Filtered by vendor Jelsoft
Subscriptions
Filtered by product Vbulletin
Subscriptions
Total
55 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-4273 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | N/A |
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. | ||||
CVE-2007-3326 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2. | ||||
CVE-2007-2908 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. | ||||
CVE-2007-1573 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | ||||
CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | ||||
CVE-2008-6754 | 2 Jelsoft, Mephisteus | 2 Vbulletin, The Personal Sticky Threads | 2018-10-11 | N/A |
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. | ||||
CVE-2007-1292 | 1 Jelsoft | 1 Vbulletin | 2017-10-11 | N/A |
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." | ||||
CVE-2004-0036 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | N/A |
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | ||||
CVE-2001-0475 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | N/A |
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. | ||||
CVE-2009-2172 | 2 Dream, Jelsoft | 2 Radio And Tv Player Addon For Vbulletin, Vbulletin | 2017-09-29 | N/A |
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | ||||
CVE-2007-2911 | 1 Jelsoft | 1 Vbulletin | 2017-07-29 | N/A |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. | ||||
CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | ||||
CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | ||||
CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | ||||
CVE-2004-2076 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
CVE-2004-1824 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. | ||||
CVE-2004-1823 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. | ||||
CVE-2004-0620 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. | ||||
CVE-2002-1679 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message. | ||||
CVE-2002-1678 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits. |