Vulnerabilities > Jelsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-23 | CVE-2009-2172 | Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | 4.3 |
| 2009-04-27 | CVE-2008-6754 | Information Exposure vulnerability in Mephisteus the Personal Sticky Threads 1.0.3C The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. | 4.0 |
| 2007-09-18 | CVE-2007-4959 | Cross-Site Scripting vulnerability in Jelsoft Oscmax 2.0.0Rc301 Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2007-06-21 | CVE-2007-3326 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0 Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. network jelsoft | 5.8 |
| 2007-06-12 | CVE-2007-3197 | SQL-Injection vulnerability in Vbsupport Integrated Ticket System SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-06-12 | CVE-2007-3196 | SQL-Injection vulnerability in Jelsoft Vbsupport Integrated Ticket System 2.0.0Beta1 SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | 7.5 |
| 2007-05-30 | CVE-2007-2912 | Remote Security vulnerability in vBulletin Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. | 5.0 |
| 2007-05-30 | CVE-2007-2911 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. network jelsoft | 8.5 |
| 2007-05-30 | CVE-2007-2910 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | 4.3 |
| 2007-05-30 | CVE-2007-2909 | Cross-Site Scripting vulnerability in vBulletin Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. network jelsoft | 3.5 |