Page 6 of 31 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 6

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. • https://www.exploit-db.com/exploits/26274 https://www.exploit-db.com/exploits/26275 https://www.exploit-db.com/exploits/26276 https://www.exploit-db.com/exploits/26273 http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 http://www.securityfocus.com/bid/14872 https://exchange.xforce.ibmcloud.com/vulnerabilities/22323 •

CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 1

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 https://exchange.xforce.ibmcloud.com/vulnerabilities/22325 •

CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 1

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt •

CVSS: 7.5EPSS: 88%CPEs: 29EXPL: 2

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. • https://www.exploit-db.com/exploits/16896 https://www.exploit-db.com/exploits/832 http://marc.info/?l=bugtraq&m=110910899415763&w=2 http://secunia.com/advisories/14326 http://www.securityfocus.com/bid/12622 http://www.vbulletin.com/forum/showthread.php?postid=819562 •

CVSS: 4.3EPSS: 1%CPEs: 18EXPL: 2

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. • https://www.exploit-db.com/exploits/22030 http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html http://marc.info/?l=bugtraq&m=107945556112453&w=2 http://secunia.com/advisories/11142 http://securitytracker.com/id?1009440 http://www.iss.net/security_center/static/10679.php http://www.osvdb.org/4312 http://www.securityfocus.com/bid/6226 http://www.securityfocus.com/bid/9887 https://exchange.xforce.ibmcloud.com/vulnerabilities/15495 •