Malicious code in @zalastax/nolb-ipb (npm)

The package @zalastax/nolb-ipb was found to contain malicious code...

MAL-2025-12044 Malicious code in @zalastax/nolb-ipb (npm)

The package @zalastax/nolb-ipb was found to contain malicious code...

CVE-2009-5159

Invision Power Board (IPB) 2.x–3.0.4 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via a .txt attachment when using Internet Explorer 5. The issue is explicitly described as XSS, but the available documents do not provide deeper details on the root cause beyond t...

CVE-2013-3725

IPB (Invision Power Board) versions up to 3.x are affected by CVE-2013-3725, with vulnerability described as an admin account takeover that leads to code execution. Affected component: admin/auth flow enabling unauthorized admin access, enabling remote code execution. Root cause not elaborated in...

Sql injection

SQL injection vulnerability in Invision Power Board aka IPB or IP.Board before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter...

CVE-2014-4928

CVE-2014-4928 describes an SQL injection in Invision Power Board (IPB/IP.Board) prior to version 3.4.6. The vulnerability allows a remote attacker to execute arbitrary SQL commands through the cId parameter. Multiple connected documents corroborate the affected product (IPB/IP.Board) and the vuln...

portal3.ipb.pt XSS vulnerability

Open Bug Bounty ID: OBB-565862 Description| Value ---|--- Affected Website:| portal3.ipb.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

live.ipb.ac.id XSS vulnerability

Vulnerable URL: http://live.ipb.ac.id/search/%22%3E%3Csvg%20onload%3Dalert%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

CVE-2016-6174

CVE-2016-6174 affects IPS Community Suite (Invision Power Board) prior to 4.1.13. The flaw is in applications/core/modules/front/system/content.php where the content_class parameter can enable remote arbitrary code execution when used with PHP versions older than 5.4.24 (or 5.5.x older than 5.5.8...

CVE-2015-6812

CVE-2015-6812 affects Invision Power Services IPS Community Suite (IPS Community Suite/IPB/Power Board) prior to 4.0.12.1. A remote attacker can trigger a denial of service through a crafted URL, causing a loop and memory consumption. The connected documents corroborate the vulnerability descript...

CVE-2015-6810

CVE-2015-6810 is an XSS vulnerability in Invision Power Services IPS Community Suite (IPS Community Suite) 4.x up to version 4.0.12.1. Remote authenticated users can inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. The NVD entry lists a base...

CVE-2014-9239

This CVE refers to a SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) of Invision Power Board (IPB/IP.Board) 3.3.x and 3.4.x up to 3.4.7, exploitable via the id[] parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands....

IP. Board 3.4.5 SQL injection vulnerability in the use and analysis-vulnerability warning-the black bar safety net

I. background information First I want to introduce this web App of background information, as well as on the vulnerability of some of the basic overview: IPB Forum known as Invision Power Board（abbreviated IPB or IP. Board, is the world's most famous Forum app by PHP+MySQL architecture, 1. The X...

CVE-2014-3149

CVE-2014-3149 is a reflected XSS in Invision Power IP.Board (IP.Board) versions 3.3.x and 3.4.x up to 3.4.6 (and IP.Nexus 1.5.x up to 1.5.9). The vulnerability allows injection of arbitrary web script via unspecified vectors and is categorized as low severity with limited exploitability; vendor p...

IPB 3.0.1 - SQL Injection exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB 3.0.1 sql injection exploit // Version 1.0 // written by Cryptovirus //...

Invision Power Board Army System Mod 2.1 - SQL Injection Exploit

No description provided by source. ?php / --------------------------- EXPLOIT --------------------------- Invision Power Board Army System Mod 2.1 SQL Injection Exploit Tested on: Latest version 2.1.0 Discovered on: 06.02.2006 by Alex & fRoGGz Credits to: SecuBox Labs PLEASE READ THIS ! The query...

Invision Power Board <= 3.3.4 unserialize Regex Bypass

No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...

DoS via tables corruption in WordPress

Hello 3APA3A! There is DoS vulnerability in WordPress, about which I wrote in 2009 http://websecurity.com.ua/3152/, on English http://perishablepress.com/important-security-fix-for-wordpress/comment-page-5/comment-71666, which allows to conduct DoS attack or reinstall of the engine depending on...

On IPB just out of 0day vulnerabilities due to mysql truncation causes of vulnerability-vulnerability warning-the black bar safety net

First posted about the original: http://www.john-jean.com/blog/securite-informatique/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution-742 This is a good vulnerability, not IPB now using how widely although also in my day is used quite widely, sigh...

Invision Power Board 1.x?/2.x/3.x - Admin Takeover

IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN @johnjean on twitter Affected application: Invision Power Board = 3.4.4 Type of vulnerability: Logical Vulnerability / Bad...