Re: Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4).
While we take all security reports seriously we have investigated this report
and have been unable to find any sort of exploit suggested by the author.
External security audits are performed on a regular basis and we are committed
to the fast response and release of patches for any vulnerability, credit is
also given where due for any discoveries.
After contacting the author for more information the response we received was
that a fee would have to be paid for more information. As a company we refuse
to be coerced into paying a ransom given that the author has not been able to
demonstrate that the vulnerability exists, much less a willingness to work with
us to ensure a secure product for end users.