2.0.3|VBulletin 2.0.3 Calendar.php Command execution vulnerable \nPOC : $target/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60<command>%20%60;die();echo%22\nEDB : http://www.exploit-db.com/exploits/21874/
2.0.0,2.2|VBulletin 2.0/2.2.x - XSS vulnerable \nPOC : $target/usercp.php?s=[Session ID]\"><Script>alert(document.cookie);</Script>\nEDB : http://www.exploit-db.com/exploits/21946/
2.3.4,2.3.3,2.3.0,2.2,2.0.2,2.0.1,2.0.0|VBulletin 2.x - Private.php Cross-Site Scripting \nPOC : $target/private.php?&action=newmessage&userid=[UID]&forward=[XSS]\nEDB : http://www.exploit-db.com/exploits/23865/
2.0.0,2.0.1,2.0.2,2.2|VBulletin 2.0.x/2.2.x members2.php Cross-Site Scripting\nEDB : http://www.exploit-db.com/exploits/22042/
2.0.0,2.0.3,2.2|VBulletin 2.0/2.2.x Memberlist.php Cross-Site Scripting\nEDB : http://www.exploit-db.com/exploits/22030/
3.0.1|VBulletin 3.0.1 newreply.php WYSIWYG_HTML parameter XSS\nEDB : http://www.exploit-db.com/exploits/24234/
3.0.4,3.0.3,3.0.2,3.0.1,3.0.0|vBulletin <= 3.0.4 - \"forumdisplay.php\" Code execution\nEDB : http://www.exploit-db.com/exploits/818/\nEDB : http://www.exploit-db.com/exploits/820/
3.0.0,2.3.0,2.2.8|vBulletin 3.0 Register.PHP HTML Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/22990/
3.0.0|VBulletin 3.0 - Search.PHP XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/23691/
3.0.0|VBulletin 3.0 ShowThread.PHP XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/23823/
3.0.0|VBulletin 3.0 ForumDisplay.PHP XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/23822/
3.0|vBulletin 3.0 - Private Message HTML Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/22599/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/template.php Multiple parameter XSS\nEDB : http://www.exploit-db.com/exploits/26283/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/modlog.php orderby parameter XSS\nEDB : http://www.exploit-db.com/exploits/26282/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/language.php goto parameter XSS\nEDB : http://www.exploit-db.com/exploits/26280/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/index.php Multiple parameter XSS\nEDB : http://www.exploit-db.com/exploits/26279/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/css.php group parameter XSS\nEDB : http://www.exploit-db.com/exploits/26278/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/usertools.php ids parameter SQL Injection\nEDB : http://www.exploit-db.com/exploits/26276/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 /admincp/usertitle.php usertitleid parameter SQL Injection\nEDB : http://www.exploit-db.com/exploits/26274/
2.0.3,1.0.1,2.0,2.3.0,2.3.2,2.3.3,2.3.4,3.0|VBulletin 1.0.1 lite/2.x/3.0 joinrequests.php request parameter SQL Injection\nEDB : http://www.exploit-db.com/exploits/26273/
3.0.6,3.0.1|vBulletin <= 3.0.6 php Code Injection\nEDB : http://www.exploit-db.com/exploits/832/
3.0.6|vBulletin <= 3.0.6 (Template) Command execution Exploit (metasploit)\nEDB : http://www.exploit-db.com/exploits/1133/
3.5.2|VBulletin 3.5.2 Event Title HTML Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/27019/
3.5.1|vBulletin 3.5.1 Vbugs.PHP XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/27580/
3.0|vBulletin <= 3.0.8 accessible database backup searcher (update 3)\nEDB : http://www.exploit-db.com/exploits/1189/
3.0.1|vBulletin 3.0.10 Portal.PHP SQL Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/27929/
3.0.9,3.5.1,3.5.2,3.5.3,3.5.4|Vbulletin 3.0.9/3.5.x Member.PHP XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/28076/
3.0.14|VBulletin 3.0.14 global.php Encoded URL XSS\nEDB : http://www.exploit-db.com/exploits/28342/
2.3.8,2.3.4,2.3.3,2.3.2,2.3.0|VBulletin 2.3.x Global.PHP SQL Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/28694/
3.6.0,3.6.1,3.6.2,3.6.2|VBulletin 3.6.x Admin Control Panel Index.PHP Multiple XSS vulnerabilities\nEDB : http://www.exploit-db.com/exploits/29079/
3.5.1,3.5.2,3.5.3,3.5.4,3.6.1,3.6.2,3.6.3,3.6.4|VBulletin 3.5.x/3.6.x SWF Script Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/29338/
3.6.4|vBulletin 3.6.4 (inlinemod.php postids)  SQL Injection Exploit\nEDB : http://www.exploit-db.com/exploits/3387/
3.6.6|VBulletin <= 3.6.6 Calendar.PHP HTML Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/30047/
3.6.10,3.7.1|vBulletin 3.6.10/3.7.1 - 'redirect' parameter XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/31910/
3.7.1,3.7.0,3.6|vBulletin <= 3.7.1 Moderation Control Panel 'redirect' parameter XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/31939/
3.6.10,3.7.2|vBulletin 3.6.10/3.7.2 - 'newpm[title]' parameter XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/32285/
3.7.3|vBulletin 3.7.3 - Visitor Message CSRF + Worm Exploit\nEDB : http://www.exploit-db.com/exploits/7174/
4.0.1|vBulletin 4.0.1 - 'misc.php' SQL Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/33547/
3.5.4,3.0|vBulletin <= 3.5.4 - Multiple XSS vulnerabilities\nEDB : http://www.exploit-db.com/exploits/33624/
2.3|vBulletin 2.3.x - SQL Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/11396/
3.0.0|vBulletin 3.0.0 - XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/11395/
3.5.2|vBulletin 3.5.2 - XSS vulnerabilities\nEDB : http://www.exploit-db.com/exploits/11394/
4.0.2|vBulletin 4.0.2 - Multiple XSS vulnerabilities\nEDB : http://www.exploit-db.com/exploits/33660/
4.0.2|vBulletin 4.0.2 - Search XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/33784/
4.0.2|vBulletin Blog 4.0.2 Title XSS vulnerability\nEDB : http://www.exploit-db.com/exploits/11871/
4.0.8|vBulletin 4.0.8 - Persistent XSS via Profile Customization\nEDB : http://www.exploit-db.com/exploits/15550/
4.0.8|vBulletin 4.0.8 PL1 - XSS Filter Bypass within profile customization\nEDB : http://www.exploit-db.com/exploits/15590/
3.8.4,3.8.5|vBulletin 3.8.4 & 3.8.5 Registration bypass vulnerability\nEDB : http://www.exploit-db.com/exploits/14833/
4.0,4.1.0,4.1.1,4.1.2|vBulletin 4.0.x <= 4.1.2 - (search.php) SQL Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/17314/
4.0,4.1.0,4.1.1,4.1.2|vBulletin 4.0.x - 4.1.2 (search.php cat param) - SQL Injection Exploit\nEDB : http://www.exploit-db.com/exploits/34526/\nhttp://packetstormsecurity.com/files/128139/vBulletin-4.1.2-SQL-Injection.html
4.0,4.1.0,4.1.1,4.1.2,4.1.3|Vbulletin 4.0.x <= 4.1.3 - (messagegroupid) SQL Injection vulnerability (0day)\nEDB : http://www.exploit-db.com/exploits/17555/
4.1.7|vBulletin 4.1.7 Multiple Remote File Include vulnerabilities\nEDB : http://www.exploit-db.com/exploits/36273/
4.1.10|VBulletin 4.1.10 'announcementid' parameter SQL Injection vulnerability\nEDB : http://www.exploit-db.com/exploits/37062/
4.0.2|vBulletin Yet Another Awards System 4.0.2 - SQL Injection\nEDB : http://www.exploit-db.com/exploits/20956/
5.0.0|vBulletin 5.0.0 Beta 11 - 5.0.0 Beta 28 - SQL Injection\nEDB : http://www.exploit-db.com/exploits/24882/
5.0.0|vBulletin 5 - index.php/ajax/api/reputation/vote nodeid parameter SQL Injection\nEDB : http://www.exploit-db.com/exploits/30212/
5.1.2,5.1.1,5.1.0|vBulletin 5.1.X - Persistent XSS\nEDB : http://www.exploit-db.com/exploits/34579/
5.1.2|vBulletin 5.1.2 SQL Injection Exploit\nhttp://rstforums.com/forum/87172-rst-vbulletin-5-1-2-sql-injection-exploit.rst
5.1.9,5.1.8,5.1.7,5.1.6,5.1.5,5.1.4,5.1.2,5.1.1,5.0.5,5.0.4,4.2.2,4.2.1,4.1.12,4.1.10,4.1.7,4.1.5,4.1.4,4.0.2,4.0.1,3.8.6,3.7.4,3.7.3,3.7.1,3.6,3.5.4,3.5.3,3.5.2,3.5.1,3.0.15,3.0.14,3.0.12,3.0.11,3.0.10,3.0.9,3.0.8,3.0.7,3.0.6,3.0.5,3.0.4,3.0.3,3.0.2,3.0.1,3.0.0,2.3.8,2.3.4,2.3.3,2.3.2,2.3.0,2.2.9,2.2.8,2.2.7,2.2.6,2.2.5,2.2.4,2.2.3,2.2.2,2.2.1,2.2.0,2.0.3,5.2.2,5.0.3,5.0.2,5.0.1,4.2.3,4.2.0,4.1.3,4.1.2,4.1.11,4.1.1,4.0.8,4.0.7,4.0.6,4.0.5,4.0.4,4.0.3,4.0.0,3.8.9,3.5|vBulletin CVE-2016-6483 Server Side Request Forgery Security Bypass Vulnerability\nEDB : http://www.exploit-db.com/exploits/40225/\nhttp://www.securityfocus.com/bid/92350\nhttp://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
5.0.5,4.2.2,4.2.1,4.2|vBulletin '/apilog.php' Multiple HTML Injection Vulnerabilities\nEDB : https://www.exploit-db.com/exploits/40114/\nhttps://www.securityfocus.com/bid/70577
5.0.5,4.2.2,4.2.1,4.2|vBulletin 'breadcrumbs_create.php' SQL Injection Vulnerability\nEDB : https://www.exploit-db.com/exploits/40115/\nhttps://www.securityfocus.com/bid/70417
4.2.2,4.2.1,4.1.12,4.1.10,4.1.7,4.1.5,4.1.4,4.0.2,4.0.1,3.8.6,3.7.4,3.7.3,3.7.1,3.6.12,3.6.10,3.6.9,3.6.8,3.6.7,3.6.6,3.6.5,3.6.4,3.6.3,3.6.2,3.6.1,3.6,4.2.3,4.2,4.1.3,4.1.2,4.1.11,4.0.8,4.0.7,4.0.6,4.0.5,4.0,3.8.9|vBulletin CVE-2016-6195 SQL Injection Vulnerability\nEDB : https://www.exploit-db.com/exploits/40751/\nhttps://www.securityfocus.com/bid/92687
5.3.0,5.3.1,5.3.2,5.3.3,5.3.4,5.3.5|vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion\nEDB : https://www.exploit-db.com/exploits/43362/\nhttps://blogs.securiteam.com/index.php/archives/3573
