Search
Search Results (53 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12720 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 9.8 Critical |
| vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | ||||
| CVE-2019-17271 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.9 Medium |
| vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. | ||||
| CVE-2019-17132 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 9.8 Critical |
| vBulletin through 5.5.4 mishandles custom avatars. | ||||
| CVE-2019-17131 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.3 Medium |
| vBulletin before 5.5.4 allows clickjacking. | ||||
| CVE-2019-17130 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 6.5 Medium |
| vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | ||||
| CVE-2018-6200 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | N/A |
| vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | ||||
| CVE-2018-15493 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | N/A |
| vBulletin 5.4.3 has an Open Redirect. | ||||
| CVE-2010-1077 | 2 Vbseo, Vbulletin | 2 Vbseo, Vbulletin | 2024-08-07 | N/A |
| Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. | ||||
| CVE-2011-5251 | 1 Vbulletin | 1 Vbulletin | 2024-08-07 | N/A |
| Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | ||||
| CVE-2012-4686 | 1 Vbulletin | 1 Vbulletin | 2024-08-06 | N/A |
| SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | ||||
| CVE-2012-4328 | 1 Vbulletin | 4 Mapi, Vbulletin, Vbulletin Forum and 1 more | 2024-08-06 | N/A |
| Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. | ||||
| CVE-2012-3844 | 1 Vbulletin | 1 Vbulletin | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | ||||
| CVE-2013-6129 | 1 Vbulletin | 1 Vbulletin | 2024-08-06 | N/A |
| The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. | ||||