CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3725
https://notcve.org/view.php?id=CVE-2013-3725
12 Feb 2020 — Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. Invision Power Board (IPB) versiones hasta 3.x, permite la toma de control de la cuenta de administrador conllevando a una ejecución de código. • http://www.john-jean.com/blog/securite-informatique/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution-742 •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2012-2226 – Invision Power Board 3.3.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-2226
09 Jan 2020 — Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. Invision Power Board versiones anteriores a 3.3.1, no logra sanear las entradas suministradas por el usuario, lo que podría permitir a atacantes remotos obtener información confidencial o ejecutar código arbitrario mediante la carga de un archivo malicioso. • https://www.exploit-db.com/exploits/18736 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8278
https://notcve.org/view.php?id=CVE-2019-8278
02 Mar 2019 — Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. Cross-Site Scripting (XSS) persistente en Invision Power Board, desde la versión 3.3.1 hasta la 3.4.8, conduce a la ejecución remota de código. • http://www.securityfocus.com/bid/107258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4928
https://notcve.org/view.php?id=CVE-2014-4928
20 Mar 2018 — SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. Vulnerabilidad de inyección SQL en Invision Power Board (también conocido como IPB o IP.Board), en versiones anteriores a la 3.4.6, permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro cld. • http://dringen.blogspot.com.au/2014/07/invision-power-board-blind-sql.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8897
https://notcve.org/view.php?id=CVE-2017-8897
11 May 2017 — Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tiene XSS reflejado previo a la autenticación en el IPS UTF8 Converter v1.1.18: El vector de ataque... • http://zeroday.insecurity.zone/exploits/ipb_owned.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-8898
https://notcve.org/view.php?id=CVE-2017-8898
11 May 2017 — Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option. Invision Power Services (IPS) Community Suite 4.1.19.2 y anteriores tienen un XSS almacenado en Announcements, permitiendo escalada de privilegios desde un moderador Invision P... • http://zeroday.insecurity.zone/exploits/ipb_owned.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 3CVE-2017-8899
https://notcve.org/view.php?id=CVE-2017-8899
11 May 2017 — Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation. Invision Power Services (IPS) Community Suite 4.1.19.2 y ante... • http://zeroday.insecurity.zone/exploits/ipb_owned.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2564
https://notcve.org/view.php?id=CVE-2016-2564
23 Apr 2017 — Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation. Invision Power Services (IPS) Community Suite en versiones anteriores a 4.1.9 hace más fácil el secuestro de sesión confiando en la función uniqid de PHP sin el indicador more_entropy. Los atacantes pueden adivinar una cookie de sesión de I... • https://invisionpower.com/release-notes/419-r37 • CWE-331: Insufficient Entropy •
CVSS: 8.1EPSS: 19%CPEs: 22EXPL: 4CVE-2016-6174 – IPS Community Suite 4.1.12.3 - PHP Code Injection
https://notcve.org/view.php?id=CVE-2016-6174
07 Jul 2016 — applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. applications/core/modules/front/system/content.php en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.1.13, cuando se utiliz... • https://packetstorm.news/files/id/137804 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6812
https://notcve.org/view.php?id=CVE-2015-6812
04 Sep 2015 — Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. Vulnerabilidad en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.0.12.1, permite a atacantes remotos causar una denegación de servicio (bucle y consumo de memoria) a través de una URL manipulada. • https://community.invisionpower.com/release-notes/40121-r22 • CWE-399: Resource Management Errors •