Page 6 of 30 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 6

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. • https://www.exploit-db.com/exploits/26274 https://www.exploit-db.com/exploits/26275 https://www.exploit-db.com/exploits/26276 https://www.exploit-db.com/exploits/26273 http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 http://www.securityfocus.com/bid/14872 https://exchange.xforce.ibmcloud.com/vulnerabilities/22323 •

CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 1

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 https://exchange.xforce.ibmcloud.com/vulnerabilities/22325 •

CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 1

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt •

CVSS: 7.5EPSS: 88%CPEs: 29EXPL: 2

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. • https://www.exploit-db.com/exploits/16896 https://www.exploit-db.com/exploits/832 http://marc.info/?l=bugtraq&m=110910899415763&w=2 http://secunia.com/advisories/14326 http://www.securityfocus.com/bid/12622 http://www.vbulletin.com/forum/showthread.php?postid=819562 •

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 2

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. • https://www.exploit-db.com/exploits/24124 http://www.infosecurity.org.cn/article/hacker/exploit/16557.html http://www.securityfocus.com/bid/10362 •