430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacker discloses details and PoC exploit code for unpatched 0Day in vBulletin

An anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin. vBulletin is one of the most popular forum software, for this reason, the disclosure of a zero-day flaw affecting it could impact a wide audience. More than 100,000 websites online run on top of vBulletin. […]

vbulletin

An anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin.

vBulletin is one of the most popular forum software, for this reason, the disclosure of a zero-day flaw affecting it could impact a wide audience.

More than 100,000 websites online run on top of vBulletin.

An anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin. The bad news is that the vulnerability in the popular software is still unpatched.

vbulletin

The vulnerability could be exploited remotely by an unauthenticated attacker. The PoC exploit published by the hacker works on vBulletin versions 5.0.0 till the latest 5.5.4.

The zero-day flaw in the forum software resides in the way an internal widget file of the forum software package accepts configurations via the URL parameters. The expert discovered that the package fails to validate the parameters, an attacker could exploit it to inject commands and remotely execute code on the vulnerable install.

Let’s hope that the maintainers of the vBulletin project will address the vulnerability as soon as possible before threat actors will start to exploit the PoC code in attacks in the wild.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – RCE, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]