vBulletin CVE-2016-6483 vBulletin software is affected by a SSRF vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local network that are accessible from the target.
The following versions are affected: vBulletin <= 5.2.2 vBulletin <= 4.2.3 vBulletin <= 3.8.9 Technical details,PoC vBulletin exploits and links to patches provided by the vendor can be found at: http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt -- Regards, Dawid Golunski http://legalhackers.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
