Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1292 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." | |||||
| CVE-2004-0036 | 1 Jelsoft | 1 Vbulletin | 2017-10-09 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | |||||
| CVE-2001-0475 | 1 Jelsoft | 1 Vbulletin | 2017-10-09 | 7.5 HIGH | N/A |
| index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. | |||||
| CVE-2009-2172 | 2 Dream, Jelsoft | 2 Radio And Tv Player Addon For Vbulletin, Vbulletin | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | |||||
| CVE-2007-2911 | 1 Jelsoft | 1 Vbulletin | 2017-07-28 | 8.5 HIGH | N/A |
| SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. | |||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | |||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 2.1 LOW | N/A |
| image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | |||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | |||||
| CVE-2004-1823 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. | |||||
| CVE-2004-2076 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2004-1824 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. | |||||
| CVE-2004-0620 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. | |||||
| CVE-2002-1660 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 7.5 HIGH | N/A |
| calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | |||||
| CVE-2002-1678 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits. | |||||
| CVE-2002-1679 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message. | |||||
| CVE-2005-3023 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php. | |||||
| CVE-2005-3022 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. | |||||
| CVE-2005-3025 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php. | |||||
| CVE-2005-3024 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php. | |||||
| CVE-2005-0511 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 7.5 HIGH | N/A |
| misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | |||||