CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2009-2172 – vBulletin Radio and TV Player AddOn - HTML Injection
https://notcve.org/view.php?id=CVE-2009-2172
23 Jun 2009 — Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en forum/radioandtv.php en el complemento reproductor de radio y televisión para vBulletin permite inyectar HTML o scripts Web arbitrarios a los usuarios registrados remotos a través del parámetro 'station'. • https://www.exploit-db.com/exploits/8965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6754
https://notcve.org/view.php?id=CVE-2008-6754
27 Apr 2009 — The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. El complemento Personal Sticky Threads v1.0.3c para vBulletin permite leer , a los usuarios autenticados, el título, autor, y las páginas de un hilo arbitrario activando un sticky personal. • http://osvdb.org/51205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4959
https://notcve.org/view.php?id=CVE-2007-4959
18 Sep 2007 — Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en catalog_products_with_images.php de osCMax 2.0.0-RC3-0-1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante... • http://osvdb.org/37094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4453
https://notcve.org/view.php?id=CVE-2007-4453
21 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable ** IM... • http://www.securityfocus.com/archive/1/476924/100/0/threaded •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4120
https://notcve.org/view.php?id=CVE-2007-4120
01 Aug 2007 — Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original resea... • http://securityreason.com/securityalert/2941 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3326
https://notcve.org/view.php?id=CVE-2007-3326
21 Jun 2007 — Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2. Múltiples vulnerabilidades de escalado de directorio en el vBulletin 3.x.x permite a atacantes remotos redirigir a los visitantes a f... • http://securityreason.com/securityalert/2820 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3196 – vBSupport 2.0.0 Integrated Ticket System - 'vBSupport.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3196
12 Jun 2007 — SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. Vulnerabilidad de inyección de SQL en vBSupport.php en vBSupport Integrated Ticket System 3.x.x permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ticketid en la acción showticket. • https://www.exploit-db.com/exploits/30168 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3197
https://notcve.org/view.php?id=CVE-2007-3197
12 Jun 2007 — SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección de SQL en vBSupport.php en vBSupport 1.1 en versiones anteriores a 1.1a permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. • http://osvdb.org/37162 •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2908 – vBulletin 3.6.6 - 'calendar.php' HTML Injection
https://notcve.org/view.php?id=CVE-2007-2908
30 May 2007 — Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en calendar.php de Jelsoft vBulletin versiones anteriores a 3.6.6, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante el campo title en un acción add simple. • https://www.exploit-db.com/exploits/30047 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2909
https://notcve.org/view.php?id=CVE-2007-2909
30 May 2007 — Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en calendar.php de Jelsoft vBulletin 3.6.x anterior a 3.6.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados, relacionado con la act... • http://osvdb.org/35156 •