CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2007-4914
https://notcve.org/view.php?id=CVE-2007-4914
17 Sep 2007 — Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. Vulnerabilidad no especificada en la gestión de suscripciones en Invisi... • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3219
https://notcve.org/view.php?id=CVE-2007-3219
14 Jun 2007 — Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. Vulnerabilidad no especificada en sources/action_public/xmlout.php en Invision Power Board (IPB o IP.Board) 2.2.0 hasta 2.2.2 permite a atacantes remotos modificar a otros datos del perfil de usuario, como por ejemplo una pantalla de nombre AIM o identidad de Yahoo!. • http://forums.invisionpower.com/index.php?showtopic=235316 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2963
https://notcve.org/view.php?id=CVE-2007-2963
31 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. Múltiples vulnerabilidades de secuencias de comandos en sitios cruza... • http://forums.invisionpower.com/index.php?showtopic=235069 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2349
https://notcve.org/view.php?id=CVE-2007-2349
30 Apr 2007 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IP.Board) 2.1.x y 2.2.x permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante la carga de imágenes o archivos PDF modificados. • http://forums.invisionpower.com/index.php?showtopic=234377 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 4CVE-2006-7071 – Invision Power Board 2.1 < 2.1.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2006-7071
27 Feb 2007 — SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. Vulnerabilidad de inyección SQL en classes/class_session.php de Invision Power Board (IPB) 2.1 hasta 2.1.6 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro CLIENT_IP. • https://www.exploit-db.com/exploits/2033 •
CVSS: 9.3EPSS: 0%CPEs: 36EXPL: 0CVE-2006-7064
https://notcve.org/view.php?id=CVE-2006-7064
24 Feb 2007 — Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en forum/admin.php para Invision Power Board (IPB) 2.1.6 y anteriores permiten a atacantes remotos inyectar secuencias de comandos qeb o HTML como administrador a través del parámetro phpinfo. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html •
CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5203
https://notcve.org/view.php?id=CVE-2006-5203
09 Oct 2006 — Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elección, o ejecutar comandos SQL de su elección, ... • http://www.securityfocus.com/archive/1/447710/100/0/threaded •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5204
https://notcve.org/view.php?id=CVE-2006-5204
09 Oct 2006 — Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action_admin/member.php en Invision Power Board (IPB) 2.1.7 y anteriores permite a un usu... • http://forums.invisionpower.com/index.php?showtopic=227937 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4155
https://notcve.org/view.php?id=CVE-2006-4155
16 Aug 2006 — Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos "acceder a mensajes fuera del hilo" • http://forums.invisionpower.com/index.php?&showtopic=225755 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an... • https://www.exploit-db.com/exploits/28167 •