CVE-2009-2172 – vBulletin Radio and TV Player AddOn - HTML Injection
https://notcve.org/view.php?id=CVE-2009-2172
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en forum/radioandtv.php en el complemento reproductor de radio y televisión para vBulletin permite inyectar HTML o scripts Web arbitrarios a los usuarios registrados remotos a través del parámetro 'station'. • https://www.exploit-db.com/exploits/8965 http://www.securityfocus.com/bid/35385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-6754
https://notcve.org/view.php?id=CVE-2008-6754
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. El complemento Personal Sticky Threads v1.0.3c para vBulletin permite leer , a los usuarios autenticados, el título, autor, y las páginas de un hilo arbitrario activando un sticky personal. • http://osvdb.org/51205 http://secunia.com/advisories/33342 http://www.securityfocus.com/archive/1/499562/100/0/threaded http://www.securityfocus.com/bid/33017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-4959
https://notcve.org/view.php?id=CVE-2007-4959
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en catalog_products_with_images.php de osCMax 2.0.0-RC3-0-1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el URI. NOTA: la procedencia de esta información es desconocida; los detalles se han obtenido de información de terceros. • http://osvdb.org/37094 http://secunia.com/advisories/26833 http://www.securityfocus.com/bid/25684 http://www.vupen.com/english/advisories/2007/3187 https://exchange.xforce.ibmcloud.com/vulnerabilities/36642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4453
https://notcve.org/view.php?id=CVE-2007-4453
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable ** IMPUGNADA ** Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en vBulletin 3.6.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (2) s de index.php, y el parámetro (2) q de (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, y (i) sendmessage.php. NOTA: estos problemas han sido negados por el fabricante, afirmando que "no puede reproducir ni uno solo de ellos". Se sabe que el investigador no es fiable. • http://www.securityfocus.com/archive/1/476924/100/0/threaded http://www.securityfocus.com/archive/1/476940/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36084 •
CVE-2007-4120
https://notcve.org/view.php?id=CVE-2007-4120
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims ** IMPUGNADA ** Múltiples vulnerabilidades de inclusión remota de archivo en PHP en Jelsoft vBulletin 3.6.5 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en los parámetros (1) classfile a includes/functions.php, (2) nextitem a includes/functions_cron.php, y (3) specialtemplates a includes/functions_forumdisplay.php. NOTA: este asunto es impugnado por una tercera parte de fiar que afirma "investigaciones posteriores han revelado que la aplicación no es vulnerable a este asunto". El investigador original también tiene un historial de reclamaciones erróneas. • http://securityreason.com/securityalert/2941 http://www.securityfocus.com/archive/1/475105/100/0/threaded http://www.securityfocus.com/archive/1/475151/100/0/threaded http://www.securityfocus.com/bid/25141 •