Announcement

Collapse
No announcement yet.

Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly

    I did mail an admin but got no reply, so I'm posting here:
    https://thehackernews.com/2017/12/vb...m-hacking.html
    More vBulletin problems ...

    Apparently when the security researchers contacted vBulletin, they didn't even bother to reply.

    "White paper inner sleeve is pristine ..."

  • #2
    Originally posted by Turboellis View Post
    I did mail an admin but got no reply, so I'm posting here:
    https://thehackernews.com/2017/12/vb...m-hacking.html
    More vBulletin problems ...

    Apparently when the security researchers contacted vBulletin, they didn't even bother to reply.
    When I see stuff like this it might as well be written in Mandarin. I always cross my fingers and hope someone who knows more than me will sort it out. Not ideal, I know, but it's out of my league. Is there something we, as users, can do or does it have to be done by vBulletin?
    "You don't want to kill the cash donkey"

    Comment


    • #3
      First of all, the vulnerabilities have to be recognized by vBulletin who appear to be doing an excellent job of burying their heads in the sand. Not at all impressive in a software vendor. These are remote code execution vulnerabilities, i.e. just about the worst. If we get targeted, the best thing we can hope for is that stuff just gets deleted and that the attacker doesn't feel like lacing the site with various kinds of malware.

      I just checked vBulletin's support forum and saw this:
      "Mon 18th Dec '17, 7:34am
      We were informed of a security issue late last week and a security patch is going to be released soon. Contrary to the reports, it wasn't reported in late November."

      Hopefully the patch will come out before any of their users' sites are attacked.
      "White paper inner sleeve is pristine ..."

      Comment

      Working...
      X