CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6812
https://notcve.org/view.php?id=CVE-2015-6812
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. Vulnerabilidad en Invision Power Services IPS Community Suite (también conocido como Invision Power Board, IPB o Power Board) en versiones anteriores a 4.0.12.1, permite a atacantes remotos causar una denegación de servicio (bucle y consumo de memoria) a través de una URL manipulada. • https://community.invisionpower.com/release-notes/40121-r22 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2012-2226 – Invision Power Board 3.3.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-2226
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. Invision Power Board versiones anteriores a 3.3.1, no logra sanear las entradas suministradas por el usuario, lo que podría permitir a atacantes remotos obtener información confidencial o ejecutar código arbitrario mediante la carga de un archivo malicioso. Invision Power Board version 3.3.0 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/18736 http://www.securityfocus.com/bid/52998 https://exchange.xforce.ibmcloud.com/vulnerabilities/74855 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 1CVE-2008-6565 – Invision Power Board 2.x - 'Signature' iFrame Security
https://notcve.org/view.php?id=CVE-2008-6565
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board v2.3.1 y anteriores, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de una etiqueta IFRAME en la firma. • https://www.exploit-db.com/exploits/31541 http://www.securityfocus.com/archive/1/490115/100/0/threaded http://www.securityfocus.com/bid/28466 https://exchange.xforce.ibmcloud.com/vulnerabilities/41502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1359
https://notcve.org/view.php?id=CVE-2008-1359
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. Vulnerabilidad de ejecución de comandos en sitios cruzados de Invision Power Board (IPB or IP.Board) 2.3.4 anterior a 2008-03-13, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de BBCodes anidados, Vulnerabilidad distinta a CVE-2008-0913. • http://forums.invisionpower.com/index.php?showtopic=270637 http://secunia.com/advisories/29378 http://www.vupen.com/english/advisories/2008/0899/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2007-4914
https://notcve.org/view.php?id=CVE-2007-4914
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. Vulnerabilidad no especificada en la gestión de suscripciones en Invision Power Board (IPB o IP.Board) 2.3.1 anterior a 20070912 permite a usuarios remotos validados cambiar el ID de miembro y reducir el nivel de privilegio de usuarios de su elección a través de un formulario de pago manipulado, relacionado con (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, y (5) class_gw_safshop.php en sources/classes/paymentgateways/. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://osvdb.org/41319 http://osvdb.org/41320 http://osvdb.org/41321 http://osvdb.org/41322 http://osvdb.org/41323 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36590 • CWE-20: Improper Input Validation •