Vulnerabilites related to invision_power_services - invision_board
cve-2006-3544
Vulnerability from cvelistv5
Published
2006-07-13 00:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1225 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/439629/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/18782 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/438961/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/30084 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27555 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1225",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1225"
},
{
"name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"name": "18782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18782"
},
{
"name": "20060702 Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "ipb-index-sql-injection(27555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1225",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1225"
},
{
"name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"name": "18782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18782"
},
{
"name": "20060702 Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "ipb-index-sql-injection(27555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1225",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1225"
},
{
"name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"name": "18782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18782"
},
{
"name": "20060702 Invision Power Board v1.3 Final SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"name": "30084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30084"
},
{
"name": "ipb-index-sql-injection(27555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3544",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0359
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9768 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/4154 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15403 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107851589701916&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11053 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9768"
},
{
"name": "4154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4154"
},
{
"name": "invision-xss(15403)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403"
},
{
"name": "20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107851589701916\u0026w=2"
},
{
"name": "11053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9768"
},
{
"name": "4154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4154"
},
{
"name": "invision-xss(15403)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403"
},
{
"name": "20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107851589701916\u0026w=2"
},
{
"name": "11053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9768"
},
{
"name": "4154",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4154"
},
{
"name": "invision-xss(15403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403"
},
{
"name": "20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107851589701916\u0026w=2"
},
{
"name": "11053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0359",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0886
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/12888 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-26T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0886",
"datePublished": "2005-03-26T05:00:00Z",
"dateReserved": "2005-03-26T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:22.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0338
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9766 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15343 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107799527428834&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9766"
},
{
"name": "invision-search-sql-injection(15343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343"
},
{
"name": "20040228 Invision Power Board SQL injection!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107799527428834\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9766"
},
{
"name": "invision-search-sql-injection(15343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343"
},
{
"name": "20040228 Invision Power Board SQL injection!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107799527428834\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9766"
},
{
"name": "invision-search-sql-injection(15343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343"
},
{
"name": "20040228 Invision Power Board SQL injection!",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107799527428834\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0338",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1454
Vulnerability from cvelistv5
Published
2007-10-23 01:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11871 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/7440 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/319747 | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3276 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-admin-plaintext-password(11871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"name": "7440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7440"
},
{
"name": "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"name": "3276",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-admin-plaintext-password(11871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"name": "7440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7440"
},
{
"name": "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"name": "3276",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-admin-plaintext-password(11871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"name": "7440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7440"
},
{
"name": "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"name": "3276",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1454",
"datePublished": "2007-10-23T01:00:00",
"dateReserved": "2007-10-22T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3548
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17443 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/415798/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/35429 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40000 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"name": "35429",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35429"
},
{
"name": "ipb-taskmanager-directory-traversal(40000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"name": "35429",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35429"
},
{
"name": "ipb-taskmanager-directory-traversal(40000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"name": "35429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35429"
},
{
"name": "ipb-taskmanager-directory-traversal(40000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3548",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3547
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/415801/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22999 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/20520 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/20519 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/15344 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/17443 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/20518 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/20516 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/20517 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/15345 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/20521 | vdb-entry, x_refsource_OSVDB | |
| http://benji.redkod.org/audits/ipb.2.1.pdf | x_refsource_MISC | |
| http://osvdb.org/20522 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051104 Failles dans Invision Power Board 2.1 [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"name": "invision-powerboard-admin-xss(22999)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
},
{
"name": "20520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20520"
},
{
"name": "20519",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20519"
},
{
"name": "15344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15344"
},
{
"name": "17443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20518",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20518"
},
{
"name": "20516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20516"
},
{
"name": "20517",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20517"
},
{
"name": "15345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15345"
},
{
"name": "20521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"name": "20522",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051104 Failles dans Invision Power Board 2.1 [xss]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"name": "invision-powerboard-admin-xss(22999)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
},
{
"name": "20520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20520"
},
{
"name": "20519",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20519"
},
{
"name": "15344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15344"
},
{
"name": "17443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20518",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20518"
},
{
"name": "20516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20516"
},
{
"name": "20517",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20517"
},
{
"name": "15345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15345"
},
{
"name": "20521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"name": "20522",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051104 Failles dans Invision Power Board 2.1 [xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"name": "invision-powerboard-admin-xss(22999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
},
{
"name": "20520",
"refsource": "OSVDB",
"url": "http://osvdb.org/20520"
},
{
"name": "20519",
"refsource": "OSVDB",
"url": "http://osvdb.org/20519"
},
{
"name": "15344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15344"
},
{
"name": "17443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20518",
"refsource": "OSVDB",
"url": "http://osvdb.org/20518"
},
{
"name": "20516",
"refsource": "OSVDB",
"url": "http://osvdb.org/20516"
},
{
"name": "20517",
"refsource": "OSVDB",
"url": "http://osvdb.org/20517"
},
{
"name": "15345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15345"
},
{
"name": "20521",
"refsource": "OSVDB",
"url": "http://osvdb.org/20521"
},
{
"name": "http://benji.redkod.org/audits/ipb.2.1.pdf",
"refsource": "MISC",
"url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"name": "20522",
"refsource": "OSVDB",
"url": "http://osvdb.org/20522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3547",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1070
Vulnerability from cvelistv5
Published
2005-04-12 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20059 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/13097 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/395515 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/alerts/2005/Apr/1013676.html | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-memberlist-sql-injection(20059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20059"
},
{
"name": "13097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13097"
},
{
"name": "20050411 Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/395515"
},
{
"name": "1013676",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Apr/1013676.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-memberlist-sql-injection(20059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20059"
},
{
"name": "13097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13097"
},
{
"name": "20050411 Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/395515"
},
{
"name": "1013676",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Apr/1013676.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-memberlist-sql-injection(20059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20059"
},
{
"name": "13097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13097"
},
{
"name": "20050411 Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/395515"
},
{
"name": "1013676",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Apr/1013676.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1070",
"datePublished": "2005-04-12T04:00:00",
"dateReserved": "2005-04-12T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1816
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15545 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/13797 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15545"
},
{
"name": "13797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13797"
},
{
"name": "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-01T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15545"
},
{
"name": "13797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13797"
},
{
"name": "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15545"
},
{
"name": "13797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13797"
},
{
"name": "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1816",
"datePublished": "2005-06-01T04:00:00Z",
"dateReserved": "2005-06-01T00:00:00Z",
"dateUpdated": "2024-09-16T20:36:57.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1817
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-09-16 17:44
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13802 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-01T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1817",
"datePublished": "2005-06-01T04:00:00Z",
"dateReserved": "2005-06-01T00:00:00Z",
"dateUpdated": "2024-09-16T17:44:00.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3549
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40003 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/17443 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/415798/30/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-taskmanager-code-execution(40003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40003"
},
{
"name": "17443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in \"Task PHP File To Run\" field and selecting \"Run Task Now\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-taskmanager-code-execution(40003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40003"
},
{
"name": "17443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in \"Task PHP File To Run\" field and selecting \"Run Task Now\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-taskmanager-code-execution(40003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40003"
},
{
"name": "17443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3549",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0355
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15400 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107850510428567&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9810 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-invalid-path-disclosure(15400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400"
},
{
"name": "20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107850510428567\u0026w=2"
},
{
"name": "9810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for \"Personal Photo\" that is not an image file, which displays the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-invalid-path-disclosure(15400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400"
},
{
"name": "20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107850510428567\u0026w=2"
},
{
"name": "9810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for \"Personal Photo\" that is not an image file, which displays the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-invalid-path-disclosure(15400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400"
},
{
"name": "20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107850510428567\u0026w=2"
},
{
"name": "9810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0355",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1149
Vulnerability from cvelistv5
Published
2002-10-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=103290602609197&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/10178.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/3356 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/5789 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020924 Information Disclosure with Invision Board installation (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2"
},
{
"name": "invision-phpinfo-information-disclosure(10178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10178.php"
},
{
"name": "3356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3356"
},
{
"name": "5789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020924 Information Disclosure with Invision Board installation (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2"
},
{
"name": "invision-phpinfo-information-disclosure(10178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10178.php"
},
{
"name": "3356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3356"
},
{
"name": "5789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020924 Information Disclosure with Invision Board installation (fwd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2"
},
{
"name": "invision-phpinfo-information-disclosure(10178)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10178.php"
},
{
"name": "3356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3356"
},
{
"name": "5789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1149",
"datePublished": "2002-10-01T04:00:00",
"dateReserved": "2002-09-24T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2061
Vulnerability from cvelistv5
Published
2006-04-26 20:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26071 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/432226/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/796 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/17690 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/19830 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1534 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/431990/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://forums.invisionpower.com/index.php?showtopic=213374 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-index-ck-sql-injection(26071)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "17690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-index-ck-sql-injection(26071)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "17690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-index-ck-sql-injection(26071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "17690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17690"
},
{
"name": "19830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=213374",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2061",
"datePublished": "2006-04-26T20:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1531
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.invisionpower.com/index.php?showtopic=154916 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=111462421824202&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/11703 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=111454805209191&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/13245 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18164 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110079592702417&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=154916"
},
{
"name": "20050427 Re: SQL-injections in Invision Power Board v2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111462421824202\u0026w=2"
},
{
"name": "11703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11703"
},
{
"name": "20050425 SQL-injections in Invision Power Board v2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111454805209191\u0026w=2"
},
{
"name": "13245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13245"
},
{
"name": "invisionpowerboard-sql-injection(18164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18164"
},
{
"name": "20041118 [MaxPatrol] SQL-injection in Invision Power Board 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110079592702417\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=154916"
},
{
"name": "20050427 Re: SQL-injections in Invision Power Board v2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111462421824202\u0026w=2"
},
{
"name": "11703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11703"
},
{
"name": "20050425 SQL-injections in Invision Power Board v2.0.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111454805209191\u0026w=2"
},
{
"name": "13245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13245"
},
{
"name": "invisionpowerboard-sql-injection(18164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18164"
},
{
"name": "20041118 [MaxPatrol] SQL-injection in Invision Power Board 2.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110079592702417\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=154916",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=154916"
},
{
"name": "20050427 Re: SQL-injections in Invision Power Board v2.0.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111462421824202\u0026w=2"
},
{
"name": "11703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11703"
},
{
"name": "20050425 SQL-injections in Invision Power Board v2.0.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111454805209191\u0026w=2"
},
{
"name": "13245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13245"
},
{
"name": "invisionpowerboard-sql-injection(18164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18164"
},
{
"name": "20041118 [MaxPatrol] SQL-injection in Invision Power Board 2.x",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110079592702417\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1531",
"datePublished": "2005-02-19T05:00:00",
"dateReserved": "2005-02-18T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1598
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111712587206834&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/15265 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16297 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1014499 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=111539908705851&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013907 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/13529 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/1013 | exploit, x_refsource_EXPLOIT-DB | |
| http://forums.invisionpower.com/index.php?showtopic=168016 | x_refsource_CONFIRM | |
| http://www.securiteam.com/exploits/5GP0E2KFQQ.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20446 | vdb-entry, x_refsource_XF | |
| http://www.gulftech.org/?node=research&article_id=00073-05052005 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16297"
},
{
"name": "1014499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014499"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "13529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13529"
},
{
"name": "1013",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"name": "invision-powerboard-login-sql-injection(20446)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16297"
},
{
"name": "1014499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014499"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "13529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13529"
},
{
"name": "1013",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"name": "invision-powerboard-login-sql-injection(20446)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"name": "15265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16297"
},
{
"name": "1014499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014499"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "13529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13529"
},
{
"name": "1013",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=168016",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"name": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"name": "invision-powerboard-login-sql-injection(20446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1598",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-05-16T00:00:00",
