Full Disclosure mailing list archives
CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)
From: Dawid Golunski <dawid () legalhackers com>
Date: Tue, 9 Aug 2016 19:28:32 -0300
vBulletin CVE-2016-6483 vBulletin software is affected by a SSRF vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target. The following versions are affected: vBulletin <= 5.2.2 vBulletin <= 4.2.3 vBulletin <= 3.8.9 Technical details,PoC vBulletin exploits and links to patches provided by the vendor can be found at: http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt -- Regards, Dawid Golunski http://legalhackers.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) Dawid Golunski (Aug 12)