Page 2 of 16 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 2

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB ** IMPUGNADA ** Múltiples vulnerabilidades de inyección SQL en Invision Power Board (IPB) 1.x y 2.x permiten a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) idcat y (2) code en una acción ketqua de index.php; el parámetro id en una acción (3) Attach y (4) ref de index.php; el parámetro CODE en una acción (5) Profile, (6) Login, y (7) Help de index.php; y el parámetro (8) member_id de coins_list.php. NOTA: el desarrollador ha negado este problema, afirmando que "el atributo CODE no está presente en una consulta SQL" y "[la acción] 'ketqua' y el archivo 'coin_list.php' no son funcionalidades estándar de IPB 2.x". Se desconoce si estos vectores están asociados con un módulo independiente o una modificación de IPB. • https://www.exploit-db.com/exploits/28167 http://securityreason.com/securityalert/1231 http://www.osvdb.org/30084 http://www.securityfocus.com/archive/1/439145/100/0/threaded http://www.securityfocus.com/archive/1/439602/100/0/threaded http://www.securityfocus.com/bid/18836 •

CVSS: 7.5EPSS: 1%CPEs: 26EXPL: 2

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). • https://www.exploit-db.com/exploits/1733 http://secunia.com/advisories/19861 http://securityreason.com/securityalert/813 http://www.osvdb.org/25021 http://www.securityfocus.com/archive/1/432248/100/0/threaded http://www.securityfocus.com/bid/17719 https://exchange.xforce.ibmcloud.com/vulnerabilities/26107 •

CVSS: 4.6EPSS: 0%CPEs: 17EXPL: 1

Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. • http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html http://secunia.com/advisories/15545 http://www.securityfocus.com/bid/13797 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 2

Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. • https://www.exploit-db.com/exploits/25741 http://www.securityfocus.com/bid/13802 •

CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 1

Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. • https://www.exploit-db.com/exploits/43824 http://forums.invisionpower.com/index.php?showtopic=168016 http://marc.info/?l=bugtraq&m=111539908705851&w=2 http://secunia.com/advisories/15265 http://securitytracker.com/id?1013907 http://www.gulftech.org/?node=research&article_id=00073-05052005 http://www.osvdb.org/16298 http://www.securityfocus.com/bid/13534 http://www.vupen.com/english/advisories/2005/0487 https://exchange.xforce.ibmcloud.com/vulnerabilities/20445 •