Re: Html_Injection in vBulletin 3.5.2

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Html_Injection in vBulletin 3.5.2
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Tue, 10 Jan 2006 00:21:58 -0500 (EST)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This appears to be the same vulnerability as that reported to Bugtraq
by trueend5 of KAPDA on January 1:

  BUGTRAQ:20060106 [KAPDA::#19] - Html Injection in vBulletin 3.5.2
  URL:http://www.securityfocus.com/archive/1/archive/1/420663/100/0/threaded

In fact, the text is exactly the same, as is the example.

- Steve

Prev by Date: [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities
Next by Date: [SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability
Previous by thread: Html_Injection in vBulletin 3.5.2
Next by thread: Re: Html_Injection in vBulletin 3.5.2
Index(es):
- Date
- Thread