CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 1CVE-2014-9239
https://notcve.org/view.php?id=CVE-2014-9239
03 Dec 2014 — SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. Vulnerabilidad de inyección SQL en el servicio IPS Connect (interface/ipsconnect/ipsconnect.php) en Invision Power Board (también conocido como IPB o IP.Board) 3.3.x y 3.4.x hasta 3.4.7 anterior a 20141114 permite a atacantes remotos ejecutar co... • http://community.invisionpower.com/blogs/entry/9704-active-security-exploit • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-5106
https://notcve.org/view.php?id=CVE-2014-5106
28 Jul 2014 — Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. Vulnerabilidad de XSS en Invision Power IP.Board (también conocido como IPB or Power Board) 3.4.x hasta 3.4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP Referer en admin/install/index.php. • http://www.securityfocus.com/archive/1/532822/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2014-3149 – IP.Board 3.4.x / 3.3.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-3149
02 Jul 2014 — Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Invision Power IP.Board (también conocido como IPB o Power Board) 3.3.x y 3.4.x hasta 3.4.6, descargado antes del 20140424, o IP.Nexus 1.5.x hasta 1.5.9, descargado antes del 20140... • http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 83%CPEs: 9EXPL: 3CVE-2012-5692 – Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-5692
31 Oct 2012 — Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. Vulnerabilidad no específica en admin/sources/base/core.php en Invision Power Board (también conocido como IPB o IP.Board) v3.1.x hasta v3.3.x tiene un impacto y vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/22686 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3424
https://notcve.org/view.php?id=CVE-2010-3424
16 Sep 2010 — Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/sources/classes/bbcode/custom/defaults.php en Invision Power Board (IP.Board) v3.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://community.invisionpower.com/topic/320838-ipboard-31x-security-patch-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3974
https://notcve.org/view.php?id=CVE-2009-3974
18 Nov 2009 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. Múltiples vulnerabilidades de inyección SQL en Invision Power Board (IPB or IP.Board) v3.0... • http://forums.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2005-1947
https://notcve.org/view.php?id=CVE-2005-1947
09 Jun 2005 — Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. • http://marc.info/?l=bugtraq&m=111834146710329&w=2 • CWE-352: Cross-Site Request Forgery (CSRF) •