CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3547 – Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-3547
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board 2.1 permite a atacantes remotos inyectar web scritp o HTML de su elección mediante los parámetros (1) adsess, (2) name y (3) description en admin.php, y (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, y otros múltiples campos de entrada. • https://www.exploit-db.com/exploits/26478 http://benji.redkod.org/audits/ipb.2.1.pdf http://osvdb.org/20516 http://osvdb.org/20517 http://osvdb.org/20518 http://osvdb.org/20519 http://osvdb.org/20520 http://osvdb.org/20521 http://osvdb.org/20522 http://secunia.com/advisories/17443 http://www.securityfocus.com/archive/1/415801/30/0/threaded http://www.securityfocus.com/bid/15344 http://www.securityfocus.com/bid/15345 https://exchange.xforce&# •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3477
https://notcve.org/view.php?id=CVE-2005-3477
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0519.html http://secunia.com/advisories/17393 http://securityreason.com/securityalert/105 http://www.securityfocus.com/bid/15286 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2005-3395 – Invision Gallery 2.0.3 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3395
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter. • https://www.exploit-db.com/exploits/26438 http://secunia.com/advisories/17375 http://www.osvdb.org/20419 http://www.securityfocus.com/archive/1/415297 http://www.securityfocus.com/bid/15240 http://www.vupen.com/english/advisories/2005/2257 https://exchange.xforce.ibmcloud.com/vulnerabilities/22928 •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 2CVE-2005-2542 – Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2542
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. • https://www.exploit-db.com/exploits/26104 http://marc.info/?l=bugtraq&m=112327712614854&w=2 http://secunia.com/advisories/16348 http://www.securityfocus.com/bid/14492 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2005-1948 – Invision Power Services Invision Gallery 1.0.1/1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-1948
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. • https://www.exploit-db.com/exploits/25806 http://marc.info/?l=bugtraq&m=111834146710329&w=2 http://www.gulftech.org/?node=research&article_id=00079-06092005 http://www.securityfocus.com/bid/13907 •