Vulnerabilities > CVE-2006-6779 - Unspecified vulnerability in Jelsoft Vbulletin

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
jelsoft
exploit available

Summary

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. Successful exploitation requires the ability to upload SWF files, which is disabled by default, and must be enabled by site administrators.

Exploit-Db

descriptionVBulletin 3.5.x/3.6.x SWF Script Injection Vulnerability. CVE-2006-6779. Webapps exploit for php platform
idEDB-ID:29338
last seen2016-02-03
modified2006-12-25
published2006-12-25
reporterAshraf Morad
sourcehttps://www.exploit-db.com/download/29338/
titleVBulletin 3.5.x/3.6.x SWF Script Injection Vulnerability