11/06/12
CVE NONE-0464
vBulletin before 4.1.12 PL3 and 4.2 PL3 is prone to a vulnerability which has been reported in YUI.
The vulnerability is caused due to an unspecified error related to SWF files.
|
Activity Stream Script Insertion Vulnerability
|
06/21/12
CVE NONE-0403
vBulletin 4.2 is prone to a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
Certain input passed via the Activity Stream is not properly sanitised in activitystream/view/perm/calendar/event.php before being displayed to the user.
This can be exploited to insert arbitrary HTML and script code,
which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
|
MAPI Vulnerability in 4.1.12
|
04/27/12
CVE 2012-4328
vBulletin versions 4.1.2 through 4.1.12 are prone to a vulnerability with an unknown impact.
The vulnerability is caused due to an error within the MAPI functionality.
|
Script Insertion Vulnerabilities in 4.1.11
|
04/12/12
CVE NONE-0371
vBulletin versions 4.1.4 through 4.1.11 are prone to two vulnerabilities,
which can be exploited by malicious people to conduct script insertion attacks.
Certain unspecified input is not properly sanitised in clientscript/ckeplugins/bbcode/plugin.js
and clientscript/ckeditor/ckeditor.js before being used.
This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
|
"[URL]" BBCode Script Insertion Vulnerability
|
03/29/12
CVE NONE-0361
vBulletin 4.1.11 and prior are prone to a vulnerability,
which can be exploited by malicious users to conduct script insertion attacks.
Input passed via "[URL]" BBCode when e.g. posting a group discussion is not properly sanitised before being used
when e.g. previewing a blog post quoting the group discussion within the editor in WYSIWYG (What You See Is What You Get) mode.
This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
|
Blog Posts Security Bypass Vulnerability
|
01/20/12
CVE NONE-0324
vBulletin 3.x is prone to a vulnerability,
which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to the blog_post.php script not checking certain permissions, and can be exploited to post blog entries.
|
AdminCP Unspecified Cross-Site Scripting Vulnerability
|
08/08/11
CVE NONE-0262
vBulletin 4.1.3, 4.1.4, and 4.1.5 are prone to a vulnerability,
which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input related to the AdminCP is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
|
Search UI Unspecified SQL Injection Vulnerability in 4.x
|
07/26/11
CVE NONE-0257
vBulletin 4.x is prone to a vulnerability,
which can be exploited by malicious people to conduct SQL injection attacks.
Certain unspecified input related to the search UI is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
|
"url" Redirection Vulnerability
|
06/10/11
CVE NONE-0234
vBulletin 3.x and 4.x are prone to a vulnerability,
which can be exploited by malicious people to conduct spoofing attacks.
Input passed via the "url" parameter to login.php is not properly verified before being used to redirect users.
This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
|
YUI Component Library Unspecified Vulnerability
|
06/07/11
CVE NONE-0231
The vBulletin 'YUI' component is prone to an unspecified vulnerability.
vBulletin versions prior to 3.8.7 PL1 and 4.1.3 PL1 are vulnerable.
|
Search UI Unspecified SQL Injection Vulnerability
|
04/14/11
CVE NONE-0198
vBulletin 4.1.2 and prior are prone to a vulnerability,
which can be exploited by malicious people to conduct SQL injection attacks.
Certain unspecified input related to the search UI is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
|
'Profile Customization' Feature HTML Injection Vulnerability
|
11/25/10
CVE NONE-0143
vBulletin 4.0.8 and prior are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
|
faq.php Information Disclosure Vulnerability
|
08/12/10
CVE NONE-0089
vBulletin 3.8.6 and prior are prone to an information-disclosure vulnerability.
Successful exploits can allow attackers to obtain potentially sensitive information
which may aid in other attacks.
|
Multiple Vulnerabilities in version 4.0.2 and prior
|
05/21/10
CVE NONE-0035
vBulletin 4.0.2 and prior is prone to multiple cross-site vulnerabilities which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. A HTML-injection vulnerability may also allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
Multiple Cross Site Scripting Vulnerabilities
|
03/30/10
vBulletin 4.0.2 is prone to multiple cross-site vulnerabilities which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
misc.php SQL Injection Vulnerability
|
02/01/10
vBulletin before 4.0.1 is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application,
access or modify data, or exploit latent vulnerabilities in the underlying database.
|
Spoof User Data Unspecified Input Validation Vulnerability
|
01/20/10
vBulletin before 4.0.0 PL1, 3.8.4 PL2, and 3.7.6 PL2 are prone to an unspecified input-validation vulnerability.
