CVSS: 5.0EPSS: 3%CPEs: 15EXPL: 0CVE-2006-0910
https://notcve.org/view.php?id=CVE-2006-0910
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories. • http://neosecurityteam.net/advisories/Advisory-16.txt http://neosecurityteam.net/index.php?action=advisories&id=16 http://www.securityfocus.com/archive/1/425713/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24840 •
CVSS: 5.0EPSS: 9%CPEs: 15EXPL: 0CVE-2006-0909
https://notcve.org/view.php?id=CVE-2006-0909
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory. • http://neosecurityteam.net/advisories/Advisory-16.txt http://neosecurityteam.net/index.php?action=advisories&id=16 http://www.securityfocus.com/archive/1/425713/100/0/threaded http://www.securityfocus.com/archive/1/466275/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24840 •
CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 3CVE-2006-0888 – Invision Power Board - Denial of Service
https://notcve.org/view.php?id=CVE-2006-0888
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. • https://www.exploit-db.com/exploits/12382 https://www.exploit-db.com/exploits/1489 http://www.securityfocus.com/bid/16616 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3547 – Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-3547
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board 2.1 permite a atacantes remotos inyectar web scritp o HTML de su elección mediante los parámetros (1) adsess, (2) name y (3) description en admin.php, y (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, y otros múltiples campos de entrada. • https://www.exploit-db.com/exploits/26478 http://benji.redkod.org/audits/ipb.2.1.pdf http://osvdb.org/20516 http://osvdb.org/20517 http://osvdb.org/20518 http://osvdb.org/20519 http://osvdb.org/20520 http://osvdb.org/20521 http://osvdb.org/20522 http://secunia.com/advisories/17443 http://www.securityfocus.com/archive/1/415801/30/0/threaded http://www.securityfocus.com/bid/15344 http://www.securityfocus.com/bid/15345 https://exchange.xforce&# •
CVSS: 4.0EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3548
https://notcve.org/view.php?id=CVE-2005-3548
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. Vulnerabilidad de atravesammiento de directorios en Administrador de Tareas de Invision Power Board 2.0.1 (IP.Board) permite a atacantes remotos limitados incluir ficheros mediante un .. (punto punto) en el campo Task PHP File To Run. • http://secunia.com/advisories/17443 http://www.osvdb.org/35429 http://www.securityfocus.com/archive/1/415798/30/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/40000 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •