Vulnerability Development mailing list archives
Re: vBulletin Security Vulnerability - POC
From: Freddie Bingham <freddie () vbulletin com>
Date: 26 Jan 2004 20:52:32 -0000
In-Reply-To: <20040123210813.8522.qmail () mail securityfocus com> This exploit existed in vBulletin v3 Beta 2 - Beta 7. We patched this exploit for the vBulletin v3 gamma release and recommend all users affected versions upgrade to the latest vBulletin v3 release, which is RC3 at the time of this posting. Users are made aware that they are choosing to use software labelled as beta and hence the chance of unknown exploits is greater than when using release quality software. We do take security serious and respond to them in the same swift manner, be it in a beta or release version. We were not aware of this problem until we were at Beta 7 and have no explanation as to why we missed the submitters original contact during the Beta 2 time period.
Current thread:
- Re: vBulletin Security Vulnerability - POC Freddie Bingham (Jan 27)