Vulnerability Watch

Forum Discussion

snarang's avatar
snarang
Product Team
5 years ago

vBulletin Remote Code Execution Flaw Disclosed Amir...

vBulletin Remote Code Execution Flaw Disclosed

Amir Etemadieh, a vulnerability researcher, published a blog post on August 9 about a critical vulnerability in vBulletin, the popular forum software. Etemadieh discovered that a patch for CVE-2019-16759, the first instance of this vulnerability that was disclosed in September 2019, was insufficient. 

While there is no CVE identifier for this flaw, it appears that Etemadieh was able to identify a bypass in vBulletin's patch for CVE-2019-16759 by targeting the widget_tabbedcontainer_tab_panel template.

Most notable about this flaw is that within three hours of its public disclosure, the DEF CON conference forums were targeted by attackers. Because of the simplicity required to exploit this vulnerability, we anticipate attackers will utilize it quickly.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

2 Replies

  • Anonymous's avatar
    Anonymous
    5 years ago

    Hello Tenable Team

    I am from Anunta Tech, we have procured licenses for Nessus Professional with Customer ID & registered contact information, please guide me how to log a ticket for issues related to Nessus Professional.

    Thanks & Regards

    Swapnil H. Jaurkar

  • snarang's avatar
    snarang
    Product Team
    5 years ago

    Hi @Swapnil Jaurkar​,

    Thanks for reaching out. The Cyber Exposure Alerts community is where we post information about the latest events in the threat landscape. If you'd like to log a ticket, please browse to the create a case page. Please be sure to read the best practices guide for opening a case. You can also browse the Topic Library to see if there is a knowledge base article or previous discussion about the issue.

    Regards,

    Satnam

Recent Discussions