Attackers can exploit this issue to perform brute-force attacks to spoof users' input data.
|
Home Page Field HTML Injection Vulnerability
|
11/06/09
vBulletin before 3.8.4 PL1, 3.7.6 PL1, and 3.6.12 PL2 are prone to a HTML-injection vulnerability
because it fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site,
potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user.
|
Visitor Messages Addon Comment Notification HTML Injection
|
12/12/08
vBulletin before 3.7.4 is prone to a HTML-injection vulnerability
because it fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site,
potentially allowing the attacker to steal cookie-based authentication credentials
and to control how the site is rendered to the user.
|
Multiple Sql Injection Vulnerabilities in vBulletin 3.7.4 and 3.7.3.pl1
|
12/03/08
CVE 2008-6255
vBulletin 3.7.4 and 3.7.3.pl1 have multiple vulnerabilities:
- "admincalendar.php" SQL Injection in 3.7.3.pl1,
- "admincp/verify.php" SQL Injection in 3.7.4,
- "admincp/attachmentpermission.php" SQL Injection in 3.7.4, and
- "admincp/image.php" SQL Injection in 3.7.4.
|
$newpm[title] Parameter Cross-Site Scripting Vulnerability
|
09/09/08
CVE 2008-3773
vBulletin versions prior to 3.6.10 PL4 and 3.7.2 PL2 have a cross-site scripting vulnerability caused by a failure to sanitize user input,
when "Show New Private Message Notification Pop-Up" is enabled.
|
Cross-site scripting vulnerabilities
|
07/21/08
CVE 2008-3184
vBulletin versions up to and including 3.6.10 PL2 and 3.7.2 have a cross-site scripting vulnerability caused by a failure to sanitize user input.
|
SQL injection vulnerability in 3.6.4
|
03/13/07
CVE 2007-1292
vBulletin 3.6.4 and possibly earlier versions have an SQL injection
vulnerability caused by a failure to sanitize user-supplied data to
the postids parameter to inlinemod.php.
|
Cross-site scripting fixed in 3.6.4
|
12/04/06
CVE 2006-6040
vBulletin (3.6.x) is affected by a cross-site scripting vulnerability
in the prefs parameter in a buildnavprefs action and the navprefs parameter in a savenavprefs action.
Versions 3.6 through 3.6.3 are affected.
|
SQL injection vulnerability in 2.3.X
|
10/06/06
CVE 2006-5104
vBulletin (2.3.x) is affected by an SQL injection vulnerability in
the global.php script. Versions up to and including 2.3.8
are affected.
|
Cross-site scripting fixed in 3.0.15
|
08/18/06
vBulletin (3.0.x) is affected by a number of cross-site scripting vulnerabilities
which were fixed in 3.0.15. These include vulnerabilities in the
global.php script.
|
Cross-site scripting in u
|
06/30/06
CVE 2006-3253
vBulletin is affected by a cross-site scripting vulnerability in
the u field of member.php. This affects versions
3.5.4 and prior in the 3.5 branch.
|
Cross-site scripting in email
|
04/19/06
CVE 2006-1040
vBulletin is affected by a cross-site scripting vulnerability in
the email field of sendmsg.php. This affects versions
3.0.12 and prior in the 3.0 branch and 3.5.3 and prior in the 3.5 branch.
|
Cross-site scripting in title
|
04/19/06
CVE 2006-0080
vBulletin is affected by a cross-site scripting vulnerability in
the title field of calendar.php and reminder.php.
This affects versions 3.5.2 and prior in the 3.5 branch.
|
Cross-site scripting in url
|
04/19/06
CVE 2005-4621
vBulletin is affected by a cross-site scripting vulnerability in
the remote avatar url field of the editavatar page.
