EUVD-2021-26379

Malware in sbrugna...

EUVD-2021-27779

Malicious code in bioql PyPI...

CVE-2021-40604

A Server-Side Request Forgery SSRF vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated us...

CVE-2021-40604

A Server-Side Request Forgery SSRF vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated us...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated us...

CVE-2021-40604

CVE-2021-40604 affects IPS Community Suite prior to 4.6.2, where an SSRF vulnerability exists that can be triggered by remote authenticated users, with possible unauthenticated exploitation in some cases. The root cause involves dynamic class-name generation that can trigger deserialization via t...

CVE-2021-40604

A Server-Side Request Forgery SSRF vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated us...

CVE-2021-39249

Invision Community (IPS Community Suite / IP-Board) prior to 4.6.5.1 is affected by a reflected XSS vulnerability. The issue arises because uploaded file names are predictable via brute-force against PHP mt_rand, enabling an attacker to craft payloads that may be reflected. Affected product: Invi...

CVE-2021-39250

Invision Community (IPS Community Suite/IP-Board) is affected by a stored XSS in versions prior to 4.6.5.1, which can lead to code execution. The vulnerability arises because an uploaded file can be placed inside an IFRAME within user-generated content. For exploitation, an attacker can rely on t...

CVE-2021-32924

Invision Community aka IPS Community Suite before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\builder::previewBlock method interacts unsafely with the IPS\Theme::runProcessFunction method...

CVE-2021-32924

Invision Community (IPS Community Suite) before 4.6.0 is vulnerable to an eval-based PHP code injection via the moderator-accessible previewBlock path in IPS\cms\modules\front\pages_builder::previewBlock, which interacts unsafely with IPS_Theme::runProcessFunction. Root cause: unsafe handling ena...

IPS Community Suite 4.5.4.2 PHP Code Injection

------------------------------------------------------------------------------ IPS Community Suite = 4.5.4.2 previewBlock PHP Code Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

IPS Community Suite 4.5.4.2 PHP Code Injection Vulnerability

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\builder::previewBlock method allows to pass arbitrary content to the IPS\Theme::runProcessFunction method, which will be used in a call t...

Sql injection

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...

CVE-2021-3025

Summary: CVE-2021-3025 affects Invision Community IPS Community Suite up to version 4.5.4.2. The vulnerability is an SQL Injection in the Downloads REST API, triggered by the sortDir parameter via sortBy=popular in the GETindex() method of /applications/downloads/api/files.php. The issue could al...

CVE-2021-3025

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...

IPS Community Suite Cross-Site Scripting Vulnerability

IPS Community Suite is an Internet community software produced mainly by Invision Power Services, which is written in PHP and uses MySQL as a database management system. Versions of IPS Community Suite prior to 4.5.4.2 are vulnerable to a cross-site scripting vulnerability during a quoted post or...

IPS Community Suite 4.5.4 SQL Injection

----------------------------------------------------------------------------- IPS Community Suite sortBy == 'popular' 56. 57. \IPS\Request::i-sortDir = \IPS\Request::i-sortDir ?: 'ASC'; 58. $sortBy = 'filerating ' . \IPS\Request::i-sortDir . ', filereviews'; 59. $where = array array 'filerating?'...

CVE-2021-3026

Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment...

CVE-2021-3026

CVE-2021-3026 affects Invision Community IPS Community Suite prior to 4.5.4.2 and enables cross-site scripting during the quoting of a post or comment. The issue is described as XSS in the quoting workflow, with multiple external records corroborating the vulnerability. The provided documents do ...