---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Invision Power Board Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26788 VERIFY ADVISORY: http://secunia.com/advisories/26788/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: Invision Power Board 2.x http://secunia.com/product/3705/ DESCRIPTION: Some vulnerabilities have been reported in Invision Power Board, which can be exploited by malicious users to conduct script insertion attacks or bypass certain access restrictions. 1) Input passed to unspecified fields in the user profile is not properly sanitised in ips_kernel/class_ajax.php before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrative user's browser session in context of an affected site when the malicious user's profile is being viewed. Successful exploitation requires that Invision Power Board is configured to use character sets different from "iso-8859-1" and "utf-8". 2) An error exists in the subscription manager when processing payments. This can be exploited to modify a member's ID via a specially crafted payment form. Successful exploitation allows e.g. demoting administrators and moderators to the subscriber's group, but requires that the subscription packages are enabled. The vulnerabilities are reported in versions 2.3.1. Prior versions may also be affected. SOLUTION: Download version 2.3.1, which has been updated to fix the vulnerabilities. http://www.invisionpower.com/ Apply the vendor patch. http://forums.invisionpower.com/index.php?act=attach&type=post&id=11869 Follow the manual patch instructions. http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits http://www.turkish-media.com/forum/. 2) The vendor credits http://communityseo.com/forums/. ORIGINAL ADVISORY: http://forums.invisionpower.com/index.php?showtopic=237075 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------