Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3773 | 1 Vbulletin | 1 Vbulletin | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | |||||
| CVE-2017-7569 | 1 Vbulletin | 1 Vbulletin | 2017-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||||
| CVE-2015-7808 | 1 Vbulletin | 1 Vbulletin | 2015-11-25 | 7.5 HIGH | N/A |
| The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. | |||||
| CVE-2014-5102 | 1 Vbulletin | 1 Vbulletin | 2015-10-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | |||||
| CVE-2014-2022 | 1 Vbulletin | 1 Vbulletin | 2015-08-13 | 7.1 HIGH | N/A |
| SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. | |||||
| CVE-2013-6129 | 1 Vbulletin | 1 Vbulletin | 2013-11-21 | 7.5 HIGH | N/A |
| The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. | |||||
| CVE-2013-3522 | 1 Vbulletin | 1 Vbulletin | 2013-05-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. | |||||
| CVE-2011-5251 | 1 Vbulletin | 1 Vbulletin | 2013-01-02 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | |||||
| CVE-2012-4686 | 1 Vbulletin | 1 Vbulletin | 2012-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | |||||