3 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. vBSeo versiones anteriores a 3.6.0PL2, permite un ataque de tipo XSS por medio del parámetro u del archivo member.php. • https://www.exploit-db.com/exploits/37944 https://www.securityfocus.com/bid/55908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 2

functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. functions_vbseo_hook.php en el módulo VBSEO para vBulletin permite que usuarios autenticados remotos ejecuten código arbitrario mediante la cabecera HTTP Referer a visitormessage.php. • https://www.exploit-db.com/exploits/36232 https://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 2

Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. Vulnerabilidad de salto de directorio en vbseo.php de Crawlability vBSEO plugin v3.1.0 para vBulletin, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro vbseourl. • https://www.exploit-db.com/exploits/11526 http://packetstormsecurity.org/1002-exploits/vbseo-lfi.txt http://www.exploit-db.com/exploits/11526 http://www.vupen.com/english/advisories/2010/0442 https://exchange.xforce.ibmcloud.com/vulnerabilities/56439 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •