CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 3CVE-2010-0802 – IPB (nv2) Awards < 1.1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0802
02 Mar 2010 — SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. Vulnerabilidad de inyección sQL en index.php en (nv2) Awards v1.1.0, modificado para Invision Power Board, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción view. • https://www.exploit-db.com/exploits/11297 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 1CVE-2008-6565 – Invision Power Board 2.x - 'Signature' iFrame Security
https://notcve.org/view.php?id=CVE-2008-6565
31 Mar 2009 — Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board v2.3.1 y anteriores, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de una etiqueta IFRAME en la firma. • https://www.exploit-db.com/exploits/31541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4171
https://notcve.org/view.php?id=CVE-2008-4171
22 Sep 2008 — SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. Vulnerabilidad de inyección SQL en xmlout.php en Invision Power Board (IP.Board o IPB) 2.2.x y 2.3.x permite a atacantes remoto ejecutar comandos SQL de su elección a través del parámetro "name". • http://forums.invisionpower.com/index.php?showtopic=276512 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1359
https://notcve.org/view.php?id=CVE-2008-1359
17 Mar 2008 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. Vulnerabilidad de ejecución de comandos en sitios cruzados de Invision Power Board (IPB or IP.Board) 2.3.4 anterior a 2008-03-13, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de BBCodes anidados, Vulnerabilidad distinta a CVE-2008-0913. • http://forums.invisionpower.com/index.php?showtopic=270637 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0913
https://notcve.org/view.php?id=CVE-2008-0913
22 Feb 2008 — Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB or IP.Board) 2.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de BBCodes manipulados en un contexto no especificado. • http://forums.invisionpower.com/index.php?showtopic=269961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2007-5688 – Multi-Forums - 'Directory.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-5688
29 Oct 2007 — Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. Múltiples vulnerabilidades de inyección SQL en directory.php en el módulo 1.3.3 de Multi-Forums (también conocido como Multi Host Forum Pro), para phpBB e Invision Power Board (IPB ó IP.Board), permiten a atacantes remotos ejecutar comandos SQL ... • https://www.exploit-db.com/exploits/30712 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2007-4912
https://notcve.org/view.php?id=CVE-2007-4912
17 Sep 2007 — Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ips_kernel/class_ajax.php en Invision Power Board (IPB or IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos inyectar secuencias ... • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-4913
https://notcve.org/view.php?id=CVE-2007-4913
17 Sep 2007 — ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant. ips_kernel/class_upload.php en Invision Power Board (IPB o IP.Board) 2.3.1 hasta la 2007... • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2007-4914
https://notcve.org/view.php?id=CVE-2007-4914
17 Sep 2007 — Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. Vulnerabilidad no especificada en la gestión de suscripciones en Invisi... • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3219
https://notcve.org/view.php?id=CVE-2007-3219
14 Jun 2007 — Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. Vulnerabilidad no especificada en sources/action_public/xmlout.php en Invision Power Board (IPB o IP.Board) 2.2.0 hasta 2.2.2 permite a atacantes remotos modificar a otros datos del perfil de usuario, como por ejemplo una pantalla de nombre AIM o identidad de Yahoo!. • http://forums.invisionpower.com/index.php?showtopic=235316 •