CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4171
https://notcve.org/view.php?id=CVE-2008-4171
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. Vulnerabilidad de inyección SQL en xmlout.php en Invision Power Board (IP.Board o IPB) 2.2.x y 2.3.x permite a atacantes remoto ejecutar comandos SQL de su elección a través del parámetro "name". • http://forums.invisionpower.com/index.php?showtopic=276512 http://www.securityfocus.com/bid/31288 http://www.securitytracker.com/id?1020817 http://www.vupen.com/english/advisories/2008/2487 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1359
https://notcve.org/view.php?id=CVE-2008-1359
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. Vulnerabilidad de ejecución de comandos en sitios cruzados de Invision Power Board (IPB or IP.Board) 2.3.4 anterior a 2008-03-13, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de BBCodes anidados, Vulnerabilidad distinta a CVE-2008-0913. • http://forums.invisionpower.com/index.php?showtopic=270637 http://secunia.com/advisories/29378 http://www.vupen.com/english/advisories/2008/0899/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0913
https://notcve.org/view.php?id=CVE-2008-0913
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB or IP.Board) 2.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de BBCodes manipulados en un contexto no especificado. • http://forums.invisionpower.com/index.php?showtopic=269961 http://secunia.com/advisories/29055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2007-4913
https://notcve.org/view.php?id=CVE-2007-4913
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant. ips_kernel/class_upload.php en Invision Power Board (IPB o IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos actualizar secuencias de comandos de su elección a través de archivos con nombres de archivo de imágenes manipuladas en uploads/, donde se salvan con una extensión .txt y no son ejecutables. NOTA: hay ciertos panoramas limitados de uso bajo los cuales esto sería una vulnerabilidad, pero está siendo seguida por CVE puesto que el vendedor ha indicado que es seguridad-relevante. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2007-4912
https://notcve.org/view.php?id=CVE-2007-4912
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ips_kernel/class_ajax.php en Invision Power Board (IPB or IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos inyectar secuencias de comandos web o HTML dentro de los campos de configuración de usuario a través de vectores no específicos relacionado con la asignación de caracteres diferentes de iso-8859-1 o utf-8. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •