57 matches found
EUVD-2016-3638
Malware in sbrugna...
EUVD-2017-17839
Malware in sbrugna...
EUVD-2017-17837
Malware in sbrugna...
EUVD-2003-1444
Malware in sbrugna...
EUVD-2015-6747
Malware in sbrugna...
EUVD-2015-6749
Malware in sbrugna...
EUVD-2017-17838
Malware in sbrugna...
CVE-2015-6810
Cross-site scripting XSS vulnerability in Invision Power Services IPS Community Suite aka Invision Power Board, IPB, or Power Board 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the eventlocationaddress array parameter to calendar/submit/...
CVE-2015-6812
Invision Power Services IPS Community Suite aka Invision Power Board, IPB, or Power Board before 4.0.12.1 allows remote attackers to cause a denial of service loop and memory consumption via a crafted URL...
CVE-2017-8898
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/=create request. This is relate...
CVE-2017-8897
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision...
K33721814: PHP vulnerability CVE-2016-6174
Security Advisory Description applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite aka Invision Power Board, IPB, or Power Board before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code vi...
Invision Power Services, Inc.: support.invisionpower.com takeover the subdomain with Zendesk
The subdomain at https://support.invisionpower.com has an unclaimed CNAME record ipscommunity.zendesk.com . I checked the username availability in the signup process at Zendesk, it was observed that the subdomain is vulnerable to a subdomain takeover which allows an attacker could exploit such a...
Invision Power Services, Inc.: PHP Code Injection through "previewBlock()" method
Summary: The vulnerability exists because the IPS\cms\modules\front\pages\builder::previewBlock method allows to pass arbitrary content to the IPS\Theme::runProcessFunction method, which will be used in a call to the eval function. This can be exploited to inject and execute arbitrary PHP code...
Invision Power Services Community Suite Reflected Cross Site Scripting (CVE-2017-8897)
A reflected cross site scripting vulnerability exists in Invision Power Services Community Suite. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
Invision Power Services Community Suite IPS UTF8 Converter Cross Site Scripting Vulnerability
Invision Power Services IPS Community Suite is an integrated application for building communities on the web.IPS UTF8 Converter is one of these transcoders. A cross-site scripting vulnerability exists in IPS UTF8 Converter version 1.1.18 in IPS Community Suite 4.1.19.2 and earlier. A remote...
Cross site scripting
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision...
CVE-2017-8899
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...
CVE-2017-8898
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...
Cross site scripting
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...