NotCVE - vendor:"Jelsoft" product:"Vbulletin" version:"3.5.2"

Page 5 of 26 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1

CVE-2007-1292 – vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection

https://notcve.org/view.php?id=CVE-2007-1292

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." Vulnerabilidad de inyección SQL en inlinemod.php de Jelsoft vBulletin anterior a 3.5.8, y anterior a 3.6.5 en las series 3.6.x, podría permitir a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro postids. NOTA: el vendedor afirma que el ataque es factible solamente en circunstancias "casi imposibles de conseguir". • https://www.exploit-db.com/exploits/3387 http://osvdb.org/33835 http://secunia.com/advisories/24341 http://www.securityfocus.com/bid/22780 http://www.vbulletin.com/forum/showthread.php?postid=1314422 https://exchange.xforce.ibmcloud.com/vulnerabilities/32746 •

CVSS: 6.8EPSS: 22%CPEs: 8EXPL: 2

CVE-2006-6779 – vBulletin 3.5.x/3.6.x - SWF Script Injection

https://notcve.org/view.php?id=CVE-2006-6779

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jelsoft vBulletin permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un archivo SWFque utiliza ActionScript para disparar la ejecución de JavaScript. • https://www.exploit-db.com/exploits/29338 http://securityreason.com/securityalert/2084 http://www.securityfocus.com/archive/1/455265/100/0/threaded http://www.securityfocus.com/archive/1/455351/100/0/threaded http://www.securityfocus.com/archive/1/455414/100/0/threaded http://www.securityfocus.com/bid/21736 https://exchange.xforce.ibmcloud.com/vulnerabilities/31119 •

CVSS: 2.6EPSS: 0%CPEs: 11EXPL: 2

CVE-2006-3253 – vBulletin 3.0.9/3.5.x - 'member.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-3253

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer. ** IMPUGNADA ** Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en member.php en vBulletin v3.5.x permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro u. NOTA: el vendedor impugna la importancia de este informe, manteniendo que les ha sido imposible reproducir la vulnerabilidad y que "el parámetro userid es filtrado a través de nuestro sistema como un entero sin signo." • https://www.exploit-db.com/exploits/28076 http://securityreason.com/securityalert/1155 http://securitytracker.com/id?1016348 http://www.osvdb.org/27508 http://www.securityfocus.com/archive/1/437817/100/0/threaded http://www.securityfocus.com/archive/1/438364/100/100/threaded http://www.securityfocus.com/bid/18551 https://exchange.xforce.ibmcloud.com/vulnerabilities/27261 •

CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 0

CVE-2006-1816

https://notcve.org/view.php?id=CVE-2006-1816

PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php. • http://secunia.com/advisories/19352 http://www.osvdb.org/24690 http://www.osvdb.org/24691 http://www.osvdb.org/24692 http://www.securityfocus.com/archive/1/430881/100/0/threaded http://www.securityfocus.com/archive/1/467666/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25789 https://exchange.xforce.ibmcloud.com/vulnerabilities/34095 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

CVE-2006-1040 – vBulletin 3.0/3.5 - 'profile.php?Email' HTML Injection

https://notcve.org/view.php?id=CVE-2006-1040

Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. • https://www.exploit-db.com/exploits/27343 http://secunia.com/advisories/19100 http://www.kapda.ir/advisory-266.html http://www.osvdb.org/23614 http://www.securityfocus.com/archive/1/426537/100/0/threaded http://www.securityfocus.com/archive/1/426589/100/0/threaded http://www.securityfocus.com/bid/16919 http://www.vbulletin.com/forum/showthread.php?postid=1079030 http://www.vupen.com/english/advisories/2006/0808 •

1...3 4 5 6