CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2006-4271
https://notcve.org/view.php?id=CVE-2006-4271
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system. ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en PHP en install/upgrade_301.php en Jelsoft vBulletin 3.5.4 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro step. NOTA: el fabricante ha impugnado esta vulnerabilidad, diciendo "El vBulettin por defecto requiere autenticación antes del uso del sistema de actualización". • http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html http://www.osvdb.org/28210 http://www.pldsoft.com/forum/showthread.php?t=1340 •
CVSS: 2.6EPSS: 0%CPEs: 11EXPL: 2CVE-2006-3253 – vBulletin 3.0.9/3.5.x - 'member.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3253
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer. ** IMPUGNADA ** Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en member.php en vBulletin v3.5.x permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro u. NOTA: el vendedor impugna la importancia de este informe, manteniendo que les ha sido imposible reproducir la vulnerabilidad y que "el parámetro userid es filtrado a través de nuestro sistema como un entero sin signo." • https://www.exploit-db.com/exploits/28076 http://securityreason.com/securityalert/1155 http://securitytracker.com/id?1016348 http://www.osvdb.org/27508 http://www.securityfocus.com/archive/1/437817/100/0/threaded http://www.securityfocus.com/archive/1/438364/100/100/threaded http://www.securityfocus.com/bid/18551 https://exchange.xforce.ibmcloud.com/vulnerabilities/27261 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2006-2805 – vBulletin 3.0.10 - 'Portal.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2805
SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. • https://www.exploit-db.com/exploits/27929 http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt http://www.securityfocus.com/bid/18197 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2335
https://notcve.org/view.php?id=CVE-2006-2335
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection. • http://b3hr0uz.persiangig.com/VbStyleVuln.txt http://www.securityfocus.com/archive/1/433580/100/0/threaded http://www.securityfocus.com/archive/1/433678/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26440 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2006-2018
https://notcve.org/view.php?id=CVE-2006-2018
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4. • http://www.securityfocus.com/archive/1/431901 http://www.securityfocus.com/archive/1/431951/30/5370/threaded •