CVE-2012-4328
https://notcve.org/view.php?id=CVE-2012-4328
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. Una vulnerabilidad no especificada en MAPI en vBulletin Suite v4.1.2 a v4.1.12, Forum v4.1.2 a 4.1.12, y el plugin MAPI v1.4.3 para vBulletin v3.x tiene un impacto y vectores de ataque desconocidos. • http://osvdb.org/81474 http://secunia.com/advisories/48917 http://www.securityfocus.com/bid/53226 https://exchange.xforce.ibmcloud.com/vulnerabilities/75160 https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012 https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012 https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security •
CVE-2012-3844
https://notcve.org/view.php?id=CVE-2012-3844
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en vBulletin v4.1.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de una cadena larga en el parámetro subject cuando se crea una publicación. • http://hauntit.blogspot.com/2012/04/en-vbulletin-4112-cross-site-scripting.html http://packetstormsecurity.org/files/112385/vBulletin-4.1.12-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53319 https://exchange.xforce.ibmcloud.com/vulnerabilities/75325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-5251 – vBulletin 4.1.3 Open Redirect
https://notcve.org/view.php?id=CVE-2011-5251
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. Vulnerabilidad de redirección abierta en forum/login.php en vBulletin v4.1.3 y anteriores, permite a atacantes remotos redirigir a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través del parámetro url en una acción lostpw. vBulletin versions 3 through 4.1.3 suffer from an open redirect vulnerability. • http://www.vbulletin.com/forum/showthread.php/381014-Potential-Phishing-Vector?p=2166441 • CWE-20: Improper Input Validation •
CVE-2008-6255
https://notcve.org/view.php?id=CVE-2008-6255
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. Múltiples vulnerabilidades de inyección SQL en vBulletin v3.7.4, permite a administradores autenticados en remoto ejecutar comandos SQL de su elección a través de (1) el párametro answer -respuesta- de admincp/verify.php, (2) el parámetro extension de una acción edit de admincp/attachmentpermission.php y (3) el parámetro iperm de admincp/image.php. • http://secunia.com/advisories/32775 http://www.securityfocus.com/archive/1/498390/100/0/threaded http://www.waraxe.us/advisory-69.html https://exchange.xforce.ibmcloud.com/vulnerabilities/46682 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6256
https://notcve.org/view.php?id=CVE-2008-6256
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. Vulnerabilidad de inyección SQL en admincp/admincalendar.php en vBulletin v3.7.3.pl1, permite a administradores autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro "holidayinfo[recurring]". Un vector distinto del CVE-2005-3022. • http://secunia.com/advisories/32735 http://www.securityfocus.com/archive/1/498369/100/0/threaded http://www.waraxe.us/advisory-68.html https://exchange.xforce.ibmcloud.com/vulnerabilities/46683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •