CVSS: 6.5EPSS: 38%CPEs: 2EXPL: 3CVE-2013-3522 – vBulletin 5 - 'index.php/ajax/api/reputation/vote?nodeid' SQL Injection
https://notcve.org/view.php?id=CVE-2013-3522
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. Vulnerabilidad de inyección SQL en index.php/ajax/api/reputation/vote en vBulletin v5.0.0 Beta 11, v5.0.0 Beta 28, y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL a través del parámetro "nodeid". • https://www.exploit-db.com/exploits/30212 https://www.exploit-db.com/exploits/24882 http://www.exploit-db.com/exploits/24882 http://www.osvdb.org/92031 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2012-4686 – vBulletin 4.1.10 - 'announcementid' SQL Injection
https://notcve.org/view.php?id=CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. Vulnerabilidad de inyección SQL en announcement.php en vBulletin v4.1.10 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro announcementid. • https://www.exploit-db.com/exploits/37062 http://archives.neohapsis.com/archives/bugtraq/2012-04/0042.html http://osvdb.org/80962 http://www.securityfocus.com/bid/52897 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4328
https://notcve.org/view.php?id=CVE-2012-4328
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. Una vulnerabilidad no especificada en MAPI en vBulletin Suite v4.1.2 a v4.1.12, Forum v4.1.2 a 4.1.12, y el plugin MAPI v1.4.3 para vBulletin v3.x tiene un impacto y vectores de ataque desconocidos. • http://osvdb.org/81474 http://secunia.com/advisories/48917 http://www.securityfocus.com/bid/53226 https://exchange.xforce.ibmcloud.com/vulnerabilities/75160 https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012 https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012 https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security&# •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3844
https://notcve.org/view.php?id=CVE-2012-3844
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en vBulletin v4.1.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de una cadena larga en el parámetro subject cuando se crea una publicación. • http://hauntit.blogspot.com/2012/04/en-vbulletin-4112-cross-site-scripting.html http://packetstormsecurity.org/files/112385/vBulletin-4.1.12-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53319 https://exchange.xforce.ibmcloud.com/vulnerabilities/75325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2011-5251 – vBulletin 4.1.3 Open Redirect
https://notcve.org/view.php?id=CVE-2011-5251
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. Vulnerabilidad de redirección abierta en forum/login.php en vBulletin v4.1.3 y anteriores, permite a atacantes remotos redirigir a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través del parámetro url en una acción lostpw. vBulletin versions 3 through 4.1.3 suffer from an open redirect vulnerability. • http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441 • CWE-20: Improper Input Validation •