Just letting you know that Jelsoft has released 2 new security patches for vBulletin 3.7.3 PL1 and 3.6.11 PL1

Quote Originally Posted by vBulletin.com
A report was published recently pointing to potential flaws within the random number generator in PHP applications who use a weak seed and then go on to disclose any of the random numbers generated. This flaw could allow random numbers within vBulletin to be predicted and under the correct circumstances allow an attacker to obtain access to a user's account. To resolve this issue, it is necessary to release patch level versions of vBulletin 3.7.3 and 3.6.11.

This original flaw was discovered by Stefan Esser and its application within vBulletin by another individual.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.

This security patches do not affect the skins in any way, no template changes or new version number