CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1454
https://notcve.org/view.php?id=CVE-2003-1454
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 http://www.securityfocus.com/archive/1/319747 http://www.securityfocus.com/bid/7440 https://exchange.xforce.ibmcloud.com/vulnerabilities/11871 •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 2CVE-2003-1385 – Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2003-1385
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/22295 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html http://secunia.com/advisories/8182 http://www.osvdb.org/3357 http://www.securityfocus.com/bid/6976 https://exchange.xforce.ibmcloud.com/vulnerabilities/11435 • CWE-94: Improper Control of Generation of Code ('Code Injection') •