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2007-1292 – vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1292
07 Mar 2007 — SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." Vulnerabilidad de inyección SQL en inlinemod.php de Jelsoft vBulletin anterior a 3.5.8, y anterior a 3.6.5 en las series 3.6.x, podría permitir a usuarios remotos autenticados ejecutar com... • https://www.exploit-db.com/exploits/3387 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0869
https://notcve.org/view.php?id=CVE-2007-0869
09 Feb 2007 — Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Una vulnerabilidad de tipo cross-site scripting (XSS) en el Attachment Manager (archivo admincp/attachment.php) en Jelsoft vBulletin versi... • http://osvdb.org/33129 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0830
https://notcve.org/view.php?id=CVE-2007-0830
07 Feb 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an ad... • http://osvdb.org/35152 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 2CVE-2006-6779 – vBulletin 3.5.x/3.6.x - SWF Script Injection
https://notcve.org/view.php?id=CVE-2006-6779
28 Dec 2006 — Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jelsoft vBulletin permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un archivo SWFque utiliza ActionScript para disparar la ejecución de JavaScript. • https://www.exploit-db.com/exploits/29338 •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 2CVE-2006-6040 – vBulletin 3.6.x - Admin Control Panel Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6040
22 Nov 2006 — Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admincp/index.php de Jelsoft vBulletin 3.6.x permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) ... • https://www.exploit-db.com/exploits/29079 •