Vulnerabilities > Jelsoft > Vbulletin > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-23 | CVE-2009-2172 | Cross-Site Scripting vulnerability in Dream Radio and TV Player Addon FOR Vbulletin Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter. | 4.3 |
2009-04-27 | CVE-2008-6754 | Information Exposure vulnerability in Mephisteus the Personal Sticky Threads 1.0.3C The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky. | 4.0 |
2007-06-21 | CVE-2007-3326 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0 Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. network jelsoft | 5.8 |
2007-05-30 | CVE-2007-2912 | Remote Security vulnerability in vBulletin Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. | 5.0 |
2007-05-30 | CVE-2007-2910 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | 4.3 |
2007-05-30 | CVE-2007-2908 | HTML Injection vulnerability in VBulletin Calendar.PHP Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. network jelsoft | 4.3 |
2007-03-21 | CVE-2007-1573 | SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4 SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | 6.0 |
2007-03-08 | CVE-2007-1342 | HTML Injection vulnerability in RETIRED: VBulletin Event Admincp/Index.PHP RSS Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. network jelsoft | 4.3 |
2007-02-09 | CVE-2007-0869 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.6.4 Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. network jelsoft | 4.3 |
2006-12-28 | CVE-2006-6779 | Unspecified vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. network jelsoft | 6.8 |