CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4155
https://notcve.org/view.php?id=CVE-2006-4155
16 Aug 2006 — Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos "acceder a mensajes fuera del hilo" • http://forums.invisionpower.com/index.php?&showtopic=225755 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an... • https://www.exploit-db.com/exploits/28167 •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2498
https://notcve.org/view.php?id=CVE-2006-2498
20 May 2006 — Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. • http://attrition.org/pipermail/vim/2006-May/000776.html •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2204
https://notcve.org/view.php?id=CVE-2006-2204
05 May 2006 — SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. • http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-2217 – Invision Power Board 2.0/2.1 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2217
05 May 2006 — SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/27818 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 2CVE-2006-2097 – Invision Power Board 2.1.5 - 'from_contact' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2097
29 Apr 2006 — SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). • https://www.exploit-db.com/exploits/1733 •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 0CVE-2006-2060
https://notcve.org/view.php?id=CVE-2006-2060
26 Apr 2006 — Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename. • http://forums.invisionpower.com/index.php?showtopic=213374 •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2006-2061 – Invision Power Board 2.0/2.1 - 'index.php?CK' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2061
26 Apr 2006 — SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. • https://www.exploit-db.com/exploits/27736 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 8CVE-2006-1326 – Invision Power Board (IP.Board) 2.0.4 - 'index.php?st' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1326
21 Mar 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a s... • https://www.exploit-db.com/exploits/27437 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1287
https://notcve.org/view.php?id=CVE-2006-1287
19 Mar 2006 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. • http://forums.invisionpower.com/index.php?showtopic=206790 •