CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 2CVE-2005-2542 – Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2542
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. • https://www.exploit-db.com/exploits/26104 http://marc.info/?l=bugtraq&m=112327712614854&w=2 http://secunia.com/advisories/16348 http://www.securityfocus.com/bid/14492 •
CVSS: 4.6EPSS: 0%CPEs: 17EXPL: 1CVE-2005-1816
https://notcve.org/view.php?id=CVE-2005-1816
Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. • http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html http://secunia.com/advisories/15545 http://www.securityfocus.com/bid/13797 •
CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 1CVE-2005-1597 – Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-1597
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. • https://www.exploit-db.com/exploits/43824 http://forums.invisionpower.com/index.php?showtopic=168016 http://marc.info/?l=bugtraq&m=111539908705851&w=2 http://secunia.com/advisories/15265 http://securitytracker.com/id?1013907 http://www.gulftech.org/?node=research&article_id=00073-05052005 http://www.osvdb.org/16298 http://www.securityfocus.com/bid/13534 http://www.vupen.com/english/advisories/2005/0487 https://exchange.xforce.ibmcloud.com/vulnerabilities/20445 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 4CVE-2005-1598 – Invision Power Board 2.0.3 - 'login.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1598
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. • https://www.exploit-db.com/exploits/1013 https://www.exploit-db.com/exploits/1014 https://www.exploit-db.com/exploits/43824 http://forums.invisionpower.com/index.php?showtopic=168016 http://marc.info/?l=bugtraq&m=111539908705851&w=2 http://marc.info/?l=bugtraq&m=111712587206834&w=2 http://secunia.com/advisories/15265 http://securitytracker.com/id?1013907 http://securitytracker.com/id? •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 1CVE-2005-0886 – Invision Power Board 1.x/2.0 - HTML Injection
https://notcve.org/view.php?id=CVE-2005-0886
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request. • https://www.exploit-db.com/exploits/25267 http://www.securityfocus.com/bid/12888 •