CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5204
https://notcve.org/view.php?id=CVE-2006-5204
09 Oct 2006 — Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action_admin/member.php en Invision Power Board (IPB) 2.1.7 y anteriores permite a un usu... • http://forums.invisionpower.com/index.php?showtopic=227937 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4155
https://notcve.org/view.php?id=CVE-2006-4155
16 Aug 2006 — Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos "acceder a mensajes fuera del hilo" • http://forums.invisionpower.com/index.php?&showtopic=225755 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an... • https://www.exploit-db.com/exploits/28167 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-3197
https://notcve.org/view.php?id=CVE-2006-3197
23 Jun 2006 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB) v2.1.6 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una petición POST que contenga código HTML codificado en hexadecimal. • http://forums.invisionpower.com/index.php?showtopic=219126 •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2498
https://notcve.org/view.php?id=CVE-2006-2498
20 May 2006 — Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. • http://attrition.org/pipermail/vim/2006-May/000776.html •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2204
https://notcve.org/view.php?id=CVE-2006-2204
05 May 2006 — SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. • http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-2217 – Invision Power Board 2.0/2.1 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2217
05 May 2006 — SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/27818 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 2CVE-2006-2097 – Invision Power Board 2.1.5 - 'from_contact' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2097
29 Apr 2006 — SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). • https://www.exploit-db.com/exploits/1733 •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-1369
https://notcve.org/view.php?id=CVE-2006-1369
23 Mar 2006 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. • http://forums.invisionpower.com/index.php?showtopic=209178 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1287
https://notcve.org/view.php?id=CVE-2006-1287
19 Mar 2006 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. • http://forums.invisionpower.com/index.php?showtopic=206790 •