CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3549
https://notcve.org/view.php?id=CVE-2005-3549
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". Vulnerabilidad de inyección directa de código en Administrador de Tareas de Invision Power Board 2.0.1 permite a atacantes remotos limitados ejecutar código de su elección referenciando el fichero en el campo Task PHP File To Run y seleccionando Run Task Now. • http://secunia.com/advisories/17443 http://www.securityfocus.com/archive/1/415798/30/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/40003 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3477
https://notcve.org/view.php?id=CVE-2005-3477
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0519.html http://secunia.com/advisories/17393 http://securityreason.com/securityalert/105 http://www.securityfocus.com/bid/15286 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2005-3395 – Invision Gallery 2.0.3 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3395
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter. • https://www.exploit-db.com/exploits/26438 http://secunia.com/advisories/17375 http://www.osvdb.org/20419 http://www.securityfocus.com/archive/1/415297 http://www.securityfocus.com/bid/15240 http://www.vupen.com/english/advisories/2005/2257 https://exchange.xforce.ibmcloud.com/vulnerabilities/22928 •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 2CVE-2005-2542 – Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2542
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. • https://www.exploit-db.com/exploits/26104 http://marc.info/?l=bugtraq&m=112327712614854&w=2 http://secunia.com/advisories/16348 http://www.securityfocus.com/bid/14492 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1945
https://notcve.org/view.php?id=CVE-2005-1945
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. • http://marc.info/?l=bugtraq&m=111833601302752&w=2 http://secunia.com/advisories/15626 http://www.gulftech.org/?node=research&article_id=00078-06072005 •