CVSS: 5.1EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5203
https://notcve.org/view.php?id=CVE-2006-5203
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elección, o ejecutar comandos SQL de su elección, a través de una descripción del foro que contenga una imagen artesanal con código PHP, lo cual es esjecutado cuando el usuario visita "Mange Forum" enlazando en el panel de control de Admin. • http://www.securityfocus.com/archive/1/447710/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/29352 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4155
https://notcve.org/view.php?id=CVE-2006-4155
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos "acceder a mensajes fuera del hilo" • http://forums.invisionpower.com/index.php?&showtopic=225755 http://secunia.com/advisories/21442 http://www.vupen.com/english/advisories/2006/3260 •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB ** IMPUGNADA ** Múltiples vulnerabilidades de inyección SQL en Invision Power Board (IPB) 1.x y 2.x permiten a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) idcat y (2) code en una acción ketqua de index.php; el parámetro id en una acción (3) Attach y (4) ref de index.php; el parámetro CODE en una acción (5) Profile, (6) Login, y (7) Help de index.php; y el parámetro (8) member_id de coins_list.php. NOTA: el desarrollador ha negado este problema, afirmando que "el atributo CODE no está presente en una consulta SQL" y "[la acción] 'ketqua' y el archivo 'coin_list.php' no son funcionalidades estándar de IPB 2.x". Se desconoce si estos vectores están asociados con un módulo independiente o una modificación de IPB. • https://www.exploit-db.com/exploits/28167 http://securityreason.com/securityalert/1231 http://www.osvdb.org/30084 http://www.securityfocus.com/archive/1/439145/100/0/threaded http://www.securityfocus.com/archive/1/439602/100/0/threaded http://www.securityfocus.com/bid/18836 •
CVSS: 4.3EPSS: 1%CPEs: 14EXPL: 0CVE-2006-3197
https://notcve.org/view.php?id=CVE-2006-3197
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB) v2.1.6 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una petición POST que contenga código HTML codificado en hexadecimal. • http://forums.invisionpower.com/index.php?showtopic=219126 http://secunia.com/advisories/20772 http://securityreason.com/securityalert/596 http://www.osvdb.org/26747 http://www.securityfocus.com/bid/18571 http://www.vupen.com/english/advisories/2006/2481 https://exchange.xforce.ibmcloud.com/vulnerabilities/27701 •
CVSS: 6.4EPSS: 3%CPEs: 19EXPL: 0CVE-2006-2498
https://notcve.org/view.php?id=CVE-2006-2498
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. • http://attrition.org/pipermail/vim/2006-May/000776.html http://forums.invisionpower.com/index.php?act=Attach&type=post&id=10026 http://forums.invisionpower.com/index.php?showtopic=215527 http://secunia.com/advisories/20158 http://www.osvdb.org/25667 http://www.osvdb.org/25668 http://www.securityfocus.com/bid/18040 http://www.vupen.com/english/advisories/2006/1859 https://exchange.xforce.ibmcloud.com/vulnerabilities/26541 •