Vulnerabilities > Jelsoft > Vbulletin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-23 | CVE-2009-2172 | Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | 4.3 |
| 2009-04-27 | CVE-2008-6754 | Information Exposure vulnerability in Mephisteus the Personal Sticky Threads 1.0.3C The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. | 4.0 |
| 2007-06-21 | CVE-2007-3326 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0 Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. network jelsoft | 5.8 |
| 2007-05-30 | CVE-2007-2912 | Remote Security vulnerability in vBulletin Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. | 5.0 |
| 2007-05-30 | CVE-2007-2911 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. network jelsoft | 8.5 |
| 2007-05-30 | CVE-2007-2910 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | 4.3 |
| 2007-05-30 | CVE-2007-2909 | Cross-Site Scripting vulnerability in vBulletin Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. network jelsoft | 3.5 |
| 2007-05-30 | CVE-2007-2908 | HTML Injection vulnerability in VBulletin Calendar.PHP Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. network jelsoft | 4.3 |
| 2007-03-21 | CVE-2007-1573 | SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4 SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | 6.0 |
| 2007-03-08 | CVE-2007-1342 | HTML Injection vulnerability in RETIRED: VBulletin Event Admincp/Index.PHP RSS Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. network jelsoft | 4.3 |