Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Apr 2015 17:43:20 -0300
From: Patrick William <pat@...k911labs.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: vBulletin 5 - Private Messages Input Validation Failure

Hi,

I need to request a CVE for vBulletin 5.

Reason:

Due to an input validation failure, it is possible for a malicious user 
to inject messages into existing conversations without authorization.

Reference:

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud

Patrick

-- 
RACK911 Labs
1110 Palms Airport Drive
Suite 110
Las Vegas, NV 89119

http://www.RACK911Labs.com
Software Security Auditing

Follow us @ http://twitter.com/RACK911Labs

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