CVE-2003-1454
https://notcve.org/view.php?id=CVE-2003-1454
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 http://www.securityfocus.com/archive/1/319747 http://www.securityfocus.com/bid/7440 https://exchange.xforce.ibmcloud.com/vulnerabilities/11871 •
CVE-2003-1385 – Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2003-1385
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/22295 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html http://secunia.com/advisories/8182 http://www.osvdb.org/3357 http://www.securityfocus.com/bid/6976 https://exchange.xforce.ibmcloud.com/vulnerabilities/11435 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2002-1149
https://notcve.org/view.php?id=CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings. El procedimiento de instalación en Invision Board sugiere que los usuarios instalen el programa phpinfo.php en la raíz del web, lo que filtra información sensible como nombres de rutas, información del SO, y configuración de php. • http://marc.info/?l=bugtraq&m=103290602609197&w=2 http://www.iss.net/security_center/static/10178.php http://www.osvdb.org/3356 http://www.securityfocus.com/bid/5789 •