CVE-2006-0909
https://notcve.org/view.php?id=CVE-2006-0909
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory. • http://neosecurityteam.net/advisories/Advisory-16.txt http://neosecurityteam.net/index.php?action=advisories&id=16 http://www.securityfocus.com/archive/1/425713/100/0/threaded http://www.securityfocus.com/archive/1/466275/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24840 •
CVE-2005-3547 – Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-3547
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board 2.1 permite a atacantes remotos inyectar web scritp o HTML de su elección mediante los parámetros (1) adsess, (2) name y (3) description en admin.php, y (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, y otros múltiples campos de entrada. • https://www.exploit-db.com/exploits/26478 http://benji.redkod.org/audits/ipb.2.1.pdf http://osvdb.org/20516 http://osvdb.org/20517 http://osvdb.org/20518 http://osvdb.org/20519 http://osvdb.org/20520 http://osvdb.org/20521 http://osvdb.org/20522 http://secunia.com/advisories/17443 http://www.securityfocus.com/archive/1/415801/30/0/threaded http://www.securityfocus.com/bid/15344 http://www.securityfocus.com/bid/15345 https://exchange.xforce •
CVE-2005-2542 – Invision Power Board (IP.Board) 1.0.3 - Attached File Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2542
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. • https://www.exploit-db.com/exploits/26104 http://marc.info/?l=bugtraq&m=112327712614854&w=2 http://secunia.com/advisories/16348 http://www.securityfocus.com/bid/14492 •
CVE-2005-1443
https://notcve.org/view.php?id=CVE-2005-1443
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. • http://securitytracker.com/id?1013863 •