Security News > 2019 > September > vBulletin zero-day exploited in the wild in wake of exploit release
2019-09-25 09:27
An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it didn’t take long for attackers to start using it. About vBulletin vBulletin is the most popular internet forum software in use today. W3Techs says that around 0.1% of all internet sites run a vBulletin forum, though only 6.4% of these use vulnerable 5.x versions. MH Sub I, the company that develops … More → The post vBulletin zero-day exploited in the wild in wake of exploit release appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/GOwbGBRuVPQ/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Enterprise tech dominates zero-day exploits with no signs of slowdown (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-24 | CVE-2019-16759 | Code Injection vulnerability in Vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | 9.8 |