CVE-2012-5692 – Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-5692
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. Vulnerabilidad no específica en admin/sources/base/core.php en Invision Power Board (también conocido como IPB o IP.Board) v3.1.x hasta v3.3.x tiene un impacto y vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/22686 https://www.exploit-db.com/exploits/22398 https://www.exploit-db.com/exploits/22547 http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update http://secunia.com/advisories/51104 http://www.securityfocus.com/bid/56288 •
CVE-2012-2226 – Invision Power Board 3.3.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-2226
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. Invision Power Board versiones anteriores a 3.3.1, no logra sanear las entradas suministradas por el usuario, lo que podría permitir a atacantes remotos obtener información confidencial o ejecutar código arbitrario mediante la carga de un archivo malicioso. Invision Power Board version 3.3.0 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/18736 http://www.securityfocus.com/bid/52998 https://exchange.xforce.ibmcloud.com/vulnerabilities/74855 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2010-3424
https://notcve.org/view.php?id=CVE-2010-3424
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/sources/classes/bbcode/custom/defaults.php en Invision Power Board (IP.Board) v3.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://community.invisionpower.com/topic/320838-ipboard-31x-security-patch-released http://secunia.com/advisories/41314 http://www.securityfocus.com/bid/43053 http://www.vupen.com/english/advisories/2010/2328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0802 – IPB (nv2) Awards < 1.1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0802
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. Vulnerabilidad de inyección sQL en index.php en (nv2) Awards v1.1.0, modificado para Invision Power Board, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción view. • https://www.exploit-db.com/exploits/11297 http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt http://secunia.com/advisories/38407 http://www.exploit-db.com/exploits/11297 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-3974
https://notcve.org/view.php?id=CVE-2009-3974
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. Múltiples vulnerabilidades de inyección SQL en Invision Power Board (IPB or IP.Board) v3.0.0, v3.0.1 y v3.0.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) "search_term" a admin/applications/core/modules_public/search/search.php y(2) "aid" to admin/applications/core/modules_public/global/lostpass.php. NOTA: en el 18/08/2009, el fabricante parcheó la v3.0.2 sin modificar la versión del producto. • http://forums.invisionpower.com/topic/291103-invision-power-board-3-0-2-security-update http://www.vupen.com/english/advisories/2009/2413 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •