CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2911
https://notcve.org/view.php?id=CVE-2007-2911
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. Vulnerabilidad de inyección SQL en admincp/attachment.php en Jelsoft vBulletin anterior a 3.6.6 permite a administradores remotos autenticados ejecutar código PHP de su elección mediante el campo "Attached After" (variable GPC['search']['datelineafter']), un asunto relacionado con CVE-2007-1573. • http://osvdb.org/38147 http://www.vbulletin.com/forum/project.php?issueid=21615 https://exchange.xforce.ibmcloud.com/vulnerabilities/34784 •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 1CVE-2007-1573
https://notcve.org/view.php?id=CVE-2007-1573
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. Una vulnerabilidad de inyección SQL en el archivo admincp/attachment.php en Jelsoft vBulletin versión 3.6.5 permite a los administradores autenticados remotos ejecutar comandos SQL arbitrarios por medio del campo "Attached Before". • http://osvdb.org/34070 http://secunia.com/advisories/24503 http://www.securityfocus.com/archive/1/462963/100/0/threaded http://www.vbulletin.com/forum/project.php?issueid=21615 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1342
https://notcve.org/view.php?id=CVE-2007-1342
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admincp/index.php de Jelsoft vBulletin 3.6.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el formulario "añadir url de rss". • http://securityreason.com/securityalert/2396 http://www.securityfocus.com/archive/1/461727/100/0/threaded http://www.securityfocus.com/bid/22790 https://exchange.xforce.ibmcloud.com/vulnerabilities/32780 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2007-1292 – vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1292
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." Vulnerabilidad de inyección SQL en inlinemod.php de Jelsoft vBulletin anterior a 3.5.8, y anterior a 3.6.5 en las series 3.6.x, podría permitir a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro postids. NOTA: el vendedor afirma que el ataque es factible solamente en circunstancias "casi imposibles de conseguir". • https://www.exploit-db.com/exploits/3387 http://osvdb.org/33835 http://secunia.com/advisories/24341 http://www.securityfocus.com/bid/22780 http://www.vbulletin.com/forum/showthread.php?postid=1314422 https://exchange.xforce.ibmcloud.com/vulnerabilities/32746 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0869
https://notcve.org/view.php?id=CVE-2007-0869
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Una vulnerabilidad de tipo cross-site scripting (XSS) en el Attachment Manager (archivo admincp/attachment.php) en Jelsoft vBulletin versión 3.6.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo Extension. NOTA: este podría ser un duplicado de CVE-2007-0830.5. • http://osvdb.org/33129 http://secunia.com/advisories/24085 http://www.securityfocus.com/bid/22466 •