vBulletin 3.0.5
Critical Update
The discovery of a serious security vulnerability in versions of vBulletin 3 up to and including 3.0.4 has necessitated the immediate release of a version to plug the hole.
The vulnerability affects anyone running vBulletin 3 on PHP 4 with register_globals enabled in php.ini.
This is a CRITICAL update, and urge all affected customers to upgrade vBulletin with the utmost urgency.
vBulletin 3.0.5 includes all the updates recently released as part of vBulletin 3.0.4, including a long list of fixes for minor annoyances and bugs found since version 3.0.3.
[...]
Important Warning About Sensitive Data
Due to the nature of the vulnerability discovered in vBulletin 3, and as part of our ongoing effort to maximize security, we must assume that one or all of the vBulletin servers may have been compromised.
Therefore, we would STRONGLY RECOMMEND that any customers who may have submitted sensitive data; such as vBulletin admin control panel or server login details, to Jelsoft staff in the past should take steps to alter these details, so that any information that may have been accessed by an unauthorized party could not be used.
We would like to reassure our customers that Jelsoft keeps NO RECORD of credit card numbers used in transactions, making it impossible for these details to be discovered or abused.
Additionally, steps have been taken and are ongoing to ensure that any potentially leaked data does not contain sensitive data.