CVE-2017-8897
https://notcve.org/view.php?id=CVE-2017-8897
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tiene XSS reflejado previo a la autenticación en el IPS UTF8 Converter v1.1.18: El vector de ataque es admin/convertutf8/index.php?Controller=. • http://zeroday.insecurity.zone/exploits/ipb_owned.txt https://twitter.com/insecurity/status/862154908895780864 https://twitter.com/sxcurity/status/862284967715381248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-8898
https://notcve.org/view.php?id=CVE-2017-8898
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tienen un XSS almacenado en Announcements, permitiendo escalada de privilegios desde un moderador Invision Power Board hasta admin. • http://zeroday.insecurity.zone/exploits/ipb_owned.txt https://twitter.com/insecurity/status/862154908895780864 https://twitter.com/sxcurity/status/862284967715381248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2564
https://notcve.org/view.php?id=CVE-2016-2564
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation. Invision Power Services (IPS) Community Suite en versiones anteriores a 4.1.9 hace más fácil el secuestro de sesión confiando en la función uniqid de PHP sin el indicador more_entropy. Los atacantes pueden adivinar una cookie de sesión de Invision Power Board si pueden predecir el tiempo exacto de la generación de cookie • https://invisionpower.com/release-notes/419-r37 https://medium.com/%40iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9 • CWE-331: Insufficient Entropy •
CVE-2016-6174 – IPS Community Suite 4.1.12.3 - PHP Code Injection
https://notcve.org/view.php?id=CVE-2016-6174
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. applications/core/modules/front/system/content.php en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.1.13, cuando se utiliza con PHP en versiones anteriores a 5.4.24 o 5.5.x en versiones anteriores a 5.5.8, permite a atacantes remotos ejecutar código arbitrario a través del parámetro content_class. IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability. • https://www.exploit-db.com/exploits/40084 http://karmainsecurity.com/KIS-2016-11 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html http://seclists.org/fulldisclosure/2016/Jul/19 http://www.securityfocus.com/bid/91732 https://invisionpower.com/release-notes/4113-r44 https://support.apple.com/HT207170 •
CVE-2015-6812
https://notcve.org/view.php?id=CVE-2015-6812
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. Vulnerabilidad en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.0.12.1, permite a atacantes remotos causar una denegación de servicio (bucle y consumo de memoria) a través de una URL manipulada. • https://community.invisionpower.com/release-notes/40121-r22 • CWE-399: Resource Management Errors •