It has come to our attention that there is a security issue in the uploader.swf file included as part of the Yahoo User Interface (YUI) library included in vBulletin 4. As the version of YUI included in vBulletin is end-of-lifed, Yahoo will not be fixing this issue. Their recommendation is to remove the file from your server. We recommend that you replace this with an empty file of the same name (attached). What this will do is force vBulletin to use a fallback javascript based uploader which is already provided in your system.
See: http://yuilibrary.com/support/20131111-vulnerability/
The vulnerable file is also present in the vBulletin 5 download package though not used by the vBulletin 5 front-end. We recommend that you delete the file and replace it with the attached file.
We have also updated all download packages for vBulletin 4.X and 5.X with the new empty file.
To resolve this issue take the following steps:
Delete uploader.swf located in clientscript/yui/uploader/assets or /core/clientscript/yui/uploader/assets
Replace it with the attached file.
Alternatively, you can download the vBulletin package for your version and replace it from that download.
Note: We will not be fixing the vulnerability in the SWF file directly nor do we plan to take any other action on this issue at this time.
Results 1 to 9 of 9
-
vbulletin still going strong still full of yahoo exploits even five versions later SOMEBODY HACK RUBYNET WITH THIS INFOalways steveyking steveyos
01-23-2014
-
-
always steveyking steveyos01-23-2014
alienware, loves terrible shit, had to make sure new shit to replace the old shit was just as shit and cost just as much
ytmnsfw, above words, above words
-
always steveyking steveyos01-23-2014
awesome mid range computer, now top of the line computer amazing prices
fjs, fucked up at first with vbulletin, able to realize mistake, now using much better free alternative
-
always steveyking steveyos01-23-2014
let all the lizards post freely even if it means all ytmnd members leave
no lizards allowed
-
always steveyking steveyos01-23-2014
literally chemically unable to give a fuck, does not care about community being happy only cares about a single number which is post count does not matter if the posts are from lizards who make horrible posts
has gone out of his way since 2008 to try to give people the best forum to post on and continues to this day to give a fuck and no lizards at fjs
I can see why ruby's so much more popular than me online
-
always steveyking steveyos01-23-2014
if you really think about it if you're still posting at this forum you enjoy abuse just as much as lisa
-
always steveyking steveyos01-23-2014
none of you really have the right to talk about her mental problems not the people posting here especially not the people running it
-
always steveyking steveyos01-23-2014
Originally Posted by GulDucat
I know who did this. He does these kinds of things all the time to my computer. Jihad Josh did it. You should fight him
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts