vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15vBulletin versions 4.0.x through 4.1.3 suffer from a remote SQL injection vulnerability in messagegroupid.
f6247497c278e39673c5ca386d68ebbd647569a0f0b7ec7d68b6e4a6963a2b5cvBulletin suffers from a Search UI remote SQL injection vulnerability. Proof of concept code included.
ff18a6080f828d0166944b872e6dd81a31c0dcaeaa4d4bb564bd68099b4dfd64Secunia Security Advisory - A vulnerability has been reported in vBulletin Publishing Suite and vBulletin Forum Classic, which can be exploited by malicious people to conduct SQL injection attacks.
70b672df156554b703386d98b87568c7dec04a4d978b3f8c02780b855d6e500cvBulletin CMS version 4.1.1 with the Recent Articles widget suffers from a cross site scripting vulnerability.
72f350a6e733b48455ad3965cc1b997ae594ecfa7d27995664b27d8e3ec8d8a8Secunia Security Advisory - A vulnerability has been reported in the vBExperience module for vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.
a7611a2483ddcfcbd19f5211af2cdc12a05437bcaaf735d11e0a8c4fdf48d986The vBExperience add-on as shipped with vBulletin versions 3.x.x and 4.x.x suffers from a cross site scripting vulnerability.
e45483003574c24072a4ea684eb504b8ab7dfaaaf34ed36b7ffdcec312891b79vBulletin version 3.x.x with the vBTube version 1.2.9 add-on suffers from multiple cross site scripting vulnerabilities.
e7f22f85242668c8be470d27ff17b6110ad159892ef6a775b8c5c662c0fc2ff9Secunia Security Advisory - A vulnerability has been reported in the vBExperience module for vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.
2e679b74fe0b17b291cd3200cc0ee3bd3ba68cdfb0724fcd3cdba921e723f941Secunia Security Advisory - A weakness has been reported in vBulletin, which can be exploited by malicious people to conduct spoofing attacks.
4bacd401ce9f10a5cd777a0e0c28211620c0e05c1ca27e9736b38eeada837af2vBulletin version 3.x.x with the vBExperience add-on suffers from a cross site scripting vulnerability.
e924dae1d3bbb435c119d685e197c46a03bae17d96c4120bcd85abab9559991fvBulletin versions 3 through 4.1.3 suffer from an open redirect vulnerability.
989a8a937a2214f2d260b564c812ed66065292cdff6d9760e9c95465e25c148fSecunia Security Advisory - A vulnerability with an unknown impact has been reported in vBulletin Publishing Suite and vBulletin Forum Classic.
7932f7ab4ac8dfbc82d9c67bd333603f64b925bb8f0471e5640600790c63902bvBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.
66a76054bed8d3379af551d8013a3dd18f852a2244d56170a687f6adc9318f37vBulletin version 4.0.x suffers from a remote SQL injection vulnerability that can be leveraged using a cross site request forgery vulnerability.
f9857c4738bd671fa3a07ef92ee6901ad48b101a0bda8bf8372d643d1114462evBulletin versions 4.0.x through 4.1.2 suffer from a remote SQL injection vulnerability.
9905c4541f0ab913046a1adbc85e999c3f1167862f2838381864c6756578f1aavBulletin plugin Point Market System version 3.1x suffers from a remote SQL injection vulnerability.
9dd6ddefa3f42971e834a1ba0b5352a7146288deb26c203dba0297a59e5ad117Secunia Security Advisory - A vulnerability has been reported in vBulletin Publishing Suite and vBulletin Forum Classic, which can be exploited by malicious people to conduct SQL injection attacks.
b940dc36414a66d01a8c6c9c41073452388658de791e8ca9ce71f33dca231734Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
26a6c0886046f56b50a2bf26bba2ee3a754c57452de7073dcc492e03d8e07022EggAvatar for vBulletin version 3.8.x suffers from a remote SQL injection vulnerability.
45976127b0631724f09b42d026c55db87b2303688300a125a802dfa83c5e9d6dcChatBox for vBulletin versions 3.6.8 and 3.7.x suffer from a remote SQL injection vulnerability.
721e37bfba2eca950514ff9e9b12e67f8dd087cddaea943f5d735600992a1700vBulletin version 4.0.8 PL1 suffers from a cross site scripting filter bypass vulnerability.
d46b6323051b1c93fb2c5d131d46becb2785b74ae325c5aa82a1f76eb3ccb419Secunia Security Advisory - MaXe has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct script insertion attacks.
4d1179df97bb06f799ef2b3684c3ed76bc0e2d46f72c2d5fd40e191bb1f16592vBulletin version 4.0.8 suffers from a persistent cross site scripting vulnerability.
532b77cbe0f670822b9ca72b962634967c91c6ebf944208f42852cd4e2b6da83vBulletin Downloads FileInfo suffers from a remote SQL injection vulnerability.
5a1f9cba7d1877678b412adcfd181ae8d615cb3784c52e11c6d21277ca0e477avBulletin version 3.6.1 suffers from a remote SQL injection vulnerability.
e1eb3d388da11c00dc9be594c878990679dda896dbcaf95aa0383b2488531777
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed