Vulnerabilities > Jelsoft > Vbulletin

DATE CVE VULNERABILITY TITLE RISK
2009-06-23 CVE-2009-2172 Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
network
dream jelsoft CWE-79
4.3
2009-04-27 CVE-2008-6754 Information Exposure vulnerability in Mephisteus the Personal Sticky Threads 1.0.3C
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
network
low complexity
jelsoft mephisteus CWE-200
4.0
2007-06-21 CVE-2007-3326 Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a ..
network
jelsoft
5.8
2007-05-30 CVE-2007-2912 Remote Security vulnerability in vBulletin
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
network
low complexity
jelsoft
5.0
2007-05-30 CVE-2007-2911 SQL-Injection vulnerability in vBulletin
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
network
jelsoft
8.5
2007-05-30 CVE-2007-2910 Cross-Site Scripting vulnerability in Jelsoft Vbulletin
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
network
jelsoft CWE-79
4.3
2007-05-30 CVE-2007-2909 Cross-Site Scripting vulnerability in vBulletin
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
network
jelsoft
3.5
2007-05-30 CVE-2007-2908 HTML Injection vulnerability in VBulletin Calendar.PHP
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
network
jelsoft
4.3
2007-03-21 CVE-2007-1573 SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
network
jelsoft CWE-89
6.0
2007-03-08 CVE-2007-1342 HTML Injection vulnerability in RETIRED: VBulletin Event Admincp/Index.PHP RSS
Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
network
jelsoft
4.3