CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2005-1070 – Invision Power Board 1.x - 'ST' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1070
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. • https://www.exploit-db.com/exploits/25380 http://www.securityfocus.com/archive/1/395515 http://www.securityfocus.com/bid/13097 http://www.securitytracker.com/alerts/2005/Apr/1013676.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20059 •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 1CVE-2005-0886 – Invision Power Board 1.x/2.0 - HTML Injection
https://notcve.org/view.php?id=CVE-2005-0886
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request. • https://www.exploit-db.com/exploits/25267 http://www.securityfocus.com/bid/12888 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2005-0477 – Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection
https://notcve.org/view.php?id=CVE-2005-0477
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. Vulnerabilidad de secuencias de comandos en sitios cruzados en el código SML de Invision Power Board 1.3.1 FINAL permite a atacantes remotos la inyección de sripts arbitrarios mediante: un fichero de firmas, un mensaje que contiene una etiqueta IMG en una etiqueta COLOR cuyo estilo está puesto como background:url. • https://www.exploit-db.com/exploits/25143 http://marc.info/?l=bugtraq&m=110868196922995&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2004-0338
https://notcve.org/view.php?id=CVE-2004-0338
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter. • http://marc.info/?l=bugtraq&m=107799527428834&w=2 http://www.securityfocus.com/bid/9766 https://exchange.xforce.ibmcloud.com/vulnerabilities/15343 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2004-1785
https://notcve.org/view.php?id=CVE-2004-1785
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. • http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786 http://secunia.com/advisories/10530 http://www.osvdb.org/3319 http://www.securityfocus.com/archive/1/348821 http://www.securityfocus.com/bid/9353 http://www.securitytracker.com/id?1008589 •