Every CVE whose affected-product data names Jelsoft Vbulletin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (51)
CVE-2007-4120 — CVSS 9.3 (critical): Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a…
CVE-2007-2911 — CVSS 8.5 (high): SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to…
CVE-2005-3024 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2006-2018 — CVSS 7.5 (high): SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid…
CVE-2004-2695 — CVSS 7.5 (high): SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows…
CVE-2001-0475 — CVSS 7.5 (high): index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote…
CVE-2005-0511 — CVSS 7.5 (high): misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute…
CVE-2005-3019 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2006-4272 — CVSS 7.5 (high): Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption)…
CVE-2005-3022 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2006-4271 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary…
CVE-2007-1292 — CVSS 7.5 (high): SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote…
CVE-2002-1660 — CVSS 7.5 (high): calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command…
CVE-2004-1515 — CVSS 7.5 (high): SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL…
CVE-2006-5104 — CVSS 7.5 (high): SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the…
CVE-2006-6779 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF…
CVE-2006-4273 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or…
CVE-2003-0295 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script…
CVE-2006-6040 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject…
CVE-2006-2335 — CVSS 6.5 (medium): Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated…
CVE-2007-1573 — CVSS 6.0 (medium): SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute…
CVE-2007-3326 — CVSS 5.8 (medium): Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a…
CVE-2002-2235 — CVSS 5.0 (medium): member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message…
CVE-2007-2912 — CVSS 5.0 (medium): Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote…
CVE-2004-0036 — CVSS 5.0 (medium): SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information…
CVE-2005-0429 — CVSS 5.0 (medium): Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote…
CVE-2006-1816 — CVSS 5.0 (medium): PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in…
CVE-2006-2805 — CVSS 5.0 (medium): SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.
CVE-2006-0080 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web…
CVE-2005-4621 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script…
CVE-2002-1678 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal…
CVE-2005-3025 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2005-3023 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2007-4453 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the…
CVE-2005-3020 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML…
CVE-2004-2288 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc…
CVE-2004-2076 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web…
CVE-2004-1823 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject…
CVE-2004-0620 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject…
CVE-2007-0869 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote…
CVE-2004-0091 — CVSS 4.3 (medium): NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of…
CVE-2007-1342 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject…
CVE-2002-1922 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary…
CVE-2007-2908 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web…
CVE-2002-1679 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by…
CVE-2006-1040 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2007-2910 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or…
CVE-2007-2909 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject…
CVE-2007-0830 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote…
CVE-2006-3253 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML…
CVE-2005-3021 — CVSS 2.1 (low): image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the…