CVE-2017-8899
https://notcve.org/view.php?id=CVE-2017-8899
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tienen un XSS almacenado y un problema de fuga de información en la funcionalidad de adjuntos en User CP. Puede ser utilizada por cualquier usuario Invision Power Board para ganar acceso a cuentas moderador/admin. • http://zeroday.insecurity.zone/exploits/ipb_owned.txt https://twitter.com/insecurity/status/862154908895780864 https://twitter.com/sxcurity/status/862284967715381248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-8897
https://notcve.org/view.php?id=CVE-2017-8897
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tiene XSS reflejado previo a la autenticación en el IPS UTF8 Converter v1.1.18: El vector de ataque es admin/convertutf8/index.php?Controller=. • http://zeroday.insecurity.zone/exploits/ipb_owned.txt https://twitter.com/insecurity/status/862154908895780864 https://twitter.com/sxcurity/status/862284967715381248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-8898
https://notcve.org/view.php?id=CVE-2017-8898
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tienen un XSS almacenado en Announcements, permitiendo escalada de privilegios desde un moderador Invision Power Board hasta admin. • http://zeroday.insecurity.zone/exploits/ipb_owned.txt https://twitter.com/insecurity/status/862154908895780864 https://twitter.com/sxcurity/status/862284967715381248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2564
https://notcve.org/view.php?id=CVE-2016-2564
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation. Invision Power Services (IPS) Community Suite en versiones anteriores a 4.1.9 hace más fácil el secuestro de sesión confiando en la función uniqid de PHP sin el indicador more_entropy. Los atacantes pueden adivinar una cookie de sesión de Invision Power Board si pueden predecir el tiempo exacto de la generación de cookie • https://invisionpower.com/release-notes/419-r37 https://medium.com/%40iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9 • CWE-331: Insufficient Entropy •
CVE-2016-6174 – IPS Community Suite 4.1.12.3 - PHP Code Injection
https://notcve.org/view.php?id=CVE-2016-6174
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. applications/core/modules/front/system/content.php en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.1.13, cuando se utiliza con PHP en versiones anteriores a 5.4.24 o 5.5.x en versiones anteriores a 5.5.8, permite a atacantes remotos ejecutar código arbitrario a través del parámetro content_class. IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability. • https://www.exploit-db.com/exploits/40084 http://karmainsecurity.com/KIS-2016-11 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html http://seclists.org/fulldisclosure/2016/Jul/19 http://www.securityfocus.com/bid/91732 https://invisionpower.com/release-notes/4113-r44 https://support.apple.com/HT207170 •