CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3219
https://notcve.org/view.php?id=CVE-2007-3219
14 Jun 2007 — Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. Vulnerabilidad no especificada en sources/action_public/xmlout.php en Invision Power Board (IPB o IP.Board) 2.2.0 hasta 2.2.2 permite a atacantes remotos modificar a otros datos del perfil de usuario, como por ejemplo una pantalla de nombre AIM o identidad de Yahoo!. • http://forums.invisionpower.com/index.php?showtopic=235316 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2963
https://notcve.org/view.php?id=CVE-2007-2963
31 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. Múltiples vulnerabilidades de secuencias de comandos en sitios cruza... • http://forums.invisionpower.com/index.php?showtopic=235069 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2349
https://notcve.org/view.php?id=CVE-2007-2349
30 Apr 2007 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IP.Board) 2.1.x y 2.2.x permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante la carga de imágenes o archivos PDF modificados. • http://forums.invisionpower.com/index.php?showtopic=234377 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 4CVE-2006-7071 – Invision Power Board 2.1 < 2.1.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-7071
27 Feb 2007 — SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. Vulnerabilidad de inyección SQL en classes/class_session.php de Invision Power Board (IPB) 2.1 hasta 2.1.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro CLIENT_IP. • https://www.exploit-db.com/exploits/2033 •
CVSS: 9.3EPSS: 0%CPEs: 36EXPL: 0CVE-2006-7064
https://notcve.org/view.php?id=CVE-2006-7064
24 Feb 2007 — Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en forum/admin.php para Invision Power Board (IPB) 2.1.6 y anteriores permiten a atacantes remotos inyectar secuencias de comandos qeb o HTML como administrador a través del parámetro phpinfo. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6369 – Invision Community Blog Mod 1.2.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-6369
07 Dec 2006 — SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. Vulnerabilidad de inyección SQL en lib/entry_reply_entry.php de Invision Community Blog Mod 1.2.4 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro eid, cuando se accede a través de la funcionalidad "mensaje de vista previa". • https://www.exploit-db.com/exploits/2877 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6370
https://notcve.org/view.php?id=CVE-2006-6370
07 Dec 2006 — SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. Vulnerabilidad de inyección SQL en forum/modules/gallery/post.php en Invision Gallery 2.0.7 permite a atacantes remotos provocar una denegación de servicio y la posibilidad de causar otros impactos, como el demostrado usan... • http://www.securityfocus.com/archive/1/453167/100/100/threaded •
CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5203
https://notcve.org/view.php?id=CVE-2006-5203
09 Oct 2006 — Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elección, o ejecutar comandos SQL de su elección, ... • http://www.securityfocus.com/archive/1/447710/100/0/threaded •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5204
https://notcve.org/view.php?id=CVE-2006-5204
09 Oct 2006 — Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action_admin/member.php en Invision Power Board (IPB) 2.1.7 y anteriores permite a un usu... • http://forums.invisionpower.com/index.php?showtopic=227937 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 2CVE-2006-5205 – Invision Gallery 2.0.7 - 'readfile()' / SQL Injection
https://notcve.org/view.php?id=CVE-2006-5205
09 Oct 2006 — Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. Vulnerabilidad de escalada de directorio en Invision Gallery 2.0.7 permite a atacantes remotos leer archivos de su elección mediante una secuencia .. (punto punto) en el parámetro dir en (1) index.php y (2) forum/index.php, cuando se usa el comando viewim... • https://www.exploit-db.com/exploits/2473 •