lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADSYzstwTLqFAe=fT7q33712+sGbb01UGTguQF8WhSYM4H_+pQ@mail.gmail.com> Date: Tue, 9 Aug 2016 19:28:32 -0300 From: Dawid Golunski <dawid@...alhackers.com> To: fulldisclosure@...lists.org Subject: [FD] CVE-2016-6483 - vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) vBulletin CVE-2016-6483 vBulletin software is affected by a SSRF vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target. The following versions are affected: vBulletin <= 5.2.2 vBulletin <= 4.2.3 vBulletin <= 3.8.9 Technical details,PoC vBulletin exploits and links to patches provided by the vendor can be found at: http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt -- Regards, Dawid Golunski http://legalhackers.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists