CVE-2007-5688 – Multi-Forums - 'Directory.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-5688
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. Múltiples vulnerabilidades de inyección SQL en directory.php en el módulo 1.3.3 de Multi-Forums (también conocido como Multi Host Forum Pro), para phpBB e Invision Power Board (IPB ó IP.Board), permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) go y (2) cat. • https://www.exploit-db.com/exploits/30712 http://secunia.com/advisories/27406 http://www.inj3ct-it.org/exploit/Multi_Host.txt http://www.securityfocus.com/archive/1/482838/100/0/threaded http://www.securityfocus.com/bid/26213 https://exchange.xforce.ibmcloud.com/vulnerabilities/37461 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-4913
https://notcve.org/view.php?id=CVE-2007-4913
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant. ips_kernel/class_upload.php en Invision Power Board (IPB o IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos actualizar secuencias de comandos de su elección a través de archivos con nombres de archivo de imágenes manipuladas en uploads/, donde se salvan con una extensión .txt y no son ejecutables. NOTA: hay ciertos panoramas limitados de uso bajo los cuales esto sería una vulnerabilidad, pero está siendo seguida por CVE puesto que el vendedor ha indicado que es seguridad-relevante. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-4912
https://notcve.org/view.php?id=CVE-2007-4912
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ips_kernel/class_ajax.php en Invision Power Board (IPB or IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos inyectar secuencias de comandos web o HTML dentro de los campos de configuración de usuario a través de vectores no específicos relacionado con la asignación de caracteres diferentes de iso-8859-1 o utf-8. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4914
https://notcve.org/view.php?id=CVE-2007-4914
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. Vulnerabilidad no especificada en la gestión de suscripciones en Invision Power Board (IPB o IP.Board) 2.3.1 anterior a 20070912 permite a usuarios remotos validados cambiar el ID de miembro y reducir el nivel de privilegio de usuarios de su elección a través de un formulario de pago manipulado, relacionado con (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, y (5) class_gw_safshop.php en sources/classes/paymentgateways/. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://osvdb.org/41319 http://osvdb.org/41320 http://osvdb.org/41321 http://osvdb.org/41322 http://osvdb.org/41323 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36590 • CWE-20: Improper Input Validation •
CVE-2007-3219
https://notcve.org/view.php?id=CVE-2007-3219
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. Vulnerabilidad no especificada en sources/action_public/xmlout.php en Invision Power Board (IPB o IP.Board) 2.2.0 hasta 2.2.2 permite a atacantes remotos modificar a otros datos del perfil de usuario, como por ejemplo una pantalla de nombre AIM o identidad de Yahoo!. • http://forums.invisionpower.com/index.php?showtopic=235316 http://secunia.com/advisories/25637 http://www.osvdb.org/35436 http://www.securityfocus.com/bid/24442 http://www.vupen.com/english/advisories/2007/2160 https://exchange.xforce.ibmcloud.com/vulnerabilities/34841 •