vb.org Archive - vBulletin 3.6.4 Released

vBulletin 3.6.4

The discovery of a potential cross-site scripting (XSS) issue in the administrators control panel has necessitated the preventative release of vBulletin 3.6.4 Due to several mitigating factors, this issue is hard to exploit and careful browsing by the admins can prevent it entirely. Nonetheless, we strongly recommend that all of our customers upgrade or apply the patch as soon as possible.

Additionally, vBulletin 3.6.4 includes fixes for several non-security-related bugs, see here for a full list.

Updating your vBulletin to combat the XSS issue:

Please note that this issue is present in other versions of vBulletin as well. Please see the appropriate announcement!

You have two options to fix the XSS issue:

Full Upgrade: The best way to fix the problem is to perform a full upgrade, downloading the complete 3.6.4 package from the vBulletin Members' Area and following the regular upgrade instructions.
Patch: A second option is to download the patch files discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available from the Members' Area patch page!

If you absolutely cannot apply the patch or upgrade...

We strongly recommend you actively take steps to address this issue. However, if this is not possible, we recommend that administrators only log into the control panel when work is necessary. While you are logged into the control panel, do not click unknown links. Log out from the control panel using the link in the upper right of the screen immediately after finishing your work. If you are unexpectedly presented with the control panel login screen after clicking a link, do not login.

PHP and MySQL Requirements

Please note that vBulletin 3.6.x requires at least PHP 4.3.3 and MySQL 4.0.16 or later.

....Read more at vBulletin 3.6.4 Released

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

X vBulletin 3.8.12 by vBS Debug Information

Page Generation 0.01177 seconds
Memory Usage 1,729KB
Queries Executed 10 (?)

More Information

Template Usage:

(1)ad_footer_end
(1)ad_footer_start
(1)ad_header_end
(1)ad_header_logo
(1)ad_navbar_below
(1)bbcode_quote_printable
(1)footer
(1)gobutton
(1)header
(1)headinclude
(6)option
(1)pagenav
(1)pagenav_curpage
(2)pagenav_pagelink
(1)post_thanks_navbar_search
(1)printthread
(10)printthreadbit
(1)spacer_close
(1)spacer_open

Phrase Groups Available:

global
postbit
showthread

Included Files:

./printthread.php
./global.php
./includes/init.php
./includes/class_core.php
./includes/config.php
./includes/functions.php
./includes/class_hook.php
./includes/modsystem_functions.php
./includes/class_bbcode_alt.php
./includes/class_bbcode.php
./includes/functions_bigthree.php

Hooks Called:

init_startup
init_startup_session_setup_start
init_startup_session_setup_complete
cache_permissions
fetch_threadinfo_query
fetch_threadinfo
fetch_foruminfo
style_fetch
cache_templates
global_start
parse_templates
global_setup_complete
printthread_start
pagenav_page
pagenav_complete
bbcode_fetch_tags
bbcode_create
bbcode_parse_start
bbcode_parse_complete_precache
bbcode_parse_complete
printthread_post
printthread_complete

Messages:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01177 seconds Memory Usage 1,729KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: