CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 1CVE-2005-3024
https://notcve.org/view.php?id=CVE-2005-3024
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php. • http://marc.info/?l=bugtraq&m=112732980702939&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt •
CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 1CVE-2005-3021
https://notcve.org/view.php?id=CVE-2005-3021
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 https://exchange.xforce.ibmcloud.com/vulnerabilities/22325 •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 2CVE-2004-2288 – vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
https://notcve.org/view.php?id=CVE-2004-2288
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. • https://www.exploit-db.com/exploits/24124 http://www.infosecurity.org.cn/article/hacker/exploit/16557.html http://www.securityfocus.com/bid/10362 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2002-1660 – vBulletin 2.0.3 - 'calendar.php' Command Execution
https://notcve.org/view.php?id=CVE-2002-1660
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. • https://www.exploit-db.com/exploits/21874 http://securitytracker.com/id?1005284 http://www.securiteam.com/exploits/5QP0P158AC.html http://www.securityfocus.com/bid/5820 https://exchange.xforce.ibmcloud.com/vulnerabilities/10176 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0475
https://notcve.org/view.php?id=CVE-2001-0475
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html http://www.securityfocus.com/bid/2474 http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839 https://exchange.xforce.ibmcloud.com/vulnerabilities/6237 •