Vulnerabilities > Jelsoft > Vbulletin > 3.0.beta.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2695 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. | 7.5 |
2004-12-31 | CVE-2004-2288 | Unspecified vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. network jelsoft | 4.3 |
2004-12-31 | CVE-2004-1515 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | 7.5 |
2004-02-17 | CVE-2003-1031 | Cross-Site Scripting vulnerability in vBulletin Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." network jelsoft | 4.3 |