Vulnerabilities > Jelsoft > Vbulletin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-01-20 | CVE-2004-0036 | SQL Injection vulnerability in Jelsoft Vbulletin 2.3.0 SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | 5.0 |
| 2003-06-16 | CVE-2003-0295 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0Beta2 Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. network jelsoft | 6.8 |
| 2002-12-31 | CVE-2002-2235 | Numeric Errors vulnerability in Jelsoft Vbulletin member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks. | 5.0 |
| 2002-12-31 | CVE-2002-1922 | Cross-Site Scripting vulnerability in Multiple VBulletin Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. network jelsoft | 4.3 |
| 2002-12-31 | CVE-2002-1679 | Unspecified vulnerability in Jelsoft Vbulletin 2.2.0 Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message. network jelsoft | 4.3 |
| 2002-12-31 | CVE-2002-1678 | Cross-Site Scripting vulnerability in VBulletin Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits. network jelsoft | 4.3 |
| 2002-12-31 | CVE-2002-1660 | OS Command Injection vulnerability in Jelsoft Vbulletin calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | 7.5 |
| 2001-06-27 | CVE-2001-0475 | Unspecified vulnerability in Jelsoft Vbulletin index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. | 7.5 |