vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
c741c725023bcd6a30ae4767ea8e5d24f206168aa28aa6f3a452d350ceca979bvBulletin versions 3.8.4 and 3.8.5 suffer from a registration bypass vulnerability.
3e9445f22a831ab52a1dfd3dca0d09b25dbb588212e40c51d7c5557cf828038evBulletin version 4.0.4 suffers from a code execution vulnerability.
df15c5962a2bcd6fa1251f44d604af21d86b4e2014e53952f0bba266dd2cedd7vBulletin version 3.8.6 suffers from an information disclosure vulnerability in faq.php.
108c236ac3fab0c324e45083ac23839cfa7fc8d0ead4c2c1bd6c28cd0e132ebbvBulletin version 3.8.6 suffers from a database credential disclosure vulnerability.
80c5d688535f6bef2f95fb6daea4f7847dadaa708d6921883fcba8d498ec8b9dSecunia Security Advisory - A vulnerability with an unknown impact has been reported in vBulletin.
d0b41fdc88f23b91adbfd7e03acd5da1db0601a6ee9691d537b47df8cefb67e3Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 3 attack methods (dictionary, bruteforce, hybrid) and has 16 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
4286e56faccb2d2d1fbc57e5e2a094739c85fc3f1261733ebd5c8e38a1394d3aHashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 3 attack methods (dictionary, bruteforce, hybrid) and has 16 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
48e7a685d4134945d07dac804aa3669486a65edeb40b0bda7b4b834b71397c26Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 3 attack methods (dictionary, bruteforce, hybrid) and has 16 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
882a5f6502a84fee46fd70955c408f0c583fa9627f49ef7df8ba913764abf3fcSecunia Security Advisory - MaXe has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct script insertion attacks.
e5d46e8f3efbda8fb63eaba2db223c96ff64810bc41cba36f2056b3942f2b2ccSecunia Security Advisory - A vulnerability has been reported in the Two-Step External Links module for vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.
532e154118569ef66f662665894988643210d693cc1a26aba976204289029f0fvBulletin Cyb - Advanced Forum Statistics suffers from a denial of service vulnerability.
ec3d30e76b68c4548dca6b82771796442ce22bc81e811bb14d8b7bfa28075652Secunia Security Advisory - Some vulnerabilities have been reported in vBulletin, which can be exploited by malicious users to conduct script insertion attacks and potentially by malicious people to conduct cross-site scripting attacks.
383bd346047d0c9a32c49dac5e02c49a8d1e33e0326154601829229fba5fd907Secunia Security Advisory - A vulnerability has been reported in vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.
d55ee720d806eafb924ea2bb39416538b33630a22b43d673fe2200cc602bf00bSecunia Security Advisory - Multiple vulnerabilities have been reported in vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks.
6b5fd68645156f4bcddbd72012e3d1bbebe8928c3733322208632c4c7e10d8devBulletin version 4.0.2 suffers from a cross site scripting vulnerability.
25e2efeff135c8b89fed46a69e35543acb5d3af91e80a983b640cc8b46239903vBulletin version 4.0.1 appears to suffer from a cross site scripting vulnerability in calendar.php.
1c9b98fb3f3ee63541515a0bad5bf247cfc81a380d275f88657564a77a125eabvBulletin Adsense suffers from a remote SQL injection vulnerability.
a219122b84ab22aebec20e7ea061e96fc62e32affca9485b6515c03632753173vBulletin remote file disclosure exploit. Written in Python.
688263dae3a9c2dc03d5bd00336672388581d256857ff8777f9706483dcf48b3vBulletin version 4.0.1 remote SQL injection exploit.
7ca16ed212665bed18d50cbdcc685b2bc7db4a49fb7753ba38ccbff91672dca8vBulletin adminCP version 3.8.4 suffers from a cross site scripting vulnerability.
d4e3644091f7c2cc7eafc68997c66ed25f03e37287f5dc7b72bc3b5a95c94abaSecunia Security Advisory - A vulnerability has been reported in vBulletin, which can be exploited by malicious people to conduct spoofing attacks.
d68f78be26f9361dd812d87ad29f54accbda88dc35e88e227983ab3ca23fb1b0This Metasploit module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected.
fa3b7c956cd40ecf976491e6947389c4105b5b3887700ed3c774711a1b161525Secunia Security Advisory - A vulnerability has been reported in vBulletin, which can be exploited by malicious users to conduct script insertion attacks.
3e03966e0068809d3162ee8a42dd630a8559b3462975fc47e2c7995b5a532dcfvBulletin versions 3.8.4, 3.7.6, and 3.6.12 suffer from a cross site scripting vulnerability.
1b61667e510d019e6f38d7e057103628d655313defd1bccbb4e8f8580992d045
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed