Page 5 of 24 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." Vulnerabilidad de inyección SQL en inlinemod.php de Jelsoft vBulletin anterior a 3.5.8, y anterior a 3.6.5 en las series 3.6.x, podría permitir a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro postids. NOTA: el vendedor afirma que el ataque es factible solamente en circunstancias "casi imposibles de conseguir". • https://www.exploit-db.com/exploits/3387 http://osvdb.org/33835 http://secunia.com/advisories/24341 http://www.securityfocus.com/bid/22780 http://www.vbulletin.com/forum/showthread.php?postid=1314422 https://exchange.xforce.ibmcloud.com/vulnerabilities/32746 •

CVSS: 2.6EPSS: 0%CPEs: 11EXPL: 2

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer. ** IMPUGNADA ** Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en member.php en vBulletin v3.5.x permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro u. NOTA: el vendedor impugna la importancia de este informe, manteniendo que les ha sido imposible reproducir la vulnerabilidad y que "el parámetro userid es filtrado a través de nuestro sistema como un entero sin signo." • https://www.exploit-db.com/exploits/28076 http://securityreason.com/securityalert/1155 http://securitytracker.com/id?1016348 http://www.osvdb.org/27508 http://www.securityfocus.com/archive/1/437817/100/0/threaded http://www.securityfocus.com/archive/1/438364/100/100/threaded http://www.securityfocus.com/bid/18551 https://exchange.xforce.ibmcloud.com/vulnerabilities/27261 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. • https://www.exploit-db.com/exploits/27343 http://secunia.com/advisories/19100 http://www.kapda.ir/advisory-266.html http://www.osvdb.org/23614 http://www.securityfocus.com/archive/1/426537/100/0/threaded http://www.securityfocus.com/archive/1/426589/100/0/threaded http://www.securityfocus.com/bid/16919 http://www.vbulletin.com/forum/showthread.php?postid=1079030 http://www.vupen.com/english/advisories/2006/0808 •

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. • http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html http://www.osvdb.org/21373 http://www.securityfocus.com/bid/16128 http://www.vbulletin.com/forum/showthread.php?t=166391 •