Page 3 of 62 results (0.011 seconds)

CVSS: 8.1EPSS: 22%CPEs: 22EXPL: 3

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. applications/core/modules/front/system/content.php en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.1.13, cuando se utiliza con PHP en versiones anteriores a 5.4.24 o 5.5.x en versiones anteriores a 5.5.8, permite a atacantes remotos ejecutar código arbitrario a través del parámetro content_class. IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability. • https://www.exploit-db.com/exploits/40084 http://karmainsecurity.com/KIS-2016-11 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://packetstormsecurity.com/files/137804/IPS-Community-Suite-4.1.12.3-PHP-Code-Injection.html http://seclists.org/fulldisclosure/2016/Jul/19 http://www.securityfocus.com/bid/91732 https://invisionpower.com/release-notes/4113-r44 https://support.apple.com/HT207170 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. Vulnerabilidad en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.0.12.1, permite a atacantes remotos causar una denegación de servicio (bucle y consumo de memoria) a través de una URL manipulada. • https://community.invisionpower.com/release-notes/40121-r22 • CWE-399: Resource Management Errors •

CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 1

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. Vulnerabilidad de XSS en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) 4.x en versiones anteriores a 4.0.12.1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro del vector event_location[address] a calendar/submit/ • https://www.exploit-db.com/exploits/37989 https://community.invisionpower.com/release-notes/40121-r22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 1

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. Vulnerabilidad de inyección SQL en el servicio IPS Connect (interface/ipsconnect/ipsconnect.php) en Invision Power Board (también conocido como IPB o IP.Board) 3.3.x y 3.4.x hasta 3.4.7 anterior a 20141114 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id[]. • http://community.invisionpower.com/blogs/entry/9704-active-security-exploit http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update http://seclists.org/fulldisclosure/2014/Nov/20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. Vulnerabilidad de XSS en Invision Power IP.Board (también conocido como IPB or Power Board) 3.4.x hasta 3.4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer en admin/install/index.php. • http://www.securityfocus.com/archive/1/532822/100/0/threaded http://www.securityfocus.com/bid/68705 https://exchange.xforce.ibmcloud.com/vulnerabilities/94693 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •