Page 3 of 14 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 1

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. Vulnerabilidad de inyección SQL en el servicio IPS Connect (interface/ipsconnect/ipsconnect.php) en Invision Power Board (también conocido como IPB o IP.Board) 3.3.x y 3.4.x hasta 3.4.7 anterior a 20141114 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id[]. • http://community.invisionpower.com/blogs/entry/9704-active-security-exploit http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update http://seclists.org/fulldisclosure/2014/Nov/20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Invision Power IP.Board (también conocido como IPB o Power Board) 3.3.x y 3.4.x hasta 3.4.6, descargado antes del 20140424, o IP.Nexus 1.5.x hasta 1.5.9, descargado antes del 20140424, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update http://packetstormsecurity.com/files/127328/IP.Board-3.4.x-3.3.x-Cross-Site-Scripting.html http://www.christian-schneider.net/advisories/CVE-2014-3149.txt http://www.securityfocus.com/archive/1/532618/100/0/threaded http://www.securityfocus.com/bid/67164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 96%CPEs: 9EXPL: 3

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. Vulnerabilidad no específica en admin/sources/base/core.php en Invision Power Board (también conocido como IPB o IP.Board) v3.1.x hasta v3.3.x tiene un impacto y vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/22686 https://www.exploit-db.com/exploits/22398 https://www.exploit-db.com/exploits/22547 http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update http://secunia.com/advisories/51104 http://www.securityfocus.com/bid/56288 •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. Invision Power Board versiones anteriores a 3.3.1, no logra sanear las entradas suministradas por el usuario, lo que podría permitir a atacantes remotos obtener información confidencial o ejecutar código arbitrario mediante la carga de un archivo malicioso. Invision Power Board version 3.3.0 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/18736 http://www.securityfocus.com/bid/52998 https://exchange.xforce.ibmcloud.com/vulnerabilities/74855 • CWE-434: Unrestricted Upload of File with Dangerous Type •