Re: UPDATE vBulletin Version 3.5.4 exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UPDATE vBulletin Version 3.5.4 exploit

Subject: Re: UPDATE vBulletin Version 3.5.4 exploit
Date: 18 Aug 2006 20:40:11 -0000
From: suppressed

If you have the CAPTCHA enabled then the registrations won?t even go through. This can be enabled via the Admin Control Panel. It's not enabled by default due to extra module requirements in PHP.

The option for CAPTCHA exists in all versions of vBulletin and the majority of customers enable it almost immediately.

Though if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level by modules such as mod_evasive.

Scott MacVicar
Development Team, vBulletin

Prev by Date: [SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution
Next by Date: Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability
Previous by thread: UPDATE vBulletin Version 3.5.4 exploit
Next by thread: Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.