Zatarra Posted May 3, 2014 Report Posted May 3, 2014 (edited) vBulletin Security eBulletinvBulletin 5 Connect, The World's Leading Community SoftwareMay 2nd, 2014* Security Issue* Your License Information* Contact Us------ Security Issue ------An exploit in vBulletin 5.x has been reported by the "Romanian Security Team". We have repaired the issue reported and are releasing patches for the following versions: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5 and 5.1.0The issue is caused by improper handling of the Page object within vBulletin. This allowed some user supplied data to be elevated to the point where it cause problems. It also allowed javascript to be executed in certain situations.You can find more details in the forum announcement : vBulletin 5 Connect Security Patch Released (All Versions). - vBulletin Community Forum---------------- YOUR LICENSE INFORMATION ----------------You can use this information to log into the customers area to download vBulletin, ImpEx and other vBulletin-related support materials:Your Customer Email: darkzatarra@yahoo.comYour Customer Number: ************If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form:http://www.vbulletin.com/go/lostpwThe customers area is located here:http://members.vbulletin.com/-------------------- CONTACT US --------------------------Please do not respond to this email directly. We will not receive your response. Please use the links below.Got a vBulletin technical query? Contact support:http://www.vbulletin.com/go/techsupportFor all other queries, please visit this page:vBulletin Forum Customer Support----------------------------------------------------------Security bulletins and periodic email newsletters are delivered to all current vBulletin customers, and contain information about new software versions and vBulletin.com web site features and content. If you have any questions or comments about this mailing, please contact us via the links above. You can unsubscribe from newsletters in the customer area at the bottom of the page: http://members.vbulletin.comThis email was sent to: Adrian-Daniel Bacanu, darkzatarra@yahoo.comCopyright ©2000-2014, vBulletin Solutions IncMore info:http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4032169-vbulletin-5-connect-security-patch-released-all-versionsFelicitari baieti Edited May 3, 2014 by Zatarra Quote
Nytro Posted May 3, 2014 Report Posted May 3, 2014 Avem CVE: - CVE-2014-3135 : Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrar - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3135 Quote
