Vulnerabilities > Jelsoft

DATE CVE VULNERABILITY TITLE RISK
2009-06-23 CVE-2009-2172 Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
network
dream jelsoft CWE-79
4.3
2009-04-27 CVE-2008-6754 Information Exposure vulnerability in Mephisteus the Personal Sticky Threads 1.0.3C
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
network
low complexity
jelsoft mephisteus CWE-200
4.0
2007-09-18 CVE-2007-4959 Cross-Site Scripting vulnerability in Jelsoft Oscmax 2.0.0Rc301
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI.
network
jelsoft CWE-79
4.3
2007-06-21 CVE-2007-3326 Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a ..
network
jelsoft
5.8
2007-06-12 CVE-2007-3197 SQL-Injection vulnerability in Vbsupport Integrated Ticket System
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
jelsoft
7.5
2007-06-12 CVE-2007-3196 SQL-Injection vulnerability in Jelsoft Vbsupport Integrated Ticket System 2.0.0Beta1
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.
network
low complexity
jelsoft
7.5
2007-05-30 CVE-2007-2912 Remote Security vulnerability in vBulletin
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
network
low complexity
jelsoft
5.0
2007-05-30 CVE-2007-2911 SQL-Injection vulnerability in vBulletin
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
network
jelsoft
8.5
2007-05-30 CVE-2007-2910 Cross-Site Scripting vulnerability in Jelsoft Vbulletin
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
network
jelsoft CWE-79
4.3
2007-05-30 CVE-2007-2909 Cross-Site Scripting vulnerability in vBulletin
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
network
jelsoft
3.5