vBulletin version 4.0.x suffers from a remote SQL injection vulnerability that can be leveraged using a cross site request forgery vulnerability.
f9857c4738bd671fa3a07ef92ee6901ad48b101a0bda8bf8372d643d1114462e
vBulletin version 5.6.2 suffers from a cross site scripting vulnerability.
9ecbb502c74dcc25b94acca4c4d869e8c562d90358ff917a5d5953a2dd70e92f
vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.
75285d166423ae5386979499db99854517134611016ac3d67d648a0aabebfe16
vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.
800381f3649a533440af653fbd52534ea9e111590ccf2388f4920393f6d270a2
This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.
ab383c3c011e7017caccbf3f14a2893505f109f7315cb558a626bdfe3e283ccb
vBulletin version 5.6.1 suffers from a remote SQL injection vulnerability.
e9bdd1a9c7ac4c698df1254cb099a495abfb2879f7affcf386aead86ed8ab655
This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
326f81b545fe8313bbeed2d318b0e0e5050341b5d04a71833263a320f03d34af
vBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.
b1df69e722fa4cad5f1ccc76b0fc3406b89ae033513d809855bd2220ee861825
vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.
742a27bb143fc517db0186097206a40eff166313f5c0f0b58106301ddbc20309
vBulletin version 5.x pre-authentication remote code execution Metasploit module.
4a1da0e01f0e530ef718c51ed1bcd9f801cd9b4453516cc9e71b0d28bd47e9d1
Nmap NSE script that exploits a pre-authentication remote command execution vulnerability in vBulletin versions 5.x.
73ddb2f66da505ef87985f77f0bb71fc85619bd1e57d88f061543246f1899c3c
vBulletin version 5.x pre-authentication remote code execution zero day exploit.
35e895c984e393390fc6a2c122105de7943500da5130701dc0d2952b5feb5148
vBulletin version 4.2.5 with Member Map version 1.1.2 suffers from an open redirection vulnerability.
cd24447d5bdc6df376a0c8e592244ce1952be936784b89cfd7169666074f1b88
vBulletin version 4.2.5 with vBSuper_PM version 1.2.3 Lite suffers from an open redirection vulnerability.
337b52dd897eae9edf84f2c1fefeb81f0b4459305ddf01c6badb1b904d4b4990
vBulletin version 4.2.5 with Thread Post Bookmarking version 1.2.0 suffers from an open redirection vulnerability.
99f1a237812d994d339caac57f876dd0be4c979f258f6166cf91876b60a63385
vBulletin version 4.2.5 with Ajax Threads version 1.1.3 Lite suffers from an open redirection vulnerability.
92ec38604b3a7a0f1933fa1bcb7b7d1367f1f21b037743720431a6c365480bdf
vBulletin version 4.x Seo by vBSeo version 3.3.2 suffers from an open redirection vulnerability.
3669bb4deadc40930e9d2251455fc9eddaf8dc47a5b4fe8393f38c538ab155c0
vBulletin version 4.x.x with vB Optimise version 2.6.3 Pro suffers from an open redirection vulnerability.
10774d0fe78880dc9301c12fb4eb0976c92aa098d86fb9fe4ad50b365e0a195c
vBulletin version 4.2.5 with Advanced User Tagging version 3.1.3 suffers from an open redirection vulnerability.
44f6aaca582314bc8b0623ff7fbc69a6b5c4a7c21aae05f207aee47cd4f218d3
vBulletin version 4.2.3 with vBSecurity version 2.2.2 Pro suffers from an open redirection vulnerability.
bc6ebc120e30d3ea29b92fb72be3daedbec5dad75d04c10b45472cd231bfb846
vBulletin version 3.8.x with vBadvanced CMPS version 3.2.3 suffers from an open redirection vulnerability.
e79c231fdfcbb61b29966455c9446f58d62abf5a015fe3873f40b64d94f875ab
vBulletin version 3.8.4 with Zoints SEO version 2.3.2 suffers from an open redirection vulnerability.
f9d316af1834c1bbf3910ae82e0316f9f81d6f631edda1d0d6017be15d9bfb65
vBulletin version 4.2.5 with vBSEO version 3.6.1 suffers from an open redirection vulnerability.
3e6072c777f9e6b1fa54d538e3787db1c5549291bfde83d4d7294b5f5158b225
vBulletin version 4.x.x with DragonByte SEO version 2.0.31 suffers from an open redirection vulnerability.
c30a29020b2699d4b2fca2b1786f0511f9e9546a4d8d9a6313fa1002191ef024
vBulletin version 4.2.0 with ChangUonDyU Chatbox plugin version 3.6.0 suffers from cross site scripting vulnerabilities.
bb1231371b917c4f9e749a0a46ebf3e8059e33f4abd5c0f9cd3a8c41f8b16d9a
vBulletin versions 4.2.3 and below suffer from a remote SQL injection vulnerability in the forumrunner add-on.
c52ff5beedbd614d5ea96f159e21d95f2550dcd2a7551bccca3ddefeb3ca20a7