oss-security - CVE Request: vBulletin 5 - Private Messages Input Validation Failure

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <553AAAE8.7030909@rack911labs.com>
Date: Fri, 24 Apr 2015 17:43:20 -0300
From: Patrick William <pat@...k911labs.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: vBulletin 5 - Private Messages Input Validation Failure

Hi,

I need to request a CVE for vBulletin 5.

Reason:

Due to an input validation failure, it is possible for a malicious user 
to inject messages into existing conversations without authorization.

Reference:

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud

Patrick

-- 
RACK911 Labs
1110 Palms Airport Drive
Suite 110
Las Vegas, NV 89119

http://www.RACK911Labs.com
Software Security Auditing

Follow us @ http://twitter.com/RACK911Labs

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.