IPBSupport News

OpenID Security Update for IP.Board 3.0.2 We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases. Protecting Your IP.Board There are two methods to protect your community. Method 1: Disable OpenID The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP: [*]Click "Log In Management" in the AdminCP [*]Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue. [*]If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No" If OpenID is disabled and you do not use/need this login method you do not need to do anything further. Method 2: Upload Source File If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file. 260809.zip (5.17K) : 3927 Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement. Quelle: http://community.invisionpower.com/topic/291738-openid-security-update-for-ip-board-3-0-2/page__s__0704203ef84f8c6d86511871f5c797cc

OpenID Security Update for IP.Board 3.0.2 We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases. Protecting Your IP.Board There are two methods to protect your community. Method 1: Disable OpenID The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP: [*]Click "Log In Management" in the AdminCP [*]Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue. [*]If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No" If OpenID is disabled and you do not use/need this login method you do not need to do anything further. Method 2: Upload Source File If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file. 260809.zip (5.17K) : 3927 Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement. Quelle: http://community.invisionpower.com/topic/291738-openid-security-update-for-ip-board-3-0-2/page__s__5533f4fbec7bf0dd28bcbaee3eeab9c1

OpenID Security Update for IP.Board 3.0.2 We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases. Protecting Your IP.Board There are two methods to protect your community. Method 1: Disable OpenID The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP: [*]Click "Log In Management" in the AdminCP [*]Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue. [*]If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No" If OpenID is disabled and you do not use/need this login method you do not need to do anything further. Method 2: Upload Source File If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file. 260809.zip (5.17K) : 3927 Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement. Quelle: http://community.invisionpower.com/topic/291738-openid-security-update-for-ip-board-3-0-2/page__s__1c7a260181ae724dcfffec118b3b6d7f

OpenID Security Update for IP.Board 3.0.2 We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases. Protecting Your IP.Board There are two methods to protect your community. Method 1: Disable OpenID The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP: [*]Click "Log In Management" in the AdminCP [*]Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue. [*]If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No" If OpenID is disabled and you do not use/need this login method you do not need to do anything further. Method 2: Upload Source File If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file. 260809.zip (5.17K) : 3930 Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement. Quelle: http://community.invisionpower.com/topic/291738-openid-security-update-for-ip-board-3-0-2/page__s__3a802c40eb72b5b0d29efa0450c3c736

OpenID Security Update for IP.Board 3.0.2 We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases. Protecting Your IP.Board There are two methods to protect your community. Method 1: Disable OpenID The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP: [*]Click "Log In Management" in the AdminCP [*]Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue. [*]If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No" If OpenID is disabled and you do not use/need this login method you do not need to do anything further. Method 2: Upload Source File If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file. 260809.zip (5.17K) : 3931 Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement. Quelle: http://community.invisionpower.com/topic/291738-openid-security-update-for-ip-board-3-0-2/page__s__f2198574639e1436aa5328052849bb7c

OpenID Security Update for IP.Board 3.0.2 We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases. Protecting Your IP.Board There are two methods to protect your community. Method 1: Disable OpenID The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP: [*]Click "Log In Management" in the AdminCP [*]Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue. [*]If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No" If OpenID is disabled and you do not use/need this login method you do not need to do anything further. Method 2: Upload Source File If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file. 260809.zip (5.17K) : 30 Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement. Quelle: http://forums.invisionpower.com/topic/291738-openid-security-update-for-ip-board-3-0-2/

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://forums.invisionpower.com/topic/291273-community-content-system-1-0-1-released/

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__0704203ef84f8c6d86511871f5c797cc

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__5533f4fbec7bf0dd28bcbaee3eeab9c1

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__1c7a260181ae724dcfffec118b3b6d7f

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__3a802c40eb72b5b0d29efa0450c3c736

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__cfdb27d5a064cc833043b09e03786115

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__7e2fdd66e5905e380381b61bf43dfd38

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__9672962a742e0d6db1b7800d014ea3d4

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__716aa83f946c032093ef44739b7ebbeb

We are pleased to announce Community Content System 1.0.1 has been released. This is a maintenance release for Community Content System to fix bugs reported from the 1.0.0 release. There are no new features in this release. New features will be introduced based on client feedback in the next release cycle. Downloading You can download CCS 1.0.1 if you have an active license in the client area. As always, make a backup of your community before proceeding. Pricing The introductory price of $35 is still valid for this release. Act now to secure this lower pricing. The price will go up in future releases with enhanced feature sets. More Information See the original announcement for more information on CCS. Quelle: http://community.invisionpower.com/topic/291273-community-content-system-1-0-1-released/page__s__f2198574639e1436aa5328052849bb7c

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6103 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6325 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__0704203ef84f8c6d86511871f5c797cc

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6326 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__5533f4fbec7bf0dd28bcbaee3eeab9c1

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6326 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__1c7a260181ae724dcfffec118b3b6d7f

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6329 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__3a802c40eb72b5b0d29efa0450c3c736

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6329 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__cfdb27d5a064cc833043b09e03786115

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6330 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__7e2fdd66e5905e380381b61bf43dfd38

Security Update for IP.Board 3.0.2 It has come to our attention that there are two potential SQL injection vulnerabilities present in IP.Board 3.0 which can be taken advantage of via careful URL crafting. Resolution The attached zip contains two files which fix the issue. The files are for IP.Board version 3.0.2 only. Those still running 3.0.0 or 3.0.1 will need to upgrade to 3.0.2 as soon as possible. The main 3.0.2 download zip was updated at 10:15 am EST August 18, 2009. If you download 3.0.2 after this time: your files are already updated. Simply download the attached zip file and upload the files contained within to your IP.Board directory on your server. No other action is required. 180809.zip (13.73K) : 6332 Support Note: While our technical support department will apply this patch for you on request for those with support service, we strongly suggest you apply this patch yourself whenever possible. Applying the patch is a simple matter of uploading files to your server and, once done, your community is instantly protected without having to wait for our technicians to do the upload for you. Impacted Versions: 3.0.0 3.0.1 3.0.2 versions downloaded before posted time or unpatched Not Impacted: 2.0.x 2.1.x 2.2.x 2.3.x The vulnerability information was purchased by Beyond Security's SecuriTeam Secure Disclosure. The discoverer of the vulnerability requested to remain anonymous. IPS thanks this group for bringing it to our attention. Quelle: http://community.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update/page__s__9672962a742e0d6db1b7800d014ea3d4