Security patch released for latest vbulletin

[Storming]

This affects the following releases:vBulletin 3.8.4 PL1 / 3.7.6 PL1 / 3.6.12 PL2

An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an action as a user or obtain access to a user's account. To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.

Source: Vbulletin.com

I would suggest people start upgrading now.

Storming Reviewed by Storming on 8th Oct 2009. Security patch released for latest vbulletin This affects the following releases:vBulletin 3.8.4 PL1 / 3.7.6 PL1 / 3.6.12 PL2 Source: Vbulletin.com I would suggest people start upgrading now. Rating: 5

[DEViANCE]

LOL, they finally found it then...


IPB FTW

[Storming]

* vBulletin 3.8.3

Really hope This site patches up..

[DXS]

Did they serious find this just now? Wow...now they have to find the one in the memberlist page haha.

[-Im.z2ight-]

They alway fix the patches and this site might want to get up to date.

[Hawk]

That reminds me, I need to tell Izzy to update InWarez (That's whenever he's back).

[Loget]

Its not specifically versions 3.8.4, 3.7.6, 3.6.12 that are affected, all versions are, for example if you are running 3.8.2 or 3.7.5 etc you are vulnerable and need to update to the latest version.

To resolve this issue, it has been necessary to release a patch level version of the active versions of vBulletin.

That is why the patch was released across all there active versions, the older versions are probably vulnerable also but they have stopped updating those so if your running those you need to manually do it, vBulletin and XSS are like bread and butter just can't keep them apart.

[William Palmer]

another reason why i use IPB even tho i dont know shit about it but that is besides the point lol

[Hyperz]

That reminds me, I need to tell Izzy to update InWarez (That's whenever he's back).

If he still has enough space left on his shared hosting...

[-Im.z2ight-]

3.8.4 PL1 / 3.7.6 PL1 / 3.6.12 PL2 these are the new releases not the affected versions. They have 3.6 stable usable addition for people who don't want to move up to 3.7 or 3.8