Filtered by vendor Jelsoft
Subscriptions
Total
60 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-5104 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | N/A |
SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | ||||
CVE-2006-4273 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | N/A |
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. | ||||
CVE-2007-3326 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2. | ||||
CVE-2007-3196 | 1 Jelsoft | 1 Vbsupport Integrated Ticket System | 2018-10-16 | N/A |
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | ||||
CVE-2007-2908 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. | ||||
CVE-2007-1573 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | ||||
CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | N/A |
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | ||||
CVE-2008-6754 | 2 Jelsoft, Mephisteus | 2 Vbulletin, The Personal Sticky Threads | 2018-10-11 | N/A |
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. | ||||
CVE-2007-1292 | 1 Jelsoft | 1 Vbulletin | 2017-10-11 | N/A |
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." | ||||
CVE-2004-0036 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | N/A |
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | ||||
CVE-2001-0475 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | N/A |
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. | ||||
CVE-2009-2172 | 2 Dream, Jelsoft | 2 Radio And Tv Player Addon For Vbulletin, Vbulletin | 2017-09-29 | N/A |
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | ||||
CVE-2007-4959 | 1 Jelsoft | 1 Oscmax | 2017-07-29 | N/A |
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2007-2911 | 1 Jelsoft | 1 Vbulletin | 2017-07-29 | N/A |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. | ||||
CVE-2006-1673 | 1 Jelsoft | 1 Vbug Tracker | 2017-07-20 | N/A |
Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. | ||||
CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | ||||
CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | ||||
CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | ||||
CVE-2004-2076 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
CVE-2004-1824 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | N/A |
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. |