Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vbulletin
(Jelsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 53 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-12-31 | CVE-2004-1824 | Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. | Vbulletin | N/A | ||
| 2004-12-31 | CVE-2004-1823 | Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. | Vbulletin | N/A | ||
| 2004-12-31 | CVE-2004-1515 | SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | Vbulletin | N/A | ||
| 2004-12-06 | CVE-2004-0620 | Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. | Vbulletin | N/A | ||
| 2004-01-20 | CVE-2004-0036 | SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | Vbulletin | N/A | ||
| 2004-02-17 | CVE-2003-1031 | Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." | Vbulletin | N/A | ||
| 2003-06-16 | CVE-2003-0295 | Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. | Vbulletin | N/A | ||
| 2002-12-31 | CVE-2002-2235 | member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks. | Vbulletin | N/A | ||
| 2002-12-31 | CVE-2002-1922 | Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. | Vbulletin | N/A | ||
| 2002-12-31 | CVE-2002-1679 | Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message. | Vbulletin | N/A |