From:
http://www.vbulletin.com/forum/showthread.php?t=91409

vBulletin 2.3.4

vBulletin 2.3.4 is a security and bug fix release. We recommend you upgrade as soon as possible; if this is not possible, you can simply use the updated calendar.php from this version to obtain the security fix.

Files Changes (from 2.3.3)
Main Directory: calendar.php, member.php, member2.php, report.php
Admin Directory: bbimport.php, functions.php, index.php
Mod Directory: none
The usuals (for version numbers): admin/global.php, admin/install.php, admin/upgrade1.php

If you see this error email:


Database error in vBulletin 2.3.2:

Invalid SQL: SELECT allowsmilies,public,userid,eventdate,event,subject FROM calendar_events WHERE eventid = 14 union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events WHERE eventid = 14)
mysql error: You have an error in your SQL syntax near 'union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calend' at line 1

mysql error number: 1064

Date: Tuesday 06th of January 2004 11:09:36 PM
Script: http://forums.*****.com/calendar.php?s=&action=edit&eventid=14%20union%20(SELECT%20allowsmilies,public ,userid,\'0000-0-0\',version(),userid%20FROM%20calendar_events%20WH ERE%20eventid%20=%2014)
Referer:


That is someone trying (and failing) to take advantage of the security error in vB 2.3.x.

Taken from:
http://www.vbulletin.com/forum/showthread.php?t=91408

So upgrade your 2.3.3 forums. ;) Go to vB3.

Added - the security issue only affects calendar.php APPARENTLY.

So just upload a new calendar.php found here:
http://www.vbulletin.com/forum/showpost.php?p=589133&postcount=3

Already upgraded to vB 3 :D

i collection spoons (refrence to vb.com thread)

I edited my first post. Apparently the security bug only affects calendar.php - you can download and upload an updated one from vB.com here:
http://www.vbulletin.com/forum/showpost.php?p=589133&postcount=3

Luckily I am using the latest Vb3 ^ ^

Does anyone know how to apply this upgrade if you are using vbportal? As part of the upgrade includes overwritting most files etc? which would mean I have to re-upload vbportal after?

Oh man I am so confused !!!!!

Does anyone know how to apply this upgrade if you are using vbportal? As part of the upgrade includes overwritting most files etc? which would mean I have to re-upload vbportal after?

Oh man I am so confused !!!!!
id suggest asking on the vBportal's forums, as it is a paid product :) but id suggest NOT using vBportal :)

You just need to overwrite the calendar.php file as instructed by vbulletin ... vbportal doesn't make any changes to that file.

Does anyone know how to apply this upgrade if you are using vbportal? As part of the upgrade includes overwritting most files etc? which would mean I have to re-upload vbportal after?

Oh man I am so confused !!!!!