NotCVE - vendor:"Invision Power Services" product:"Invision Power Board" version:"2.1.0"

Page 4 of 34 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2006-1288

https://notcve.org/view.php?id=CVE-2006-1288

19 Mar 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. • http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642 •

CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0

CVE-2006-0909

https://notcve.org/view.php?id=CVE-2006-0909

28 Feb 2006 — Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.ph... • http://neosecurityteam.net/advisories/Advisory-16.txt •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0

CVE-2006-0910

https://notcve.org/view.php?id=CVE-2006-0910

28 Feb 2006 — Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subd... • http://neosecurityteam.net/advisories/Advisory-16.txt •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1

CVE-2005-1443

https://notcve.org/view.php?id=CVE-2005-1443

03 May 2005 — Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. • http://securitytracker.com/id?1013863 •

1 2 3 4