Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    California USA

    Vbulletin - YUI Security Issue found in uploader.swf

    I received this email a little while ago.

    It has come to our attention that there is a security issue in the uploader.swf file included as part of the Yahoo User Interface (YUI) library included in vBulletin 4. As the version of YUI included in vBulletin is end-of-lifed, Yahoo will not be fixing this issue. Their recommendation is to remove the file from your server. We recommend that you replace this with an empty file of the same name (attached). What this will do is force vBulletin to use a fallback javascript based uploader which is already provided in your system.


    The vulnerable file is also present in the vBulletin 5 download package though not used by the vBulletin 5 front-end. We recommend that you delete the file and replace it with the attached file.

    We have also updated all download packages for vBulletin 4.X and 5.X with the new empty file.

    To resolve this issue take the following steps:
    Delete uploader.swf located in clientscript/yui/uploader/assets or /core/clientscript/yui/uploader/assets
    Replace it with the attached file.
    Alternatively, you can download the vBulletin package for your version and replace it from that download.

    Note: We will not be fixing the vulnerability in the SWF file directly nor do we plan to take any other action on this issue at this time.
    Steven Ciaburri | Industry's Best Server Management -
    Software Auditing - 400+ Vulnerabilities Found - Quote @
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    wow, had no idea. Thanks for this. How did you get the notiication? Are you subscribed to something?

Similar Threads

  1. Major Security Issue with vbulletin
    By QualityHost in forum WHT Announcements, Feedback and Questions
    Replies: 4
    Last Post: 07-22-2010, 07:45 PM
  2. .swf files & security
    By p0l0mint in forum Hosting Security and Technology
    Replies: 3
    Last Post: 03-21-2006, 03:27 PM
  3. CeleronDude's Uploader image's major security issue!
    By LegendHost in forum Hosting Security and Technology
    Replies: 6
    Last Post: 04-04-2005, 01:18 PM
  4. RAQ 4 ISSUE: File Not Found
    By about2flip in forum Dedicated Server
    Replies: 7
    Last Post: 01-08-2003, 09:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts