• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: 4 DoS Vulnerabilities

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: 4 DoS Vulnerabilities

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on November 14, 2015 10:04 AM
      3 Comments Comments
      Over the past week, our users and developers have uncovered a combined total of four (4) issues in VaultWiki, that can either be exploited to create a denial of service condition or will create a denial of service condition automatically.

      The "Tag Duplication Vulnerability" creates the condition automatically, and it affects VaultWiki 4.0.7 on XenForo only.

      The "Node Overload Vulnerability" and "Template Expansion Vulnerability" exist in all versions of VaultWiki 2.x, 3.x, and 4.x series.

      The "Template Usage Vulnerability" exists in all versions of VaultWiki 2.3.x, 2.5.x, 3.x, and 4.x series.

      These vulnerabilities do not require any technical expertise to exploit. Most of them simply require tedious work and abuse of existing features for an attacker (or group of attackers) to create the condition.

      "Node Overload" affects VaultWiki Lite 4.0.0 - 4.0.7.

      We have published the following Patch Level releases to resolve these issues:
      • 4.0.7 Patch Level 1
      • 4.0.6 Patch Level 4
      • 4.0.5 Patch Level 4
      • 4.0.4 Patch Level 4
      • 4.0.3 Patch Level 4
      • 4.0.2 Patch Level 7
      • 4.0.1 Patch Level 10
      • 4.0.0 Patch Level 9
      • 4.0.0 RC 5 Patch Level 8


      We highly recommend that all users running any version of VaultWiki in a production environment update to a patched release as soon as possible.
      Comments 3 Comments
      1. hollosch - November 16, 2015
        • Reply
        Hi, 4.0.7 build 002 includes this patch ?
      1. pegasus - November 16, 2015
        • Reply
        No, 4.0.7 Patch Level 1 is newer.
      1. hollosch - November 16, 2015
        • Reply
        Ok, thx.

      Oops!

       
      Cancel Changes
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 9:09 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.