Hostnames |
forum.iculture.nl vps01.textopus.nl |
Domains | iculture.nl textopus.nl |
Country | Netherlands |
City | Rotterdam |
Organization | TransIP BV |
ISP | Signet B.V. |
ASN | AS20857 |
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
CVE-2023-39777 | A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. |
CVE-2019-17271 | 4.0vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. |
CVE-2019-17132 | 6.8vBulletin through 5.5.4 mishandles custom avatars. |
CVE-2019-17131 | 4.3vBulletin before 5.5.4 allows clickjacking. |
CVE-2019-17130 | 6.4vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. |
CVE-2018-6200 | 5.8vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. |
CVE-2017-7569 | 5.0In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. |
CVE-2014-9463 | 9.0functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. |
CVE-2014-2022 | 7.1SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. |
CVE-2014-2021 | 3.5Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name. |
CVE-2011-5251 | 5.8Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. |
CVE-2010-1077 | 6.8Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. |
1010400170 | 2024-05-11T00:35:57.83027922 / tcp
-294744592 | 2024-05-01T18:19:57.15014280 / tcp
624867534 | 2024-05-08T20:27:22.100471443 / tcp