CVE-2005-3022
https://notcve.org/view.php?id=CVE-2005-3022
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt •
CVE-2005-3024
https://notcve.org/view.php?id=CVE-2005-3024
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php. • http://marc.info/?l=bugtraq&m=112732980702939&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt •
CVE-2005-3021
https://notcve.org/view.php?id=CVE-2005-3021
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. • http://marc.info/?l=bugtraq&m=112715150320677&w=2 http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt http://secunia.com/advisories/16873 https://exchange.xforce.ibmcloud.com/vulnerabilities/22325 •
CVE-2005-0511 – vBulletin - 'misc.php' Template Name Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2005-0511
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. • https://www.exploit-db.com/exploits/16896 https://www.exploit-db.com/exploits/832 http://marc.info/?l=bugtraq&m=110910899415763&w=2 http://secunia.com/advisories/14326 http://www.securityfocus.com/bid/12622 http://www.vbulletin.com/forum/showthread.php?postid=819562 •
CVE-2005-0429 – vBulletin 3.0.4 - 'forumdisplay.php' Code Execution
https://notcve.org/view.php?id=CVE-2005-0429
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. • https://www.exploit-db.com/exploits/818 https://www.exploit-db.com/exploits/820 http://marc.info/?l=bugtraq&m=110840807415315&w=2 http://www.securityfocus.com/bid/12542 •