Page 7 of 37 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 1

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt •

CVSS: 7.5EPSS: 88%CPEs: 29EXPL: 2

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. • https://www.exploit-db.com/exploits/16896 https://www.exploit-db.com/exploits/832 http://marc.info/?l=bugtraq&m=110910899415763&w=2 http://secunia.com/advisories/14326 http://www.securityfocus.com/bid/12622 http://www.vbulletin.com/forum/showthread.php?postid=819562 •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 2

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. • https://www.exploit-db.com/exploits/818 https://www.exploit-db.com/exploits/820 http://marc.info/?l=bugtraq&m=110840807415315&w=2 http://www.securityfocus.com/bid/12542 •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. • https://www.exploit-db.com/exploits/631 http://marc.info/?l=bugtraq&m=110019198507100&w=2 •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. • https://www.exploit-db.com/exploits/23822 https://www.exploit-db.com/exploits/23823 http://marc.info/?l=bugtraq&m=107945556112453&w=2 http://secunia.com/advisories/11142 http://securitytracker.com/id?1009440 http://www.osvdb.org/4310 http://www.osvdb.org/4311 http://www.securityfocus.com/bid/9888 http://www.securityfocus.com/bid/9889 https://exchange.xforce.ibmcloud.com/vulnerabilities/15495 •