vbulletin software vulnerabilities

Searching vbulletin software vulnerabilities

Cross-site scripting (XSS) vulnerability in mem

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

Cross-site scripting (XSS) vulnerability in Jel

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.

Cross-site scripting (XSS) vulnerability in glo

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.

calendar.php in Jelsoft Enterprises vBulletin 2

Enterprises | calendarphp | vBulletin | Jelsoft |

calendar.php in Jelsoft Enterprises vBulletin 2.2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the comma parameter.

Cross-site scripting (XSS) vulnerability in pri

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.

Cross-site scripting (XSS) vulnerability in reg

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."

DISPUTED NOTE: this issue has been dispu

DISPUTED |

** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."

Cross-site scripting (XSS) vulnerability in (1)

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.

SQL injection vulnerability in (1) ttlast.php a

vulnerability | injection | SQL |

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.

Cross-site scripting (XSS) vulnerability in Jel

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.

Cross-site scripting (XSS) vulnerability in sea

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.

Direct code injection vulnerability in forumdis

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

misc.php for vBulletin 3.0.6 and earlier, when

vBulletin | miscphp |

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

image.php in vBulletin 3.0.9 and earlier allows

vBulletin | imagephp |

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.

SQL injection vulnerability in VBulletin 3.0.10

vulnerability | VBulletin | injection | SQL |

SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.

DISPUTED PHP remote file inclusion vulne

** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system."

SQL injection vulnerability in global.php in Je

SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.

SQL injection vulnerability in admincp/attachme

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

Multiple PHP remote file inclusion vulnerabilit

Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.

Software vulnerabilities results 1 to 20 of 56

Page: 12 3 ►

vbulletin software vulnerabilities

vulnerabilities.aspcode.net

Searching vbulletin software vulnerabilities