This affects versions 3.5.2 and prior in the 3.5 branch.
|
Image Upload Cross-site scripting (IE6 Only)
|
11/17/05
vBulletin is affected (as are many other products) by a flaw
in Internet Explorer 6, that allows a cross-site scripting exploit
for image uploads. This affects versions prior to 3.5.1, 3.0.10 and
2.3.8 and only when using Internet Explorer version 6.
|
Multiple Vulnerabilities in vBulletin 3.0.7 - 3.0.9
|
09/23/05
CVE 2005-3019
CVE 2005-3020
CVE 2005-3021
CVE 2005-3022
CVE 2005-3023
CVE 2005-3024
CVE 2005-3025
vBulletin is affected by SQL injection, cross-site scripting,
and arbitrary file upload vulnerabilities in multiple
scripts. Some of these vulnerabilities were fixed in
version 3.0.8 and 3.0.9, but others remained unfixed in
version 3.0.9.
|
comma Command Execution Vulnerability
|
02/22/05
CVE 2005-0429
forumdisplay.php uses the comma input parameter in a PHP
eval command without proper initialization.
This could allow a remote attacker to execute arbitrary
PHP commands by placing the commands within this parameter.
vBulletin 3.0 through 3.0.4 are affected by this vulnerability
if showforumusers
is set to on and magic_quotes_gpc
is set to off.
01/24/05
The same versions of vBulletin also contain a critical vulnerability
in the init.php script when using PHP 4 with
register_globals enabled.
|
Template Name PHP Injection
|
02/28/05
CVE 2005-0511
A vulnerability in misc.php could allow
a remote attacker to execute arbitrary PHP code by sending
a specially crafted template parameter.
In order for this vulnerability to be exploitable, the
Add Template Name in HTML Comments option would need
to be enabled. This option is not enabled by default.
vBulletin 3.0.6 and earlier are affected by this vulnerability.
09/22/04
11/16/04
CVE 2004-1515
CVE 2004-2695
vBulletin 3.0 through 3.0.3 are affected by two SQL injection
vulnerabilities. The first is exploitable when vBulletin is
used with the Authorize.net payment manager.
A remote attacker could execute SQL commands on the back-end
database by sending a malformed x_invoice_num
parameter in an HTTP request. The second is in the last.php
script and allows execution of SQL commands in a malformed
fsel parameter.
05/28/04
A remote attacker could cause vBulletin to include and
execute arbitrary PHP commands hosted on the attacker's
web site. This is due to insufficient checking of the
loc parameter in the admincp/index.php
script before using it in an included file path. vBulletin
3.0 beta 7 and earlier and 3.0 gamma are affected by this
vulnerability.
Cross-site scripting vulnerabilities in the following
scripts could allow a remote attacker to run arbitrary
JavaScript code in unsuspecting clients' browsers:
- 07/01/04
(CVE 2004-0620)
newreply.php and newthread.php (3.0.1)
- (CVE 2003-0295)
private.php Preview Message capability (3.0 through 3.0 beta 2)
- (CVE 2003-1031)
register.php optional fields (3.0 through 3.0 beta 2)
- (CVE 2004-0091)
register.php reg_site parameter (3.0 through 3.0 beta 7)
- (CVE 2004-1823)
showthread.php page parameter or forumdisplay.php order parameter (2.0 beta 3 through 3.0 can 4)
- (CVE 2004-1824)
memberlist.php what parameter (before 3.0)
|
Remote PHP command execution
|
CVE 2001-0475
Due to a lack of checking of the templatecache
parameter for quotation characters, a remote attacker could
execute PHP commands using malformed requests for various
PHP scripts. vBulletin 2.0 prior to 2.0 beta 3 and all
versions prior to 1.1.6 are affected by this vulnerability.
|
calendar.php Vulnerabilities
|
CVE 2002-1660
CVE 2002-2157
CVE 2004-0036
The calendar.php script is affected by two
vulnerabilities. Firstly, it uses the input parameter
eventid in an SQL query without checking
for illegal characters, which could allow a remote attacker
to execute arbitrary queries using a malformed URL request.
vBulletin prior to 2.3.4 is affected by this vulnerability.
Secondly, a remote attacker could execute operating system
commands by sending a specially crafted comma
parameter. vBulletin prior to 2.2.8 is affected by this
vulnerability.
