CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5203
https://notcve.org/view.php?id=CVE-2006-5203
09 Oct 2006 — Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elección, o ejecutar comandos SQL de su elección, ... • http://www.securityfocus.com/archive/1/447710/100/0/threaded •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5204
https://notcve.org/view.php?id=CVE-2006-5204
09 Oct 2006 — Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action_admin/member.php en Invision Power Board (IPB) 2.1.7 y anteriores permite a un usu... • http://forums.invisionpower.com/index.php?showtopic=227937 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4155
https://notcve.org/view.php?id=CVE-2006-4155
16 Aug 2006 — Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos "acceder a mensajes fuera del hilo" • http://forums.invisionpower.com/index.php?&showtopic=225755 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an... • https://www.exploit-db.com/exploits/28167 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-3197
https://notcve.org/view.php?id=CVE-2006-3197
23 Jun 2006 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB) v2.1.6 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una petición POST que contenga código HTML codificado en hexadecimal. • http://forums.invisionpower.com/index.php?showtopic=219126 •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2498
https://notcve.org/view.php?id=CVE-2006-2498
20 May 2006 — Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. • http://attrition.org/pipermail/vim/2006-May/000776.html •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2204
https://notcve.org/view.php?id=CVE-2006-2204
05 May 2006 — SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. • http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-2217 – Invision Power Board 2.0/2.1 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2217
05 May 2006 — SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/27818 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 2CVE-2006-2097 – Invision Power Board 2.1.5 - 'from_contact' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2097
29 Apr 2006 — SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). • https://www.exploit-db.com/exploits/1733 •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 1CVE-2006-2059 – Invision Power Board 2.1.5 - 'lastdate' Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2059
26 Apr 2006 — action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier. • https://www.exploit-db.com/exploits/1720 •