Vulnerabilites related to jelsoft - vbulletin
Vulnerability from fkie_nvd
Published
2005-02-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 2.0 | |
| jelsoft | vbulletin | 2.0.1 | |
| jelsoft | vbulletin | 2.0.2 | |
| jelsoft | vbulletin | 2.0_beta_2 | |
| jelsoft | vbulletin | 2.0_beta_3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9_can | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0.0 | |
| jelsoft | vbulletin | 3.0.0_beta_2 | |
| jelsoft | vbulletin | 3.0.0_can4 | |
| jelsoft | vbulletin | 3.0.0_rc4 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0_beta_2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E1505-5F99-4DA8-AC0F-28F3E6F819C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "818806B0-37B1-4CC2-A955-E711EC000203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0394B9E0-FD26-4D5E-91D5-B8334B517DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "08DCDE86-03BD-4A61-9F3A-5EB05912A2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC9227A-1F12-4E93-AEA7-C44D6A6F4177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9_can:*:*:*:*:*:*:*",
"matchCriteriaId": "747A57AD-A345-4F5B-AD82-0F7E08C2240E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CAB0A-2A0A-47EF-A328-C341CCC1BA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFED411-1291-4E03-A160-CC9F1AD03D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9FE483-4367-47E7-9D09-043955998C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC85ED9-7491-43D3-B34D-1CB07836888F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "misc.php for vBulletin 3.0.6 and earlier, when \"Add Template Name in HTML Comments\" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter."
}
],
"id": "CVE-2005-0511",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110910899415763\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14326"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12622"
},
{
"source": "cve@mitre.org",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=819562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110910899415763\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=819562"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0.8 | |
| jelsoft | vbulletin | 3.0.9 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD10C2CD-DEDA-4CC7-B5E9-B9218E1A5851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C43639D6-C4FE-486B-9822-9DDDD922CB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action."
}
],
"id": "CVE-2005-3021",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16873/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16873/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-22 00:07
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "089A26E5-BB0B-4900-8B08-DADB7BD7572C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A71F01-F789-4C2B-A0F7-E33D0166AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04EAA836-4E63-4B11-BE2B-76A52B4F4B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B4231D-1A82-49EC-ACFD-5C35DB8A34CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admincp/index.php de Jelsoft vBulletin 3.6.x permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) prefs en una acci\u00f3n de tipo \"buildnavprefs\" (construcci\u00f3n de preferencias de navegaci\u00f3n) o (2) el par\u00e1metro navprefs en una acci\u00f3n de tipo \"savenavprefs\" (guardar preferencias de navegaci\u00f3n)."
}
],
"id": "CVE-2006-6040",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-22T00:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23011"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1903"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/451959/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/21157"
},
{
"source": "cve@mitre.org",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1256434"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4599"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/451959/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/21157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1256434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-08 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B91A84F8-2588-4F53-A594-C53DB4BEC963",
"versionEndIncluding": "3.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admincp/index.php de Jelsoft vBulletin 3.6.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante el formulario \"a\u00f1adir url de rss\"."
}
],
"id": "CVE-2007-1342",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-08T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2396"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461727/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22790"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461727/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-30 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "605B704C-71A8-4DCB-8BBD-0FC5219E1E8E",
"versionEndIncluding": "3.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en Jelsoft vBulletin versiones anteriores a 3.6.7 PL1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, relacionados con la actualizaci\u00f3n del archivo vb_367_xss_fix_plugin.xml, un problema relacionado con CVE-2007-2909."
}
],
"id": "CVE-2007-2910",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-30T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35157"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0.8 | |
| jelsoft | vbulletin | 3.0.9 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD10C2CD-DEDA-4CC7-B5E9-B9218E1A5851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C43639D6-C4FE-486B-9822-9DDDD922CB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php."
}
],
"id": "CVE-2005-3020",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16873/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14874"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16873/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22324"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-30 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "605B704C-71A8-4DCB-8BBD-0FC5219E1E8E",
"versionEndIncluding": "3.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en calendar.php de Jelsoft vBulletin 3.6.x anterior a 3.6.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados, relacionado con la actualizaci\u00f3n vb_calendar366_xss_fix_plugin.xml."
}
],
"id": "CVE-2007-2909",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-30T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35156"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying \"There is no hidden field called \u0027reg_site\u0027, nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
},
{
"lang": "es",
"value": "** DISPUTADA ** NOTA: Este caso ha sido disputado por el fabricante. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de versiones desconocidas de vBulletin permite a atacantes remotos inyectar HTML arbitrario o script web mediante el par\u00e1metro reg_site.\r\nNOTA: El fabricante dice \"No hay ning\u00fan campo oculto llamado \"reg_site\", ni ninguna variable \"reg_site\" en el c\u00f3digo fuente de vBulletin 2 o vBulletin 3 o sus plantillas, ni nunca lo existido. S\u00f3lo podemos asumir que esta vulnerabilidad ha sido encontra en un sitio corriendo c\u00f3digo modificado del suministrador por Jelsoft.\""
}
],
"id": "CVE-2004-0091",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107462349324945\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=107462499927040\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=107478592401619\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=vuln-dev\u0026m=107488880317647\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1008780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107462349324945\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=107462499927040\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=107478592401619\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=vuln-dev\u0026m=107488880317647\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1008780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-25 12:50
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.0 | |
| jelsoft | vbulletin | 3.0.0_beta_2 | |
| jelsoft | vbulletin | 3.0.0_can4 | |
| jelsoft | vbulletin | 3.0.0_rc4 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.12 | |
| jelsoft | vbulletin | 3.0_beta_2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CAB0A-2A0A-47EF-A328-C341CCC1BA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFED411-1291-4E03-A160-CC9F1AD03D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9FE483-4367-47E7-9D09-043955998C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC85ED9-7491-43D3-B34D-1CB07836888F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36356B31-5EC5-4689-92CD-883088587936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4."
}
],
"evaluatorSolution": "This vulnerability has been disputed by the vendor. The affected version has been disputed by the vendor via e-mail to CVE. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.",
"id": "CVE-2006-2018",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-25T12:50:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/431901"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431951/30/5370/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/431901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431951/30/5370/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php."
}
],
"id": "CVE-2005-3024",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-28 00:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A869E6C9-6CA7-4FB8-88E2-142C6294D028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4070579C-00AD-4DB1-8B07-4CB88D4EDBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB2651-4DD5-4007-B0B4-9E2CD9D06D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "089A26E5-BB0B-4900-8B08-DADB7BD7572C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A71F01-F789-4C2B-A0F7-E33D0166AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04EAA836-4E63-4B11-BE2B-76A52B4F4B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B4231D-1A82-49EC-ACFD-5C35DB8A34CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1916A8-E22B-41F3-AF7C-71D802900FC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jelsoft vBulletin permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un archivo SWFque utiliza ActionScript para disparar la ejecuci\u00f3n de JavaScript."
}
],
"evaluatorSolution": "Successful exploitation requires the ability to upload SWF files, which is disabled by default, and must be enabled by site administrators.",
"id": "CVE-2006-6779",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-28T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2084"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455265/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455351/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455414/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21736"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455265/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455351/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455414/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-30 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B91A84F8-2588-4F53-A594-C53DB4BEC963",
"versionEndIncluding": "3.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC[\u0027search\u0027][\u0027datelineafter\u0027] variable), a related issue to CVE-2007-1573."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en admincp/attachment.php en Jelsoft vBulletin anterior a 3.6.6 permite a administradores remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante el campo \"Attached After\" (variable GPC[\u0027search\u0027][\u0027datelineafter\u0027]), un asunto relacionado con CVE-2007-1573."
}
],
"id": "CVE-2007-2911",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-30T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38147"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma | |
| point-to-point_protocol_project | point-to-point_protocol | 2.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1616F663-E821-4CC2-A62F-3F4010F62084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267."
}
],
"id": "CVE-2004-2695",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12531/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11193"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/bugs.php?do=view\u0026bugid=3379"
},
{
"source": "cve@mitre.org",
"url": "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12531/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/bugs.php?do=view\u0026bugid=3379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-21 18:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D1B7A-4DF4-4C14-9430-D1A1C12B95CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating \"I can\u0027t reproduce a single one of these\". The researcher is known to be unreliable"
},
{
"lang": "es",
"value": "** IMPUGNADA ** M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en vBulletin 3.6.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (2) s de index.php, y el par\u00e1metro (2) q de (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, y (i) sendmessage.php. NOTA: estos problemas han sido negados por el fabricante, afirmando que \"no puede reproducir ni uno solo de ellos\". Se sabe que el investigador no es fiable."
}
],
"id": "CVE-2007-4453",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-21T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476924/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476940/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476924/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476940/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36084"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter."
}
],
"id": "CVE-2004-2288",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10362"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0.8 | |
| jelsoft | vbulletin | 3.0.9 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD10C2CD-DEDA-4CC7-B5E9-B9218E1A5851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C43639D6-C4FE-486B-9822-9DDDD922CB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php."
}
],
"id": "CVE-2005-3022",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-21 21:19
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B91A84F8-2588-4F53-A594-C53DB4BEC963",
"versionEndIncluding": "3.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1916A8-E22B-41F3-AF7C-71D802900FC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached Before\" field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo admincp/attachment.php en Jelsoft vBulletin versi\u00f3n 3.6.5 permite a los administradores autenticados remotos ejecutar comandos SQL arbitrarios por medio del campo \"Attached Before\"."
}
],
"id": "CVE-2007-1573",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-21T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24503"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462963/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462963/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-21 21:04
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB2651-4DD5-4007-B0B4-9E2CD9D06D00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying \"The default vBulletin requires authentication prior to the usage of the upgrade system."
},
{
"lang": "es",
"value": "** IMPUGNADA ** Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en install/upgrade_301.php en Jelsoft vBulletin 3.5.4 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro step. NOTA: el fabricante ha impugnado esta vulnerabilidad, diciendo \"El vBulettin por defecto requiere autenticaci\u00f3n antes del uso del sistema de actualizaci\u00f3n\"."
}
],
"id": "CVE-2006-4271",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-21T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28210"
},
{
"source": "cve@mitre.org",
"url": "http://www.pldsoft.com/forum/showthread.php?t=1340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.pldsoft.com/forum/showthread.php?t=1340"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0.8 | |
| jelsoft | vbulletin | 3.0.9 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD10C2CD-DEDA-4CC7-B5E9-B9218E1A5851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C43639D6-C4FE-486B-9822-9DDDD922CB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php."
}
],
"id": "CVE-2005-3023",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-07 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "36356B31-5EC5-4689-92CD-883088587936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E53DA6-83A3-493A-8C98-DEA91F91D71E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php."
}
],
"evaluatorSolution": "This vulnerability affects all versions of Jelsoft, vBulletin between 3.0.12 and 3.5.3",
"id": "CVE-2006-1040",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-07T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19100"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kapda.ir/advisory-266.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23614"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426537/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426589/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16919"
},
{
"source": "cve@mitre.org",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1079030"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kapda.ir/advisory-266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426537/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426589/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1079030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0808"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-21 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CAB0A-2A0A-47EF-A328-C341CCC1BA76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de escalado de directorio en el vBulletin 3.x.x permite a atacantes remotos redirigir a los visitantes a ficheros locales de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el (1) par\u00e1metro loc del admincp/index.php y (2) el campo URI de informaci\u00f3n de hiper-enlace para el post Topic en el showthread.php, habilitando secuencias de comandos en sitios cruzados (XSS) y otros ataques. Vulnerabilidad diferente a la CVE-2005-3025.2."
}
],
"id": "CVE-2007-3326",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-21T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2820"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CAB0A-2A0A-47EF-A328-C341CCC1BA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9FE483-4367-47E7-9D09-043955998C8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php."
}
],
"id": "CVE-2004-1823",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11142"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009440"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4310"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4311"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9888"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9889"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 2.0 | |
| jelsoft | vbulletin | 2.0.1 | |
| jelsoft | vbulletin | 2.0.2 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.2.9_can |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E1505-5F99-4DA8-AC0F-28F3E6F819C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "818806B0-37B1-4CC2-A955-E711EC000203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0394B9E0-FD26-4D5E-91D5-B8334B517DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9_can:*:*:*:*:*:*:*",
"matchCriteriaId": "747A57AD-A345-4F5B-AD82-0F7E08C2240E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks."
}
],
"id": "CVE-2002-2235",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://online.securityfocus.com/archive/1/301076"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3229"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10701.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://online.securityfocus.com/archive/1/301076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10701.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6246"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-27 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | * | |
| mephisteus | the_personal_sticky_threads | 1.0.3c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4628EC50-A591-4A9B-8E62-70D8A0865CCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mephisteus:the_personal_sticky_threads:1.0.3c:*:*:*:*:*:*:*",
"matchCriteriaId": "3657E585-711F-4546-AA5D-1C87384717D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky."
},
{
"lang": "es",
"value": "El complemento Personal Sticky Threads v1.0.3c para vBulletin permite leer , a los usuarios autenticados, el t\u00edtulo, autor, y las p\u00e1ginas de un hilo arbitrario activando un sticky personal."
}
],
"id": "CVE-2008-6754",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-27T19:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33342"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499562/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499562/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33017"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-23 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dream | radio_and_tv_player_addon_for_vbulletin | * | |
| jelsoft | vbulletin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dream:radio_and_tv_player_addon_for_vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8992264D-B8D3-4BB0-994F-59B5F5274A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4628EC50-A591-4A9B-8E62-70D8A0865CCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en forum/radioandtv.php en el complemento reproductor de radio y televisi\u00f3n para vBulletin permite inyectar HTML o scripts Web arbitrarios a los usuarios registrados remotos a trav\u00e9s del par\u00e1metro \u0027station\u0027."
}
],
"id": "CVE-2009-2172",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-23T21:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35385"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8965"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php."
}
],
"id": "CVE-2005-3025",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82C8942-7C53-429C-95FD-3548A65746D9",
"versionEndIncluding": "2.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter."
}
],
"id": "CVE-2002-1660",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1005284"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/exploits/5QP0P158AC.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5820"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1005284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/exploits/5QP0P158AC.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables."
}
],
"id": "CVE-2002-1922",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10407.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/5997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10407.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/5997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-07 22:28
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1916A8-E22B-41F3-AF7C-71D802900FC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums \u0026 Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040"
},
{
"lang": "es",
"value": "** IMPUGNADO ** M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Admin Control Panel (AdminCP) del Jelsoft vBulletin 3.6.4 permite a administradores autenticados la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores relacionados con el (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager y (7) las funciones de los Forums \u0026 Moderators. NOTA: El fabricante a impugnado esta vulnerabilidad declarando que la modificaci\u00f3n de HTML es un privilegio \u00fanico de un administrado. NOTA: es posible que esta vulnerabilidad se solape con la CVE-2006-6040."
}
],
"evaluatorImpact": "Vendor has stated that remotely authenticated administrators were given the ability to inject arbitrary HTML/webscript code by design.",
"id": "CVE-2007-0830",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-07T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35152"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24085"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459289/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459367/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459289/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459367/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 2.3.8 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0.8 | |
| jelsoft | vbulletin | 3.0.9 | |
| jelsoft | vbulletin | 3.0.10 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma | |
| jelsoft | vbulletin | 3.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CE465DFE-6F77-4F8A-B556-A9955B4A0889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD10C2CD-DEDA-4CC7-B5E9-B9218E1A5851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C43639D6-C4FE-486B-9822-9DDDD922CB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B13831AA-4393-4BB3-BBE5-8E50E2F940FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A869E6C9-6CA7-4FB8-88E2-142C6294D028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg."
}
],
"id": "CVE-2005-4621",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16128"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/showthread.php?t=166391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vbulletin.com/forum/showthread.php?t=166391"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 3.0.0 | |
| jelsoft | vbulletin | 3.0.0_beta_2 | |
| jelsoft | vbulletin | 3.0.0_can4 | |
| jelsoft | vbulletin | 3.0.0_rc4 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0_beta_2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CAB0A-2A0A-47EF-A328-C341CCC1BA76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFED411-1291-4E03-A160-CC9F1AD03D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9FE483-4367-47E7-9D09-043955998C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC85ED9-7491-43D3-B34D-1CB07836888F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php."
}
],
"id": "CVE-2004-1515",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110019198507100\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110019198507100\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-03 04:03
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CE465DFE-6F77-4F8A-B556-A9955B4A0889",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en global.php en Jelsoft vBulletin 2.x permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro templatesused."
}
],
"id": "CVE-2006-5104",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-03T04:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1661"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447010/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20214"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447010/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29174"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-04 06:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4070579C-00AD-4DB1-8B07-4CB88D4EDBEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php."
}
],
"id": "CVE-2006-0080",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-04T06:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-177.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18299"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22210"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420663/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/421310/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16116"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420663/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/421310/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0033"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-01 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36F87545-C2E6-4EF9-8E64-123C0F612511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states \"further investigation has revealed that the application is not vulnerable to this issue.\" The original researcher also has a history of erroneous claims"
},
{
"lang": "es",
"value": "** IMPUGNADA ** M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en Jelsoft vBulletin 3.6.5 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL en los par\u00e1metros (1) classfile a includes/functions.php, (2) nextitem a includes/functions_cron.php, y (3) specialtemplates a includes/functions_forumdisplay.php. NOTA: este asunto es impugnado por una tercera parte de fiar que afirma \"investigaciones posteriores han revelado que la aplicaci\u00f3n no es vulnerable a este asunto\". El investigador original tambi\u00e9n tiene un historial de reclamaciones err\u00f3neas."
}
],
"id": "CVE-2007-4120",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-01T16:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2941"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/475105/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/475151/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475105/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475151/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25141"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en calendar.php de vBulletin Forum 2.3.x permite a atacantes remotos robar informaci\u00f3n sensible mediante el par\u00e1metro eventid"
}
],
"id": "CVE-2004-0036",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107340358202123\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3344"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9360"
},
{
"source": "cve@mitre.org",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=588825"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107340358202123\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=588825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14144"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFED411-1291-4E03-A160-CC9F1AD03D7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the \"Preview Message\" capability."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en private.php for vBulletin 3.0.0 Beta 2 permite que atacantes remotos inyecten script web arbitrario y HTML mediante la funcionalidad \"Preview Message\"."
}
],
"id": "CVE-2003-0295",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-06-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105292832607981\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105293890422210\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105292832607981\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105293890422210\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-30 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B174ED6-606E-4FC8-9918-077DD91E350C",
"versionEndIncluding": "3.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction \"red flag\" for a deleted user."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Jelsoft vBulletin anterior a 3.6.6, se deshabilita la infracci\u00f3n de permisos de usuarios no autenticados, permite a atacantes remotos ver la \"bandera roja\" de la infracci\u00f3n para un usuario eliminado."
}
],
"id": "CVE-2007-2912",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-30T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38616"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21481"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-07 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "005A4C1B-AD21-4D45-84DD-0A2F7265EDAE",
"versionEndIncluding": "3.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "089A26E5-BB0B-4900-8B08-DADB7BD7572C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A71F01-F789-4C2B-A0F7-E33D0166AB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04EAA836-4E63-4B11-BE2B-76A52B4F4B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B4231D-1A82-49EC-ACFD-5C35DB8A34CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1916A8-E22B-41F3-AF7C-71D802900FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36F87545-C2E6-4EF9-8E64-123C0F612511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances \"almost impossible to achieve.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en inlinemod.php de Jelsoft vBulletin anterior a 3.5.8, y anterior a 3.6.5 en las series 3.6.x, podr\u00eda permitir a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro postids. NOTA: el vendedor afirma que el ataque es factible solamente en circunstancias \"casi imposibles de conseguir\"."
}
],
"id": "CVE-2007-1292",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-07T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33835"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24341"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22780"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1314422"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1314422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3387"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3D55F5-58F7-41DE-A863-4AD95C0CBDF1",
"versionEndIncluding": "1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4232E1ED-B973-4DED-B94A-5F22CC3AC5A4",
"versionEndIncluding": "2.0_beta_2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter."
}
],
"id": "CVE-2001-0475",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3\u0026threadid=10839"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3\u0026threadid=10839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6237"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-03 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B13831AA-4393-4BB3-BBE5-8E50E2F940FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter."
}
],
"id": "CVE-2006-2805",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-03T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-12 00:02
Modified
2025-04-03 01:03
Severity ?
Summary
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9C02DA-F2B3-4915-BC7E-B562C01EC1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection."
}
],
"id": "CVE-2006-2335",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-12T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://b3hr0uz.persiangig.com/VbStyleVuln.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433580/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433678/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://b3hr0uz.persiangig.com/VbStyleVuln.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433580/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433678/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26440"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC85ED9-7491-43D3-B34D-1CB07836888F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
],
"id": "CVE-2004-2076",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/353869"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/353869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-09 19:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1916A8-E22B-41F3-AF7C-71D802900FC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el Attachment Manager (archivo admincp/attachment.php) en Jelsoft vBulletin versi\u00f3n 3.6.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo Extension. NOTA: este podr\u00eda ser un duplicado de CVE-2007-0830.5. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los datos son obtenidos \u00fanicamente a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-0869",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-09T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33129"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24085"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-21 21:04
Modified
2025-04-03 01:03
Severity ?
Summary
Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB2651-4DD5-4007-B0B4-9E2CD9D06D00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating \"If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level."
},
{
"lang": "es",
"value": "** IMPUGNADA ** Jelsoft vBulletin 3.5.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) mediante un gran n\u00famero de peticiones a register.php. NOTA: el fabricante ha impugnado esta vulnerabilidad, afirmando \"Si tienes el CAPTCHA activado entonces los registros ni siquiera podr\u00e1n continuar. ... si est\u00e1s hablando de la inundaci\u00f3n que se permite en primer lugar entonces seguro que esto se algo que deber\u00eda ser manejado a nivel de servidor.\""
}
],
"id": "CVE-2006-4272",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-21T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1426"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443648/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) newreply.php o (2) newthread.php en vBulletin 3.0.1 permite a atacantes remotos inyectar HTML arbitrario o script como otros usuarios mediante el panel edici\u00f3n."
}
],
"id": "CVE-2004-0620",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108809720026642\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10602"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108809720026642\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16502"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 1.0.1 | |
| jelsoft | vbulletin | 2.0.3 | |
| jelsoft | vbulletin | 2.0_rc2 | |
| jelsoft | vbulletin | 2.0_rc3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9 | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.2 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 | |
| jelsoft | vbulletin | 3.0 | |
| jelsoft | vbulletin | 3.0.1 | |
| jelsoft | vbulletin | 3.0.2 | |
| jelsoft | vbulletin | 3.0.3 | |
| jelsoft | vbulletin | 3.0.4 | |
| jelsoft | vbulletin | 3.0.5 | |
| jelsoft | vbulletin | 3.0.6 | |
| jelsoft | vbulletin | 3.0.7 | |
| jelsoft | vbulletin | 3.0.8 | |
| jelsoft | vbulletin | 3.0_beta_2 | |
| jelsoft | vbulletin | 3.0_beta_3 | |
| jelsoft | vbulletin | 3.0_beta_4 | |
| jelsoft | vbulletin | 3.0_beta_5 | |
| jelsoft | vbulletin | 3.0_beta_6 | |
| jelsoft | vbulletin | 3.0_beta_7 | |
| jelsoft | vbulletin | 3.0_gamma |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "70BC7FDF-AEAD-4BCA-AB0B-36F62D3D92A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC28EB5-343A-4B55-8ECE-8C46D304A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31E594B0-05D5-46C2-8F06-F58E3F8BBD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "799F983E-908D-4B9F-9C99-6422863E7807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "74013F50-0677-454E-8E6C-101CF210E989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC951B-860E-4AF1-8908-71C7099FB19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87198098-906E-4C39-B293-34BBB1779011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CD10C2CD-DEDA-4CC7-B5E9-B9218E1A5851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D099410F-AD78-4EF1-879E-BEED838B90E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B411D271-87B5-4A82-8E05-5277E8E205E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "09FD2B80-AEB5-444D-AEC3-F59E6727BCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6003D-1E93-472E-B037-8D0922C4247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B366723-3598-4B4A-AFB9-E4A9616D033B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFD7266-0E3B-44B3-AC8E-DE0BFC5E2939",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php."
}
],
"id": "CVE-2005-3019",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16873/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14872"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16873/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22323"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message."
}
],
"id": "CVE-2002-1679",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/253365"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/253371"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4008"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/253365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/253371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-18 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A869E6C9-6CA7-4FB8-88E2-142C6294D028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4070579C-00AD-4DB1-8B07-4CB88D4EDBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB2651-4DD5-4007-B0B4-9E2CD9D06D00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php."
}
],
"id": "CVE-2006-1816",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-18T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19352"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24690"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24691"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24692"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430881/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430881/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter."
}
],
"id": "CVE-2005-0429",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110840807415315\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110840807415315\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-30 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B91A84F8-2588-4F53-A594-C53DB4BEC963",
"versionEndIncluding": "3.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en calendar.php de Jelsoft vBulletin versiones anteriores a 3.6.6, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante el campo title en un acci\u00f3n add simple."
}
],
"id": "CVE-2007-2908",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-30T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35155"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25309"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2751"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/468731/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24020"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468731/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34333"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 2.0 | |
| jelsoft | vbulletin | 2.0.1 | |
| jelsoft | vbulletin | 2.0.2 | |
| jelsoft | vbulletin | 2.0_beta_2 | |
| jelsoft | vbulletin | 2.0_beta_3 | |
| jelsoft | vbulletin | 2.2.0 | |
| jelsoft | vbulletin | 2.2.1 | |
| jelsoft | vbulletin | 2.2.2 | |
| jelsoft | vbulletin | 2.2.3 | |
| jelsoft | vbulletin | 2.2.4 | |
| jelsoft | vbulletin | 2.2.5 | |
| jelsoft | vbulletin | 2.2.6 | |
| jelsoft | vbulletin | 2.2.7 | |
| jelsoft | vbulletin | 2.2.8 | |
| jelsoft | vbulletin | 2.2.9_can | |
| jelsoft | vbulletin | 2.3.0 | |
| jelsoft | vbulletin | 2.3.3 | |
| jelsoft | vbulletin | 2.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A81E1505-5F99-4DA8-AC0F-28F3E6F819C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "818806B0-37B1-4CC2-A955-E711EC000203",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0394B9E0-FD26-4D5E-91D5-B8334B517DD3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "08DCDE86-03BD-4A61-9F3A-5EB05912A2D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC9227A-1F12-4E93-AEA7-C44D6A6F4177",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4053C8E5-5510-4814-A46E-89B81266C29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6753AB-DFCF-4D40-8267-645810F7967E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2B3772-A566-4A51-8B51-68E78C86CB08",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFBBAA9-BD46-44E3-9618-D87384E959A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.9_can:*:*:*:*:*:*:*",
"matchCriteriaId": "747A57AD-A345-4F5B-AD82-0F7E08C2240E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0702A-9235-45BE-82A8-BFD57A0DCC9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0914B4-24A9-438F-9B44-A6809D755168",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DB4E2-C87F-4D45-BA8A-B38835FCAD44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php."
}
],
"id": "CVE-2004-1824",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11142"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009440"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10679.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4312"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6226"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9887"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10679.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-28 01:45
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jelsoft | vbulletin | 3.5.0 | |
| jelsoft | vbulletin | 3.5.0_beta_1 | |
| jelsoft | vbulletin | 3.5.0_beta_2 | |
| jelsoft | vbulletin | 3.5.0_beta_3 | |
| jelsoft | vbulletin | 3.5.0_beta_4 | |
| jelsoft | vbulletin | 3.5.0_rc1 | |
| jelsoft | vbulletin | 3.5.0_rc2 | |
| jelsoft | vbulletin | 3.5.0_rc3 | |
| jelsoft | vbulletin | 3.5.1 | |
| jelsoft | vbulletin | 3.5.2 | |
| jelsoft | vbulletin | 3.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F1E282-4066-49AB-9596-8B2FFA68164C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_beta_1:*:*:*:*:*:*:*",
"matchCriteriaId": "87616537-EBD6-42FD-B7F7-E2977C8FD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C80E010-C3B1-4513-BB70-CCDD1BE0A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "14A138ED-6467-45BB-9E6E-31FEFCF582EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_beta_4:*:*:*:*:*:*:*",
"matchCriteriaId": "7162E3FF-B888-4C3D-8A83-881F386E218B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41C90C0A-3083-47BC-BC3F-AD0A04089C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "C83E2186-9935-4103-886F-E90411A1885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "6226F609-7F9E-4FC3-986D-B984CDBA0898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A869E6C9-6CA7-4FB8-88E2-142C6294D028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4070579C-00AD-4DB1-8B07-4CB88D4EDBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E53DA6-83A3-493A-8C98-DEA91F91D71E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that \"the userid parameter is run through our filtering system as an unsigned integer."
},
{
"lang": "es",
"value": "** IMPUGNADA ** M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en member.php en vBulletin v3.5.x permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro u. NOTA: el vendedor impugna la importancia de este informe, manteniendo que les ha sido imposible reproducir la vulnerabilidad y que \"el par\u00e1metro userid es filtrado a trav\u00e9s de nuestro sistema como un entero sin signo.\""
}
],
"id": "CVE-2006-3253",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-28T01:45:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1155"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016348"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27508"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437817/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438364/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18551"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437817/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438364/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-21 21:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04DB2651-4DD5-4007-B0B4-9E2CD9D06D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "089A26E5-BB0B-4900-8B08-DADB7BD7572C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jelsoft vBulletin 3.5.4 y 3.6.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n enviando un adjunto con extensi\u00f3n .pdf que contiene JavaScript, lo cual es procesado como una secuencia de comandos por Microsoft Internet Explorer 6."
}
],
"id": "CVE-2006-4273",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-21T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0074.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0082.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27778"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442488/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19334"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442488/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28239"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4E9C82-64CF-4487-8947-ED745C41945A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) \"Interests-Hobbies\", (2) \"Biography\", or (3) \"Occupation.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de vBulletin 3.0 Beta 2 permite a atacantes remotos inyectar HTML arbitrario o script web mediante campos opcionales como (1) \"Intereses-Aficiones\", (2) \"Bigraf\u00eda\", o (3) \"Ocupaci\u00f3n\"."
}
],
"id": "CVE-2003-1031",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3499B6-7DC8-4DE5-80EB-1EEA3307ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B53F61D2-5FD2-4625-A9FB-8E0258924BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA26ED0-6DF8-4730-AE19-E8F4AB9AC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "306C6BDF-C687-4B63-998B-B520DF1D1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF18ED7C-80BB-4A78-8809-9AAE817876A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA385E01-7FA0-4CC3-ADFE-0B3184A9093D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D731A35-E0DB-4F40-A981-C38229A2EB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits."
}
],
"id": "CVE-2002-1678",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/263609"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4349"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/263609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-6754 (GCVE-0-2008-6754)
Vulnerability from cvelistv5
Published
2009-04-27 19:00
Modified
2024-08-07 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51205"
},
{
"name": "33017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33017"
},
{
"name": "33342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33342"
},
{
"name": "20081223 Personal Sticky Threads v1.0.3c vbulletin Add-on problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499562/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51205"
},
{
"name": "33017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33017"
},
{
"name": "33342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33342"
},
{
"name": "20081223 Personal Sticky Threads v1.0.3c vbulletin Add-on problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499562/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51205",
"refsource": "OSVDB",
"url": "http://osvdb.org/51205"
},
{
"name": "33017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33017"
},
{
"name": "33342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33342"
},
{
"name": "20081223 Personal Sticky Threads v1.0.3c vbulletin Add-on problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499562/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6754",
"datePublished": "2009-04-27T19:00:00",
"dateReserved": "2009-04-27T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3025 (GCVE-0-2005-3025)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3025",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2018 (GCVE-0-2006-2018)
Vulnerability from cvelistv5
Published
2006-04-25 10:00
Modified
2024-08-07 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060424 Re: vbulletin\u003c--3.0.x SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431951/30/5370/threaded"
},
{
"name": "20060423 vbulletin\u003c--3.0.x SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060424 Re: vbulletin\u003c--3.0.x SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431951/30/5370/threaded"
},
{
"name": "20060423 vbulletin\u003c--3.0.x SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060424 Re: vbulletin\u003c--3.0.x SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431951/30/5370/threaded"
},
{
"name": "20060423 vbulletin\u003c--3.0.x SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2018",
"datePublished": "2006-04-25T10:00:00",
"dateReserved": "2006-04-25T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1515 (GCVE-0-2004-1515)
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041111 SQL injection in vBulletin forums (last10.php)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110019198507100\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041111 SQL injection in vBulletin forums (last10.php)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110019198507100\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041111 SQL injection in vBulletin forums (last10.php)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110019198507100\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1515",
"datePublished": "2005-02-19T05:00:00",
"dateReserved": "2005-02-18T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3023 (GCVE-0-2005-3023)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3023",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2805 (GCVE-0-2006-2805)
Vulnerability from cvelistv5
Published
2006-06-03 10:00
Modified
2024-09-16 23:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt"
},
{
"name": "18197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-03T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt"
},
{
"name": "18197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18197"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/vbulletin-3.0.10-sql-inj.txt"
},
{
"name": "18197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18197"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2805",
"datePublished": "2006-06-03T10:00:00Z",
"dateReserved": "2006-06-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:30.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0511 (GCVE-0-2005-0511)
Vulnerability from cvelistv5
Published
2005-02-23 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=819562"
},
{
"name": "20050222 [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110910899415763\u0026w=2"
},
{
"name": "12622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "misc.php for vBulletin 3.0.6 and earlier, when \"Add Template Name in HTML Comments\" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=819562"
},
{
"name": "20050222 [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110910899415763\u0026w=2"
},
{
"name": "12622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "misc.php for vBulletin 3.0.6 and earlier, when \"Add Template Name in HTML Comments\" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14326"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=819562",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=819562"
},
{
"name": "20050222 [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110910899415763\u0026w=2"
},
{
"name": "12622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0511",
"datePublished": "2005-02-23T05:00:00",
"dateReserved": "2005-02-23T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6779 (GCVE-0-2006-6779)
Vulnerability from cvelistv5
Published
2006-12-28 00:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:06.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061224 XSS with Vbulletin (new idea !)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455265/100/0/threaded"
},
{
"name": "21736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21736"
},
{
"name": "20061227 Re: XSS with Vbulletin (new idea !)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455351/100/0/threaded"
},
{
"name": "2084",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2084"
},
{
"name": "20061228 Re: XSS with Vbulletin (new idea !)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455414/100/0/threaded"
},
{
"name": "vbulletin-actionscript-xss(31119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061224 XSS with Vbulletin (new idea !)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455265/100/0/threaded"
},
{
"name": "21736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21736"
},
{
"name": "20061227 Re: XSS with Vbulletin (new idea !)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455351/100/0/threaded"
},
{
"name": "2084",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2084"
},
{
"name": "20061228 Re: XSS with Vbulletin (new idea !)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455414/100/0/threaded"
},
{
"name": "vbulletin-actionscript-xss(31119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061224 XSS with Vbulletin (new idea !)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455265/100/0/threaded"
},
{
"name": "21736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21736"
},
{
"name": "20061227 Re: XSS with Vbulletin (new idea !)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455351/100/0/threaded"
},
{
"name": "2084",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2084"
},
{
"name": "20061228 Re: XSS with Vbulletin (new idea !)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455414/100/0/threaded"
},
{
"name": "vbulletin-actionscript-xss(31119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6779",
"datePublished": "2006-12-28T00:00:00",
"dateReserved": "2006-12-27T00:00:00",
"dateUpdated": "2024-08-07T20:42:06.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1922 (GCVE-0-2002-1922)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-16 23:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021018 vBulletin XSS Security Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html"
},
{
"name": "5997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5997"
},
{
"name": "vBulletin-usercp-xss(10407)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10407.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021018 vBulletin XSS Security Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html"
},
{
"name": "5997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5997"
},
{
"name": "vBulletin-usercp-xss(10407)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10407.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021018 vBulletin XSS Security Bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html"
},
{
"name": "5997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5997"
},
{
"name": "vBulletin-usercp-xss(10407)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10407.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1922",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T23:21:46.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4272 (GCVE-0-2006-4272)
Vulnerability from cvelistv5
Published
2006-08-21 21:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060818 Re: UPDATE vBulletin Version 3.5.4 exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html"
},
{
"name": "20060815 UPDATE vBulletin Version 3.5.4 exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443648/100/0/threaded"
},
{
"name": "1426",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating \"If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060818 Re: UPDATE vBulletin Version 3.5.4 exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html"
},
{
"name": "20060815 UPDATE vBulletin Version 3.5.4 exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443648/100/0/threaded"
},
{
"name": "1426",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1426"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating \"If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060818 Re: UPDATE vBulletin Version 3.5.4 exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html"
},
{
"name": "20060815 UPDATE vBulletin Version 3.5.4 exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443648/100/0/threaded"
},
{
"name": "1426",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4272",
"datePublished": "2006-08-21T21:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2695 (GCVE-0-2004-2695)
Vulnerability from cvelistv5
Published
2007-10-06 21:00
Modified
2024-08-08 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12531/"
},
{
"name": "11193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"name": "vbulletin-itemnumber-sql-injection(17365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/bugs.php?do=view\u0026bugid=3379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12531/"
},
{
"name": "11193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"name": "vbulletin-itemnumber-sql-injection(17365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/bugs.php?do=view\u0026bugid=3379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12531/"
},
{
"name": "11193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11193"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?t=124876",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"name": "vbulletin-itemnumber-sql-injection(17365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
},
{
"name": "http://www.vbulletin.com/forum/bugs.php?do=view\u0026bugid=3379",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/bugs.php?do=view\u0026bugid=3379"
},
{
"name": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2695",
"datePublished": "2007-10-06T21:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0295 (GCVE-0-2003-0295)
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030514 Re: VBulletin Preview Message - XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105293890422210\u0026w=2"
},
{
"name": "20030514 VBulletin Preview Message - XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105292832607981\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the \"Preview Message\" capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030514 Re: VBulletin Preview Message - XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105293890422210\u0026w=2"
},
{
"name": "20030514 VBulletin Preview Message - XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105292832607981\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the \"Preview Message\" capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030514 Re: VBulletin Preview Message - XSS Vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105293890422210\u0026w=2"
},
{
"name": "20030514 VBulletin Preview Message - XSS Vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105292832607981\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0295",
"datePublished": "2003-05-15T04:00:00",
"dateReserved": "2003-05-14T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4273 (GCVE-0-2006-4273)
Vulnerability from cvelistv5
Published
2006-08-21 21:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27778"
},
{
"name": "20060807 Re: vbulletin 3.5.4 IE exploit xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442488/100/200/threaded"
},
{
"name": "20060803 vbulletin 3.5.4 IE exploit xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0074.html"
},
{
"name": "20060803 XSS in Vbulletin 3.6.0 in IE 0nly",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0082.html"
},
{
"name": "19334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19334"
},
{
"name": "vbulletin-javascript-pdf-xss(28239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27778"
},
{
"name": "20060807 Re: vbulletin 3.5.4 IE exploit xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442488/100/200/threaded"
},
{
"name": "20060803 vbulletin 3.5.4 IE exploit xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0074.html"
},
{
"name": "20060803 XSS in Vbulletin 3.6.0 in IE 0nly",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0082.html"
},
{
"name": "19334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19334"
},
{
"name": "vbulletin-javascript-pdf-xss(28239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27778",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27778"
},
{
"name": "20060807 Re: vbulletin 3.5.4 IE exploit xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442488/100/200/threaded"
},
{
"name": "20060803 vbulletin 3.5.4 IE exploit xss",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0074.html"
},
{
"name": "20060803 XSS in Vbulletin 3.6.0 in IE 0nly",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0082.html"
},
{
"name": "19334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19334"
},
{
"name": "vbulletin-javascript-pdf-xss(28239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4273",
"datePublished": "2006-08-21T21:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2235 (GCVE-0-2002-2235)
Vulnerability from cvelistv5
Published
2007-10-14 20:00
Modified
2024-08-08 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-member2-perpage-xss(10701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10701.php"
},
{
"name": "6246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6246"
},
{
"name": "20021123 vBulletin XSS Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/301076"
},
{
"name": "3229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-member2-perpage-xss(10701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10701.php"
},
{
"name": "6246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6246"
},
{
"name": "20021123 vBulletin XSS Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/301076"
},
{
"name": "3229",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-member2-perpage-xss(10701)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10701.php"
},
{
"name": "6246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6246"
},
{
"name": "20021123 vBulletin XSS Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/301076"
},
{
"name": "3229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2235",
"datePublished": "2007-10-14T20:00:00",
"dateReserved": "2007-10-14T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3326 (GCVE-0-2007-3326)
Vulnerability from cvelistv5
Published
2007-06-21 18:00
Modified
2024-08-07 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070620 New Include Redirect Bug XSS All vBulletin\u0026reg; v 3.x.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"
},
{
"name": "vbulletin-index-directory-traversal(34956)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"
},
{
"name": "20070620 New post Topic Hijacking XSS All vBulletin\u0026reg; v 3.x.x (2)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"
},
{
"name": "2820",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070620 New Include Redirect Bug XSS All vBulletin\u0026reg; v 3.x.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"
},
{
"name": "vbulletin-index-directory-traversal(34956)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"
},
{
"name": "20070620 New post Topic Hijacking XSS All vBulletin\u0026reg; v 3.x.x (2)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"
},
{
"name": "2820",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070620 New Include Redirect Bug XSS All vBulletin\u0026reg; v 3.x.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"
},
{
"name": "vbulletin-index-directory-traversal(34956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"
},
{
"name": "20070620 New post Topic Hijacking XSS All vBulletin\u0026reg; v 3.x.x (2)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"
},
{
"name": "2820",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3326",
"datePublished": "2007-06-21T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6040 (GCVE-0-2006-6040)
Vulnerability from cvelistv5
Published
2006-11-22 00:00
Modified
2024-08-07 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1256434"
},
{
"name": "23011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23011"
},
{
"name": "21157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21157"
},
{
"name": "vbulletin-index-admin-control-xss(30408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408"
},
{
"name": "ADV-2006-4599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4599"
},
{
"name": "1903",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1903"
},
{
"name": "20061117 XSS vBulletin 3.6.X Admin Control Painel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451959/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1256434"
},
{
"name": "23011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23011"
},
{
"name": "21157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21157"
},
{
"name": "vbulletin-index-admin-control-xss(30408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408"
},
{
"name": "ADV-2006-4599",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4599"
},
{
"name": "1903",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1903"
},
{
"name": "20061117 XSS vBulletin 3.6.X Admin Control Painel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451959/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=1256434",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1256434"
},
{
"name": "23011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23011"
},
{
"name": "21157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21157"
},
{
"name": "vbulletin-index-admin-control-xss(30408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408"
},
{
"name": "ADV-2006-4599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4599"
},
{
"name": "1903",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1903"
},
{
"name": "20061117 XSS vBulletin 3.6.X Admin Control Painel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451959/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6040",
"datePublished": "2006-11-22T00:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0429 (GCVE-0-2005-0429)
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050213 vbulletin 3.0.x PHP code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110840807415315\u0026w=2"
},
{
"name": "12542",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050213 vbulletin 3.0.x PHP code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110840807415315\u0026w=2"
},
{
"name": "12542",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050213 vbulletin 3.0.x PHP code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110840807415315\u0026w=2"
},
{
"name": "12542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0429",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4621 (GCVE-0-2005-4621)
Vulnerability from cvelistv5
Published
2006-01-06 11:00
Modified
2024-08-07 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16128"
},
{
"name": "21373",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?t=166391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16128"
},
{
"name": "21373",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vbulletin.com/forum/showthread.php?t=166391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16128"
},
{
"name": "21373",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21373"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?t=166391",
"refsource": "MISC",
"url": "http://www.vbulletin.com/forum/showthread.php?t=166391"
},
{
"name": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/vbulletin-351-xss-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4621",
"datePublished": "2006-01-06T11:00:00",
"dateReserved": "2006-01-06T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1660 (GCVE-0-2002-1660)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5QP0P158AC.html"
},
{
"name": "1005284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1005284"
},
{
"name": "5820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5820"
},
{
"name": "vbulletin-calendar-command-execution(10176)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5QP0P158AC.html"
},
{
"name": "1005284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1005284"
},
{
"name": "5820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5820"
},
{
"name": "vbulletin-calendar-command-execution(10176)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/exploits/5QP0P158AC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5QP0P158AC.html"
},
{
"name": "1005284",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005284"
},
{
"name": "5820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5820"
},
{
"name": "vbulletin-calendar-command-execution(10176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1660",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0830 (GCVE-0-2007-0830)
Vulnerability from cvelistv5
Published
2007-02-07 22:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24085"
},
{
"name": "vbulletin-admincp-index-xss(32268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32268"
},
{
"name": "35152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35152"
},
{
"name": "20070207 Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459367/100/0/threaded"
},
{
"name": "20070206 VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459289/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums \u0026 Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24085"
},
{
"name": "vbulletin-admincp-index-xss(32268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32268"
},
{
"name": "35152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35152"
},
{
"name": "20070207 Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459367/100/0/threaded"
},
{
"name": "20070206 VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459289/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums \u0026 Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24085"
},
{
"name": "vbulletin-admincp-index-xss(32268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32268"
},
{
"name": "35152",
"refsource": "OSVDB",
"url": "http://osvdb.org/35152"
},
{
"name": "20070207 Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459367/100/0/threaded"
},
{
"name": "20070206 VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459289/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0830",
"datePublished": "2007-02-07T22:00:00",
"dateReserved": "2007-02-07T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3022 (GCVE-0-2005-3022)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3022",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1040 (GCVE-0-2006-1040)
Vulnerability from cvelistv5
Published
2006-03-07 11:00
Modified
2024-08-07 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19100"
},
{
"name": "ADV-2006-0808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0808"
},
{
"name": "20060302 vBulletin3.0.12\u00263.5.3~is_valid_email()~XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426589/100/0/threaded"
},
{
"name": "20060301 [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426537/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1079030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kapda.ir/advisory-266.html"
},
{
"name": "16919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16919"
},
{
"name": "23614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19100"
},
{
"name": "ADV-2006-0808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0808"
},
{
"name": "20060302 vBulletin3.0.12\u00263.5.3~is_valid_email()~XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426589/100/0/threaded"
},
{
"name": "20060301 [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426537/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1079030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kapda.ir/advisory-266.html"
},
{
"name": "16919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16919"
},
{
"name": "23614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19100"
},
{
"name": "ADV-2006-0808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0808"
},
{
"name": "20060302 vBulletin3.0.12\u00263.5.3~is_valid_email()~XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426589/100/0/threaded"
},
{
"name": "20060301 [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426537/100/0/threaded"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=1079030",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1079030"
},
{
"name": "http://www.kapda.ir/advisory-266.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-266.html"
},
{
"name": "16919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16919"
},
{
"name": "23614",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1040",
"datePublished": "2006-03-07T11:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1824 (GCVE-0-2004-1824)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-showthread-xss(15495)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"name": "6226",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6226"
},
{
"name": "1009440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009440"
},
{
"name": "9887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9887"
},
{
"name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"name": "vbulletin-memberlist-xss(10679)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10679.php"
},
{
"name": "4312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4312"
},
{
"name": "20021121 XSS bug in vBulletin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html"
},
{
"name": "11142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-showthread-xss(15495)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"name": "6226",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6226"
},
{
"name": "1009440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009440"
},
{
"name": "9887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9887"
},
{
"name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"name": "vbulletin-memberlist-xss(10679)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10679.php"
},
{
"name": "4312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4312"
},
{
"name": "20021121 XSS bug in vBulletin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html"
},
{
"name": "11142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-showthread-xss(15495)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"name": "6226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6226"
},
{
"name": "1009440",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009440"
},
{
"name": "9887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9887"
},
{
"name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"name": "vbulletin-memberlist-xss(10679)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10679.php"
},
{
"name": "4312",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4312"
},
{
"name": "20021121 XSS bug in vBulletin",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html"
},
{
"name": "11142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1824",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3021 (GCVE-0-2005-3021)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-image-file-upload(22325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16873/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-image-file-upload(22325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16873/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-image-file-upload(22325)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22325"
},
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16873/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3021",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1823 (GCVE-0-2004-1823)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-showthread-xss(15495)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"name": "4311",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4311"
},
{
"name": "9888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9888"
},
{
"name": "1009440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009440"
},
{
"name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"name": "9889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9889"
},
{
"name": "11142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11142"
},
{
"name": "4310",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-showthread-xss(15495)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"name": "4311",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4311"
},
{
"name": "9888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9888"
},
{
"name": "1009440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009440"
},
{
"name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"name": "9889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9889"
},
{
"name": "11142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11142"
},
{
"name": "4310",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-showthread-xss(15495)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
},
{
"name": "4311",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4311"
},
{
"name": "9888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9888"
},
{
"name": "1009440",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009440"
},
{
"name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107945556112453\u0026w=2"
},
{
"name": "9889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9889"
},
{
"name": "11142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11142"
},
{
"name": "4310",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1823",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1031 (GCVE-0-2003-1031)
Vulnerability from cvelistv5
Published
2004-01-22 05:00
Modified
2024-09-17 01:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030808 VBulletin New Member XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) \"Interests-Hobbies\", (2) \"Biography\", or (3) \"Occupation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-01-22T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030808 VBulletin New Member XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) \"Interests-Hobbies\", (2) \"Biography\", or (3) \"Occupation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030808 VBulletin New Member XSS Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1031",
"datePublished": "2004-01-22T05:00:00Z",
"dateReserved": "2004-01-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:12:05.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1573 (GCVE-0-2007-1573)
Vulnerability from cvelistv5
Published
2007-03-21 21:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:09.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070313 vbulletin admincp sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462963/100/0/threaded"
},
{
"name": "24503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "34070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached Before\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070313 vbulletin admincp sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462963/100/0/threaded"
},
{
"name": "24503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "34070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached Before\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070313 vbulletin admincp sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462963/100/0/threaded"
},
{
"name": "24503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24503"
},
{
"name": "http://www.vbulletin.com/forum/project.php?issueid=21615",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "34070",
"refsource": "OSVDB",
"url": "http://osvdb.org/34070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1573",
"datePublished": "2007-03-21T21:00:00",
"dateReserved": "2007-03-21T00:00:00",
"dateUpdated": "2024-08-07T12:59:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0475 (GCVE-0-2001-0475)
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3\u0026threadid=10839"
},
{
"name": "vbulletin-php-elevate-privileges(6237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6237"
},
{
"name": "20010315 vBulletin allows arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html"
},
{
"name": "2474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3\u0026threadid=10839"
},
{
"name": "vbulletin-php-elevate-privileges(6237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6237"
},
{
"name": "20010315 vBulletin allows arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html"
},
{
"name": "2474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2474"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3\u0026threadid=10839",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3\u0026threadid=10839"
},
{
"name": "vbulletin-php-elevate-privileges(6237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6237"
},
{
"name": "20010315 vBulletin allows arbitrary code execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html"
},
{
"name": "2474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2474"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0475",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1292 (GCVE-0-2007-1292)
Vulnerability from cvelistv5
Published
2007-03-07 00:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33835"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1314422"
},
{
"name": "24341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24341"
},
{
"name": "vbulletin-inlinemod-sql-injection(32746)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746"
},
{
"name": "3387",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3387"
},
{
"name": "22780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances \"almost impossible to achieve.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33835"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1314422"
},
{
"name": "24341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24341"
},
{
"name": "vbulletin-inlinemod-sql-injection(32746)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746"
},
{
"name": "3387",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3387"
},
{
"name": "22780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances \"almost impossible to achieve.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33835",
"refsource": "OSVDB",
"url": "http://osvdb.org/33835"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=1314422",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1314422"
},
{
"name": "24341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24341"
},
{
"name": "vbulletin-inlinemod-sql-injection(32746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32746"
},
{
"name": "3387",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3387"
},
{
"name": "22780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1292",
"datePublished": "2007-03-07T00:00:00",
"dateReserved": "2007-03-06T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5104 (GCVE-0-2006-5104)
Vulnerability from cvelistv5
Published
2006-10-02 20:00
Modified
2024-08-07 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1661",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1661"
},
{
"name": "vbulletin-global-sql-injection(29174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29174"
},
{
"name": "20214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20214"
},
{
"name": "20060926 Vbulletin 2.X sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447010/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1661",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1661"
},
{
"name": "vbulletin-global-sql-injection(29174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29174"
},
{
"name": "20214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20214"
},
{
"name": "20060926 Vbulletin 2.X sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447010/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1661",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1661"
},
{
"name": "vbulletin-global-sql-injection(29174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29174"
},
{
"name": "20214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20214"
},
{
"name": "20060926 Vbulletin 2.X sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447010/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5104",
"datePublished": "2006-10-02T20:00:00",
"dateReserved": "2006-10-02T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4271 (GCVE-0-2006-4271)
Vulnerability from cvelistv5
Published
2006-08-21 21:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060705 Re: vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html"
},
{
"name": "20060711 RE: Re: vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html"
},
{
"name": "20060708 Re: Re: vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html"
},
{
"name": "20060705 vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pldsoft.com/forum/showthread.php?t=1340"
},
{
"name": "28210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying \"The default vBulletin requires authentication prior to the usage of the upgrade system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060705 Re: vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html"
},
{
"name": "20060711 RE: Re: vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html"
},
{
"name": "20060708 Re: Re: vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html"
},
{
"name": "20060705 vBulletin 3.5.4 (install_path) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pldsoft.com/forum/showthread.php?t=1340"
},
{
"name": "28210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28210"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying \"The default vBulletin requires authentication prior to the usage of the upgrade system.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Re: vBulletin 3.5.4 (install_path) Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html"
},
{
"name": "20060711 RE: Re: vBulletin 3.5.4 (install_path) Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html"
},
{
"name": "20060708 Re: Re: vBulletin 3.5.4 (install_path) Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html"
},
{
"name": "20060705 vBulletin 3.5.4 (install_path) Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html"
},
{
"name": "http://www.pldsoft.com/forum/showthread.php?t=1340",
"refsource": "MISC",
"url": "http://www.pldsoft.com/forum/showthread.php?t=1340"
},
{
"name": "28210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4271",
"datePublished": "2006-08-21T21:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2908 (GCVE-0-2007-2908)
Vulnerability from cvelistv5
Published
2007-05-30 10:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070516 vbulletin \u003c 3.6.6 [permanent xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468731/100/0/threaded"
},
{
"name": "24020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24020"
},
{
"name": "35155",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35155"
},
{
"name": "vbulletin-calendar-xss(34333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34333"
},
{
"name": "25309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25309"
},
{
"name": "2751",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070516 vbulletin \u003c 3.6.6 [permanent xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468731/100/0/threaded"
},
{
"name": "24020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24020"
},
{
"name": "35155",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35155"
},
{
"name": "vbulletin-calendar-xss(34333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34333"
},
{
"name": "25309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25309"
},
{
"name": "2751",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070516 vbulletin \u003c 3.6.6 [permanent xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468731/100/0/threaded"
},
{
"name": "24020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24020"
},
{
"name": "35155",
"refsource": "OSVDB",
"url": "http://osvdb.org/35155"
},
{
"name": "vbulletin-calendar-xss(34333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34333"
},
{
"name": "25309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25309"
},
{
"name": "2751",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2908",
"datePublished": "2007-05-30T10:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4453 (GCVE-0-2007-4453)
Vulnerability from cvelistv5
Published
2007-08-21 18:00
Modified
2024-08-07 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070817 Re: vBulletin V3.6.8 XSS Password Md5 Hash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476940/100/0/threaded"
},
{
"name": "vbulletin-qs-xss(36084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36084"
},
{
"name": "20070817 vBulletin V3.6.8 XSS Password Md5 Hash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476924/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating \"I can\u0027t reproduce a single one of these\". The researcher is known to be unreliable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070817 Re: vBulletin V3.6.8 XSS Password Md5 Hash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476940/100/0/threaded"
},
{
"name": "vbulletin-qs-xss(36084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36084"
},
{
"name": "20070817 vBulletin V3.6.8 XSS Password Md5 Hash",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476924/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating \"I can\u0027t reproduce a single one of these\". The researcher is known to be unreliable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070817 Re: vBulletin V3.6.8 XSS Password Md5 Hash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476940/100/0/threaded"
},
{
"name": "vbulletin-qs-xss(36084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36084"
},
{
"name": "20070817 vBulletin V3.6.8 XSS Password Md5 Hash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476924/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4453",
"datePublished": "2007-08-21T18:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1679 (GCVE-0-2002-1679)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020131 Fairly serious vulnerability in vBulletin 2.2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/253365"
},
{
"name": "20020131 Semi-serious vulnerability in vBulletin 2.2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/253371"
},
{
"name": "vbulletin-bbs-css(8039)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039"
},
{
"name": "4008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020131 Fairly serious vulnerability in vBulletin 2.2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/253365"
},
{
"name": "20020131 Semi-serious vulnerability in vBulletin 2.2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/253371"
},
{
"name": "vbulletin-bbs-css(8039)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039"
},
{
"name": "4008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020131 Fairly serious vulnerability in vBulletin 2.2.0",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/253365"
},
{
"name": "20020131 Semi-serious vulnerability in vBulletin 2.2.0",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/253371"
},
{
"name": "vbulletin-bbs-css(8039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8039"
},
{
"name": "4008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1679",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1678 (GCVE-0-2002-1678)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020322 memberlist.php of vBulletin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/263609"
},
{
"name": "4349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4349"
},
{
"name": "20020322 RE: memberlist.php of vBulletin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2"
},
{
"name": "vbulletin-memberlist-execute-code(8619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020322 memberlist.php of vBulletin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/263609"
},
{
"name": "4349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4349"
},
{
"name": "20020322 RE: memberlist.php of vBulletin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2"
},
{
"name": "vbulletin-memberlist-execute-code(8619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020322 memberlist.php of vBulletin",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263609"
},
{
"name": "4349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4349"
},
{
"name": "20020322 RE: memberlist.php of vBulletin",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2"
},
{
"name": "vbulletin-memberlist-execute-code(8619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1678",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2909 (GCVE-0-2007-2909)
Vulnerability from cvelistv5
Published
2007-05-30 10:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35156",
"refsource": "OSVDB",
"url": "http://osvdb.org/35156"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=1355012",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2909",
"datePublished": "2007-05-30T10:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0036 (GCVE-0-2004-0036)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-calendar-sql-injection(14144)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14144"
},
{
"name": "9360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9360"
},
{
"name": "3344",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=588825"
},
{
"name": "20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107340358202123\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-calendar-sql-injection(14144)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14144"
},
{
"name": "9360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9360"
},
{
"name": "3344",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=588825"
},
{
"name": "20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107340358202123\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-calendar-sql-injection(14144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14144"
},
{
"name": "9360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9360"
},
{
"name": "3344",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3344"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=588825",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=588825"
},
{
"name": "20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107340358202123\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0036",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4120 (GCVE-0-2007-4120)
Vulnerability from cvelistv5
Published
2007-08-01 16:00
Modified
2024-08-07 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25141"
},
{
"name": "20070731 Re: RFI ====\u003e vBulletin v3.6.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475151/100/0/threaded"
},
{
"name": "2941",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2941"
},
{
"name": "20070730 RFI ====\u003e vBulletin v3.6.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475105/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states \"further investigation has revealed that the application is not vulnerable to this issue.\" The original researcher also has a history of erroneous claims"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25141"
},
{
"name": "20070731 Re: RFI ====\u003e vBulletin v3.6.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475151/100/0/threaded"
},
{
"name": "2941",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2941"
},
{
"name": "20070730 RFI ====\u003e vBulletin v3.6.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475105/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states \"further investigation has revealed that the application is not vulnerable to this issue.\" The original researcher also has a history of erroneous claims."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25141"
},
{
"name": "20070731 Re: RFI ====\u003e vBulletin v3.6.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475151/100/0/threaded"
},
{
"name": "2941",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2941"
},
{
"name": "20070730 RFI ====\u003e vBulletin v3.6.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475105/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4120",
"datePublished": "2007-08-01T16:00:00",
"dateReserved": "2007-08-01T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2912 (GCVE-0-2007-2912)
Vulnerability from cvelistv5
Published
2007-05-30 10:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction \"red flag\" for a deleted user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction \"red flag\" for a deleted user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38616",
"refsource": "OSVDB",
"url": "http://osvdb.org/38616"
},
{
"name": "http://www.vbulletin.com/forum/project.php?issueid=21481",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/project.php?issueid=21481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2912",
"datePublished": "2007-05-30T10:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3253 (GCVE-0-2006-3253)
Vulnerability from cvelistv5
Published
2006-06-27 19:00
Modified
2024-08-07 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27508",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27508"
},
{
"name": "20060620 vBulletin\u003c\u003c--v3.5.X \"member.php\" Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437817/100/0/threaded"
},
{
"name": "1155",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1155"
},
{
"name": "1016348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016348"
},
{
"name": "vbulletin-member-xss(27261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261"
},
{
"name": "20060623 Re: vBulletin\u003c\u003c--v3.5.X \"member.php\" Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438364/100/100/threaded"
},
{
"name": "18551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that \"the userid parameter is run through our filtering system as an unsigned integer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27508",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27508"
},
{
"name": "20060620 vBulletin\u003c\u003c--v3.5.X \"member.php\" Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437817/100/0/threaded"
},
{
"name": "1155",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1155"
},
{
"name": "1016348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016348"
},
{
"name": "vbulletin-member-xss(27261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261"
},
{
"name": "20060623 Re: vBulletin\u003c\u003c--v3.5.X \"member.php\" Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438364/100/100/threaded"
},
{
"name": "18551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18551"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that \"the userid parameter is run through our filtering system as an unsigned integer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27508",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27508"
},
{
"name": "20060620 vBulletin\u003c\u003c--v3.5.X \"member.php\" Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437817/100/0/threaded"
},
{
"name": "1155",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1155"
},
{
"name": "1016348",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016348"
},
{
"name": "vbulletin-member-xss(27261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261"
},
{
"name": "20060623 Re: vBulletin\u003c\u003c--v3.5.X \"member.php\" Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438364/100/100/threaded"
},
{
"name": "18551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3253",
"datePublished": "2006-06-27T19:00:00",
"dateReserved": "2006-06-27T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1816 (GCVE-0-2006-1816)
Vulnerability from cvelistv5
Published
2006-04-18 10:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:28.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070504 Remote File Include In Script impex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded"
},
{
"name": "20060412 Remote File Inclusion in VBulletin ImpEx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430881/100/0/threaded"
},
{
"name": "impex-systempath-file-include(34095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095"
},
{
"name": "19352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19352"
},
{
"name": "impex-multiple-file-inclusion(25789)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789"
},
{
"name": "24692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24692"
},
{
"name": "24691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24691"
},
{
"name": "24690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070504 Remote File Include In Script impex",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded"
},
{
"name": "20060412 Remote File Inclusion in VBulletin ImpEx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430881/100/0/threaded"
},
{
"name": "impex-systempath-file-include(34095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095"
},
{
"name": "19352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19352"
},
{
"name": "impex-multiple-file-inclusion(25789)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789"
},
{
"name": "24692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24692"
},
{
"name": "24691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24691"
},
{
"name": "24690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070504 Remote File Include In Script impex",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467666/100/0/threaded"
},
{
"name": "20060412 Remote File Inclusion in VBulletin ImpEx",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430881/100/0/threaded"
},
{
"name": "impex-systempath-file-include(34095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34095"
},
{
"name": "19352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19352"
},
{
"name": "impex-multiple-file-inclusion(25789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25789"
},
{
"name": "24692",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24692"
},
{
"name": "24691",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24691"
},
{
"name": "24690",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1816",
"datePublished": "2006-04-18T10:00:00",
"dateReserved": "2006-04-17T00:00:00",
"dateUpdated": "2024-08-07T17:27:28.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2911 (GCVE-0-2007-2911)
Vulnerability from cvelistv5
Published
2007-05-30 10:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "vbulletin-attachedafter-sql-injection(34784)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
},
{
"name": "38147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC[\u0027search\u0027][\u0027datelineafter\u0027] variable), a related issue to CVE-2007-1573."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "vbulletin-attachedafter-sql-injection(34784)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
},
{
"name": "38147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC[\u0027search\u0027][\u0027datelineafter\u0027] variable), a related issue to CVE-2007-1573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vbulletin.com/forum/project.php?issueid=21615",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/project.php?issueid=21615"
},
{
"name": "vbulletin-attachedafter-sql-injection(34784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"
},
{
"name": "38147",
"refsource": "OSVDB",
"url": "http://osvdb.org/38147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2911",
"datePublished": "2007-05-30T10:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3019 (GCVE-0-2005-3019)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-multiple-script-sql-injection(22323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "14872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14872"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16873/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-multiple-script-sql-injection(22323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "14872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14872"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16873/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-multiple-script-sql-injection(22323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22323"
},
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "14872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14872"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16873/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3019",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2076 (GCVE-0-2004-2076)
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040213 vBulletin PHP Forum Version",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/353869"
},
{
"name": "9656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9656"
},
{
"name": "vbulletin-search-xss(15208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040213 vBulletin PHP Forum Version",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/353869"
},
{
"name": "9656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9656"
},
{
"name": "vbulletin-search-xss(15208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040213 vBulletin PHP Forum Version",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/353869"
},
{
"name": "9656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9656"
},
{
"name": "vbulletin-search-xss(15208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2076",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3020 (GCVE-0-2005-3020)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "vbulletin-xss(22324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22324"
},
{
"name": "14874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14874"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16873/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "vbulletin-xss(22324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22324"
},
{
"name": "14874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14874"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16873/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "vbulletin-xss(22324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22324"
},
{
"name": "14874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14874"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112715150320677\u0026w=2"
},
{
"name": "16873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16873/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3020",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3024 (GCVE-0-2005-3024)
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050920 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112732980702939\u0026w=2"
},
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3024",
"datePublished": "2005-09-21T04:00:00",
"dateReserved": "2005-09-21T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0869 (GCVE-0-2007-0869)
Vulnerability from cvelistv5
Published
2007-02-09 19:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24085"
},
{
"name": "22466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22466"
},
{
"name": "33129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24085"
},
{
"name": "22466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22466"
},
{
"name": "33129",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24085"
},
{
"name": "22466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22466"
},
{
"name": "33129",
"refsource": "OSVDB",
"url": "http://osvdb.org/33129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0869",
"datePublished": "2007-02-09T19:00:00",
"dateReserved": "2007-02-09T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2288 (GCVE-0-2004-2288)
Vulnerability from cvelistv5
Published
2005-08-04 04:00
Modified
2024-09-16 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-04T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10362"
},
{
"name": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html",
"refsource": "MISC",
"url": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2288",
"datePublished": "2005-08-04T04:00:00Z",
"dateReserved": "2005-08-04T00:00:00Z",
"dateUpdated": "2024-09-16T18:19:27.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2910 (GCVE-0-2007-2910)
Vulnerability from cvelistv5
Published
2007-05-30 10:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35157",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-20T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35157",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35157",
"refsource": "OSVDB",
"url": "http://osvdb.org/35157"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?postid=1355012",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?postid=1355012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2910",
"datePublished": "2007-05-30T10:00:00",
"dateReserved": "2007-05-29T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0091 (GCVE-0-2004-0091)
Vulnerability from cvelistv5
Published
2004-01-22 05:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:02.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040120 vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=107462499927040\u0026w=2"
},
{
"name": "1008780",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008780"
},
{
"name": "20040120 vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107462349324945\u0026w=2"
},
{
"name": "20040123 RE: vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=107488880317647\u0026w=2"
},
{
"name": "20040120 Re: vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=107478592401619\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying \"There is no hidden field called \u0027reg_site\u0027, nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040120 vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=107462499927040\u0026w=2"
},
{
"name": "1008780",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008780"
},
{
"name": "20040120 vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107462349324945\u0026w=2"
},
{
"name": "20040123 RE: vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=107488880317647\u0026w=2"
},
{
"name": "20040120 Re: vBulletin Security Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://marc.info/?l=vuln-dev\u0026m=107478592401619\u0026w=2"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying \"There is no hidden field called \u0027reg_site\u0027, nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040120 vBulletin Security Vulnerability",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=107462499927040\u0026w=2"
},
{
"name": "1008780",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008780"
},
{
"name": "20040120 vBulletin Security Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107462349324945\u0026w=2"
},
{
"name": "20040123 RE: vBulletin Security Vulnerability",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=107488880317647\u0026w=2"
},
{
"name": "20040120 Re: vBulletin Security Vulnerability",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev\u0026m=107478592401619\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0091",
"datePublished": "2004-01-22T05:00:00",
"dateReserved": "2004-01-21T00:00:00",
"dateUpdated": "2024-08-08T00:10:02.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2172 (GCVE-0-2009-2172)
Vulnerability from cvelistv5
Published
2009-06-23 21:21
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35385"
},
{
"name": "8965",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35385"
},
{
"name": "8965",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35385"
},
{
"name": "8965",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2172",
"datePublished": "2009-06-23T21:21:00",
"dateReserved": "2009-06-23T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2335 (GCVE-0-2006-2335)
Vulnerability from cvelistv5
Published
2006-05-12 00:00
Modified
2024-08-07 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060506 vbulletin security Alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433580/100/0/threaded"
},
{
"name": "20060511 Re: vbulletin security Alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433678/100/0/threaded"
},
{
"name": "vbulletin-css-code-execution(26440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://b3hr0uz.persiangig.com/VbStyleVuln.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060506 vbulletin security Alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433580/100/0/threaded"
},
{
"name": "20060511 Re: vbulletin security Alert",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433678/100/0/threaded"
},
{
"name": "vbulletin-css-code-execution(26440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://b3hr0uz.persiangig.com/VbStyleVuln.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060506 vbulletin security Alert",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433580/100/0/threaded"
},
{
"name": "20060511 Re: vbulletin security Alert",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433678/100/0/threaded"
},
{
"name": "vbulletin-css-code-execution(26440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26440"
},
{
"name": "http://b3hr0uz.persiangig.com/VbStyleVuln.txt",
"refsource": "MISC",
"url": "http://b3hr0uz.persiangig.com/VbStyleVuln.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2335",
"datePublished": "2006-05-12T00:00:00",
"dateReserved": "2006-05-11T00:00:00",
"dateUpdated": "2024-08-07T17:43:29.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0080 (GCVE-0-2006-0080)
Vulnerability from cvelistv5
Published
2006-01-04 11:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22220",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22220"
},
{
"name": "20060108 Html_Injection in vBulletin 3.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421310/100/0/threaded"
},
{
"name": "22210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22210"
},
{
"name": "ADV-2006-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0033"
},
{
"name": "20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420663/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-177.html"
},
{
"name": "18299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18299"
},
{
"name": "16116",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22220",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22220"
},
{
"name": "20060108 Html_Injection in vBulletin 3.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421310/100/0/threaded"
},
{
"name": "22210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22210"
},
{
"name": "ADV-2006-0033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0033"
},
{
"name": "20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420663/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-177.html"
},
{
"name": "18299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18299"
},
{
"name": "16116",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22220",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22220"
},
{
"name": "20060108 Html_Injection in vBulletin 3.5.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421310/100/0/threaded"
},
{
"name": "22210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22210"
},
{
"name": "ADV-2006-0033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0033"
},
{
"name": "20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420663/100/0/threaded"
},
{
"name": "http://kapda.ir/advisory-177.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-177.html"
},
{
"name": "18299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18299"
},
{
"name": "16116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0080",
"datePublished": "2006-01-04T11:00:00",
"dateReserved": "2006-01-04T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1342 (GCVE-0-2007-1342)
Vulnerability from cvelistv5
Published
2007-03-08 00:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070302 vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461727/100/0/threaded"
},
{
"name": "22790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22790"
},
{
"name": "2396",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2396"
},
{
"name": "vbulletin-admincpindex-xss(32780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070302 vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461727/100/0/threaded"
},
{
"name": "22790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22790"
},
{
"name": "2396",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2396"
},
{
"name": "vbulletin-admincpindex-xss(32780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070302 vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461727/100/0/threaded"
},
{
"name": "22790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22790"
},
{
"name": "2396",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2396"
},
{
"name": "vbulletin-admincpindex-xss(32780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1342",
"datePublished": "2007-03-08T00:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0620 (GCVE-0-2004-0620)
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vbulletin-newreply-newthread-xss(16502)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16502"
},
{
"name": "10602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10602"
},
{
"name": "20040624 vBulletin HTML Injection Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108809720026642\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vbulletin-newreply-newthread-xss(16502)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16502"
},
{
"name": "10602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10602"
},
{
"name": "20040624 vBulletin HTML Injection Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108809720026642\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-newreply-newthread-xss(16502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16502"
},
{
"name": "10602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10602"
},
{
"name": "20040624 vBulletin HTML Injection Vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108809720026642\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0620",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-29T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}