Date: Fri, 24 Apr 2015 17:43:20 -0300 From: Patrick William <pat@...k911labs.com> To: oss-security@...ts.openwall.com Subject: CVE Request: vBulletin 5 - Private Messages Input Validation Failure Hi, I need to request a CVE for vBulletin 5. Reason: Due to an input validation failure, it is possible for a malicious user to inject messages into existing conversations without authorization. Reference: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud Patrick -- RACK911 Labs 1110 Palms Airport Drive Suite 110 Las Vegas, NV 89119 http://www.RACK911Labs.com Software Security Auditing Follow us @ http://twitter.com/RACK911Labs
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