CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1342
https://notcve.org/view.php?id=CVE-2007-1342
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admincp/index.php de Jelsoft vBulletin 3.6.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el formulario "añadir url de rss". • http://securityreason.com/securityalert/2396 http://www.securityfocus.com/archive/1/461727/100/0/threaded http://www.securityfocus.com/bid/22790 https://exchange.xforce.ibmcloud.com/vulnerabilities/32780 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2007-1292 – vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1292
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." Vulnerabilidad de inyección SQL en inlinemod.php de Jelsoft vBulletin anterior a 3.5.8, y anterior a 3.6.5 en las series 3.6.x, podría permitir a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro postids. NOTA: el vendedor afirma que el ataque es factible solamente en circunstancias "casi imposibles de conseguir". • https://www.exploit-db.com/exploits/3387 http://osvdb.org/33835 http://secunia.com/advisories/24341 http://www.securityfocus.com/bid/22780 http://www.vbulletin.com/forum/showthread.php?postid=1314422 https://exchange.xforce.ibmcloud.com/vulnerabilities/32746 •
CVSS: 6.8EPSS: 22%CPEs: 8EXPL: 2CVE-2006-6779 – vBulletin 3.5.x/3.6.x - SWF Script Injection
https://notcve.org/view.php?id=CVE-2006-6779
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jelsoft vBulletin permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un archivo SWFque utiliza ActionScript para disparar la ejecución de JavaScript. • https://www.exploit-db.com/exploits/29338 http://securityreason.com/securityalert/2084 http://www.securityfocus.com/archive/1/455265/100/0/threaded http://www.securityfocus.com/archive/1/455351/100/0/threaded http://www.securityfocus.com/archive/1/455414/100/0/threaded http://www.securityfocus.com/bid/21736 https://exchange.xforce.ibmcloud.com/vulnerabilities/31119 •
CVSS: 6.8EPSS: 6%CPEs: 2EXPL: 2CVE-2006-4273 – vBulletin 3.0.14 - 'global.php' Encoded Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-4273
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jelsoft vBulletin 3.5.4 y 3.6.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección enviando un adjunto con extensión .pdf que contiene JavaScript, lo cual es procesado como una secuencia de comandos por Microsoft Internet Explorer 6. • https://www.exploit-db.com/exploits/28342 http://archives.neohapsis.com/archives/bugtraq/2006-08/0074.html http://archives.neohapsis.com/archives/bugtraq/2006-08/0082.html http://www.osvdb.org/27778 http://www.securityfocus.com/archive/1/442488/100/200/threaded http://www.securityfocus.com/bid/19334 https://exchange.xforce.ibmcloud.com/vulnerabilities/28239 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2335
https://notcve.org/view.php?id=CVE-2006-2335
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection. • http://b3hr0uz.persiangig.com/VbStyleVuln.txt http://www.securityfocus.com/archive/1/433580/100/0/threaded http://www.securityfocus.com/archive/1/433678/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26440 •