New Security Issue in VB?

The VB support staff show how caring they can be.

Why not?

Strange to relate to you, but people have a right to post their opinion, as long as it does not break the rules.

I know that you get frustrated about not having the ban button, but anyone with an interest in VB are allowed to post about it.
Even if it does or does not agree with the censored opinions on VB.

 

Good to hear the devs are aware of it and will have it patched although I always deleted the install folder whenever I had installed vbulletin in the past.

 

"potential exploit"? It is or it isn't and as it has occurred on numerous occasions suggests they are grasping at straws to explain it and just throwing out "try this to fix it". Even Paul M has given several speculations in this thread but at least he called it what it was. An exploit.

 

I agree, this is something I do as well. And I've seen some programs that do remove the install files as a final clean up after the install.

 

Hate to say it Paul, but EVERYTHING you say is considered to be official vBulletin. Everything you say reflects vBulletin/Internet Brands.

I have a package going out to Mr. Brisco soon with things I think is wrong with vBulletin accumulated from various forums and I hate to say it but the majority of things are postings by you. Again your actions speak on behalf of vBulletin.

Your a bad apple, and you know what happens to bad apples.

 

Ouch, we all know what happens when

 

Yeah, this is completely irrelevant:

 

Perhaps you haven't noticed but that's not his avatar here. He is here as an individual, not as a representative of IB. That's his prerogative. He has a right to decide what he does on his free time just like the rest of us.

 

I for one, welcome everyone to post here

 

Correct, its totally irrelevant.

My posts here have nothing to do with who I work for.
Only those with axes to grind keep trying to state differently.

Scotts posts are not posted as official posts of VBG, your posts are not officail posts of whoever you work for, nor are anyone elses. Stop trying to kid everyone that posts from someone who happens to work for one company [you happen to hate] are official posts, while everyone elses are not. Its complete nonsense.

Unless I tell you otherwise, everything and anything I post is as a vB customer (Yes, I am) , user and administrator.
I shouldnt even have to make that clear as its common sense, but as always, the few will try to twist reality to fit their agenda.

 

Several ?
I only posted one possible guess on Sunday, before any information on an exploit was available, and then posted about the actual exploit, as posted in the announcements forum yesterday.

Its "potential" only because you need a certain level of technical knowledge to use it, plus the relevant details on what to do, and of course, it only works if the files exist on the target.

 

Maybe you too will be banned then ? Or you can wait until you too are pushed out, then you can really post as only a customer.

ROTFLMAO!!!

Oh dear me, our daily entertainment has arrived.

 

1 speculation

2 speculations and confirmation of an exploit. 2 or more speculations equals several or it did when I went to school.
SO is what you are saying is that if and only if the install files are present they can gain access and assign themselves as administrator by simply running an SQL query? And in the case where the install files are not present how can this breach be explained?

 

WOOHOO please don't change my Trophy Points. At my age 69's are hard to come by LMAO

 

Ehem....correction.

Scott's posts are from Scott, who is sole proprietor of Adduco Digital e.K., who is the ex-distributor of vBulletin and in charge still of vB-Germany.com and whose opinions are his and thus as official as anything he'd post on vB-G.com or any other official site of Adduco.

The difference being, I can speak much more openly on third party sites than I would on vB-G.com. That doesn't mean what I say on those sites doesn't have any more or less merit. I stand by what I say, as a person, as the leader of Adduco and of vB-G.com, no matter where I speak.

My only disclaimer is that my opinions and views ARE DEFINITELY NOT THE SAME as any of IB's staff or management. That is where you have a problem. You are a member of IB's staff and most people know that. As such, you must represent IB as best you can and thus, you are stuck with their rules and policies and direction and have to deal with the onslaught they have caused.

I don't. Not really. [edit] - Thank god.

Scott

 

@Paul M
Are you suggesting that very few people have this "certain level of technical knowledge to use it"???? That would hardly qualify this as a "potential" anything. I think others will disagree with you in that it either is or is not an exploit without any grey area of "well it could or could not be depending on ones certain level of technical knowledge". I don't have I guess that level you speak of but I don't believe your explanation or definition of "potential exploit".

 

Your posts are about who you work for and vigorously defend the company that you are under contract with. Therefore your posts have everything to do with who you work for.

Can you imagine that there are other motives possible than only haters and fanboys? The world is not that simple.

I can understand how you may interpret some of my posts as such, but your conclusion is incorrect. I do have a deep distrust & disappointment in regards to IB / vbs and their motives. I do not hate that company. I suspect that its motive / vb business model is to tank their vbulletin customers and IB competitors. Like most of vbulletin websites, my sites also compete with IB's 2000+ websites.

 

@Paul M. I do not think that anyone here HATES you or even VB/IB. I can however see a lot of disappointment in the actions of VB/IB and the support staff.

Time and time again, you avoid facing the truth. The FACTS are that if you and VB/Ib treat customers with disdain, then there will be inevitable results. I can understand that the results and reaction to your arrogance will not be to your liking. But this will not change things, only you and VB/IB can do this.

I am sure you are not aware of this, but I feel that just about all the members here have been quite restrained, in trying to point out the failings and how they affect them. I know I have been restrained in what I have said.

NO Paul, the members here are NOT sycophants nor subject to your whims, they are adults who are expressing their opinions in a generally civilized and reasonable manner.

It is about time you realized how you are being perceived and your reasons for insulting and defaming honest people.

What will you achieve by defaming people here? We are not frightened children and will never cower to you.

Sorry dude, but you seem to have totally lost it.

 

Many have been restrained, a select few continue to be less so, and they know who they are.

It's the same names across several sites.

 

Who by?