Tuesday, July 14, 14:26
Home security vBulletin: New zero-day affects thousands of forums worldwide!

vBulletin: New zero-day affects thousands of forums worldwide!

A researcher security whose name remains unknown, posted details of a vBulletin zero-day, that is to say software of internet forums.

vBulletin

And it is precisely the publication of the details that pose some risks. The reason; The vulnerability was posted before it could be repaired, which means it may be caused hacking attacks in forums and spying on user information.

In fact, zero-day allows the hacker to execute shell commands on server. The remarkable thing is that the hacker does not have to account in this forum.

Posting on Full Disclosure. Frequently, security researchers publish details of unspecified security flaws when they have not been repaired after repeated vulnerability reporting. However, at this time, it is unclear whether the anonymous security researcher first reported the vulnerability to the vBulletin team or whether the vBulletin team failed to address the issue in a timely manner, leading it to publish it autonomously. And it is not excluded that this is a conscious slaughter decision aimed at defaming vBulletin.

According to W3Techs, 0,1% of sites manage a vBulletin forum. That means billions of users are affected. The forums are designed for the collection information of users. While billions will sites do not store user information, forums can be very easy to save data users. Therefore, 0,1% is really very important when calculating how many users could subscribe to these forums.

While vBulletin is used by many sites, the good news is that zero-day only affected the 5.x version. In practice this means that forums that have an older version are safe if they have made the necessary fixes.

vBulletin

Η Zerodium, is a company that buys web-based software to resell it to law enforcement. Many Dark web forums, such as those that distribute criminal prosecution services, malware, or child abuse images, are often run on vBulletin. According to the company, the anonymous security researcher could have made up to $ 10.000 in return for giving Zerodium zero-day details and not jeopardizing the data alone by posting it.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

Apple's $ 25 compensation for "batterygate"

In March, Apple agreed to distribute up to $ 500 million to US users, as part of a settlement that came from the iPhone ...

Pentagon: Joint AI Center tests the first lethal projects

The new director of the Joint Artificial Intelligence Center (JAIC), Nand Mulchandani, gave his first press conference at the Pentagon on July 8, ...

Data of 40.000 US citizens leaked to the Dark Web

According to a new survey, the information of more than 40.000 US citizens, along with their social security numbers have been exposed ...

LiveAuctioneers: The auction site has suffered a data breach!

LiveAuctioneers has revealed that it suffered data breach after a data breach broker started selling 3,4 million stolen user files in one ...

Ford Bronco 2021: The new 4 × 4 that surpasses the Jeep Wragler

Finally, after years, Ford returns to the battle of the jeeps with the new Ford Bronco 2021 to overcome the Jeep ...

Healthcare organizations: Focus on data protection

Cybercriminals continue their efforts to gain access to sensitive health information ....

And Mozilla is now reducing the validity of TLS certificates

After Apple and Google, Mozilla is the latest browser maker to update its policies to reduce ...

Office 365 will add support for temporary disposable email

Microsoft will provide Office 365 clients with support for the use of disposable email to facilitate the management of ...

SAP: Critical error allows hackers to seize corporate servers

SAP has released a patch for a critical bug that affects most of its customers. This error, which ...

New strain of Mirai botnet affects Comtrend routers

A new strain of the Mirai Internet of Things (IoT) botnet could be exploited by malicious agents to attack Comtrend routers.