Vulnerabilities > Jelsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-12 | CVE-2007-3197 | SQL-Injection vulnerability in Vbsupport Integrated Ticket System SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-06-12 | CVE-2007-3196 | SQL-Injection vulnerability in Jelsoft Vbsupport Integrated Ticket System 2.0.0Beta1 SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | 7.5 |
| 2007-05-30 | CVE-2007-2911 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. network jelsoft | 8.5 |
| 2007-03-07 | CVE-2007-1292 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. | 7.5 |
| 2006-10-03 | CVE-2006-5104 | SQL Injection vulnerability in Jelsoft VBulletin SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2018 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. | 7.5 |
| 2006-03-24 | CVE-2006-1382 | Remote File Include vulnerability in VBulletin ImpEx PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter. | 7.5 |
| 2005-09-21 | CVE-2005-3024 | SQL-Injection vulnerability in vBulletin Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php. | 7.5 |
| 2005-09-21 | CVE-2005-3022 | SQL-Injection vulnerability in vBulletin Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. | 7.5 |
| 2005-09-21 | CVE-2005-3019 | Moderator And Administrator SQL Injection vulnerability in VBulletin Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | 7.5 |