CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2006-5206 – Invision Gallery 2.0.7 - 'readfile()' / SQL Injection
https://notcve.org/view.php?id=CVE-2006-5206
09 Oct 2006 — SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. Vulnerabilidad de inyección SQL en Invision Gallery 2.0.7 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro album en (2) index.php y (2) forum/index.php, cuando se usa el comando rate en el automódulo galería. • https://www.exploit-db.com/exploits/2473 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4155
https://notcve.org/view.php?id=CVE-2006-4155
16 Aug 2006 — Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos "acceder a mensajes fuera del hilo" • http://forums.invisionpower.com/index.php?&showtopic=225755 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an... • https://www.exploit-db.com/exploits/28167 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2006-3544
https://notcve.org/view.php?id=CVE-2006-3544
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run. ** IMPUGNADA ** Múltiples vulnerabilidades de inyección SQL en Invision Power Board (IPB) 1.3 ... • http://securityreason.com/securityalert/1225 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-3197
https://notcve.org/view.php?id=CVE-2006-3197
23 Jun 2006 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB) v2.1.6 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una petición POST que contenga código HTML codificado en hexadecimal. • http://forums.invisionpower.com/index.php?showtopic=219126 •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2498
https://notcve.org/view.php?id=CVE-2006-2498
20 May 2006 — Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. • http://attrition.org/pipermail/vim/2006-May/000776.html •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2006-2251
https://notcve.org/view.php?id=CVE-2006-2251
09 May 2006 — SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2204
https://notcve.org/view.php?id=CVE-2006-2204
05 May 2006 — SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. • http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-2217 – Invision Power Board 2.0/2.1 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2217
05 May 2006 — SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/27818 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2202
https://notcve.org/view.php?id=CVE-2006-2202
04 May 2006 — SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. • http://secunia.com/advisories/19948 •