Vulnerabilities (CVE)

Filtered by vendor Vbulletin Subscribe
Filtered by product Vbulletin
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4328 1 Vbulletin 4 Mapi, Vbulletin, Vbulletin Forum and 1 more 2024-11-21 10.0 HIGH N/A
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.
CVE-2012-3844 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.
CVE-2011-5251 1 Vbulletin 1 Vbulletin 2024-11-21 5.8 MEDIUM N/A
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
CVE-2010-1077 2 Vbseo, Vbulletin 2 Vbseo, Vbulletin 2024-11-21 6.8 MEDIUM N/A
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
CVE-2008-6256 1 Vbulletin 1 Vbulletin 2024-11-21 6.5 MEDIUM N/A
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.
CVE-2008-6255 1 Vbulletin 1 Vbulletin 2024-11-21 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.
CVE-2008-3773 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
CVE-2008-3184 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
CVE-2008-2744 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php).
CVE-2008-2460 1 Vbulletin 1 Vbulletin 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.