All VBulletin board forums were attacked today and taken down by a hack and it was called "Zero-Day". The following is an excerpt taken from the website . . . ZD Net . . . describing the sitution:
ZERO-DAY DETAILS
According to an analysis of the published code, the zero-day allows an attacker to execute shell commands on the server running a vBulletin installation. The attacker doesn't need to have an account on the targeted forum.
In infosec lingo, this is what security experts call a "pre-authentication remote code execution" vulnerability, one of the worst types of security flaws that can impact a web-based platform.
We're sorry for any inconvenience that this may have caused,
Craig
ZERO-DAY DETAILS
According to an analysis of the published code, the zero-day allows an attacker to execute shell commands on the server running a vBulletin installation. The attacker doesn't need to have an account on the targeted forum.
In infosec lingo, this is what security experts call a "pre-authentication remote code execution" vulnerability, one of the worst types of security flaws that can impact a web-based platform.
We're sorry for any inconvenience that this may have caused,
Craig
Comment