vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
msf > use exploit/multi/http/vbulletin_widgetconfig_rce msf exploit(vbulletin_widgetconfig_rce) > show targets ...targets... msf exploit(vbulletin_widgetconfig_rce) > set TARGET < target-id > msf exploit(vbulletin_widgetconfig_rce) > show options ...show and set options... msf exploit(vbulletin_widgetconfig_rce) > exploit
Mass Exploit CVE-2019-16759
No description, website, or topics provided.
Hackers have stolen the account details of 250,000 users of Dutch sex-work forum Hookers.nl – including email addresses of both escorts and customers.
The website provides a forum for escorts and customers to discuss sex work — including clients discussing their experiences with sex workers. A moderator on the forum said on Thursday that a hacker gained access to personal details through a recently disclosed software vulnerability in an external software supplier of the website, vBulle...
This week a zero-day vBulletin remote code execution vulnerability and exploit was publicly disclosed and is being used by bad actors to attack vBulletin forums. Cloudflare has now created a special rule that will prevent this exploit from working on vBulletin sites behind Cloudflare's service.
Remote code execution vulnerabilities are the most critical as they allow attackers to execute commands, take over a site, install malware, or even distribute malware from a victim's computer and ...
A critical remote code execution (RCE) bug affecting default 5.x versions of vBulletin (CVE-2019-16759) is being actively exploited in the wild, allowing unauthenticated attackers to take control of web hosts.
A zero-day proof-of-concept code was anonymously published on Monday, ahead of vBulletin issuing a patch. Also, Tenable vice president of intelligence Gavin Millard said via email that there is now a script to leverage Shodan and mass identify thousands of vulnerable systems.