cpe:/a:jelsoft:vbulletin:3.0 cpe:/a:jelsoft:vbulletin:3.0.1 cpe:/a:jelsoft:vbulletin:3.0.2 cpe:/a:jelsoft:vbulletin:3.0.3 cpe:/a:jelsoft:vbulletin:3.0_beta_2 cpe:/a:jelsoft:vbulletin:3.0_beta_3 cpe:/a:jelsoft:vbulletin:3.0_beta_4 cpe:/a:jelsoft:vbulletin:3.0_beta_5 cpe:/a:jelsoft:vbulletin:3.0_beta_6 cpe:/a:jelsoft:vbulletin:3.0_beta_7 cpe:/a:jelsoft:vbulletin:3.0_gamma cpe:/a:samba:ppp:2.4.1 CVE-2004-2695 2004-12-31T00:00:00.000-05:00 2017-07-28T21:29:16.733-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-10-09T21:32:00.000-04:00 ALLOWS_OTHER_ACCESS BID 11193 SECUNIA 12531 MISC http://www.securiteam.com/unixfocus/5BP0E15E0M.html CONFIRM http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379 CONFIRM http://www.vbulletin.com/forum/showthread.php?t=124876 XF vbulletin-itemnumber-sql-injection(17365) SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.