"dateUpdated": "2024-08-07T21:59:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2542
Vulnerability from cvelistv5
Published
2005-08-10 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112327712614854&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/16348 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/14492 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:00.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050805 ipb Css bug(now public)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112327712614854\u0026w=2"
},
{
"name": "16348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16348"
},
{
"name": "14492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050805 ipb Css bug(now public)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112327712614854\u0026w=2"
},
{
"name": "16348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16348"
},
{
"name": "14492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050805 ipb Css bug(now public)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112327712614854\u0026w=2"
},
{
"name": "16348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16348"
},
{
"name": "14492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2542",
"datePublished": "2005-08-10T04:00:00",
"dateReserved": "2005-08-10T00:00:00",
"dateUpdated": "2024-08-07T22:30:00.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1785
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/3319 | vdb-entry, x_refsource_OSVDB | |
| http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/9353 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/348821 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/10530 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1008589 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=ST\u0026f=1\u0026t=108786"
},
{
"name": "9353",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9353"
},
{
"name": "20040103 [SCSA-025] Invision Power Board SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/348821"
},
{
"name": "10530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10530"
},
{
"name": "1008589",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1008589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this-\u003echosen_month variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=ST\u0026f=1\u0026t=108786"
},
{
"name": "9353",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9353"
},
{
"name": "20040103 [SCSA-025] Invision Power Board SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/348821"
},
{
"name": "10530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10530"
},
{
"name": "1008589",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1008589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this-\u003echosen_month variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3319"
},
{
"name": "http://forums.invisionpower.com/index.php?act=ST\u0026f=1\u0026t=108786",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=ST\u0026f=1\u0026t=108786"
},
{
"name": "9353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9353"
},
{
"name": "20040103 [SCSA-025] Invision Power Board SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/348821"
},
{
"name": "10530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10530"
},
{
"name": "1008589",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1785",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1597
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15265 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16298 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/13534 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=111539908705851&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013907 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/0487 | vdb-entry, x_refsource_VUPEN | |
| http://forums.invisionpower.com/index.php?showtopic=168016 | x_refsource_CONFIRM | |
| http://www.gulftech.org/?node=research&article_id=00073-05052005 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20445 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:22.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16298",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16298"
},
{
"name": "13534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13534"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "ADV-2005-0487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"name": "invision-powerboard-highlite-xss(20445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16298",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16298"
},
{
"name": "13534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13534"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "ADV-2005-0487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"name": "invision-powerboard-highlite-xss(20445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16298",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16298"
},
{
"name": "13534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13534"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "ADV-2005-0487",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=168016",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"name": "invision-powerboard-highlite-xss(20445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1597",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-05-16T00:00:00",
"dateUpdated": "2024-08-07T21:59:22.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-06-01 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/13802 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13802 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 1.3_final |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "13A127C8-803E-44A5-BB30-09C351CF3ACD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters."
}
],
"id": "CVE-2005-1817",
"lastModified": "2024-11-20T23:58:12.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-03 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786 | ||
| cve@mitre.org | http://secunia.com/advisories/10530 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/3319 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/348821 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/9353 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1008589 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://forums.invisionpower.com/index.php?act=ST&f=1&t=108786 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10530 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/3319 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/348821 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9353 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1008589 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this-\u003echosen_month variable."
}
],
"id": "CVE-2004-1785",
"lastModified": "2024-11-20T23:51:44.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?act=ST\u0026f=1\u0026t=108786"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10530"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3319"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348821"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9353"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1008589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?act=ST\u0026f=1\u0026t=108786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/3319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/348821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1008589"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-11 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 1.3.1_final | |
| invision_power_services | invision_board | 1.3_final |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "6B42A0B9-628F-4173-8F94-3EACDE1D57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "13A127C8-803E-44A5-BB30-09C351CF3ACD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
],
"id": "CVE-2005-1070",
"lastModified": "2024-11-20T23:56:32.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/395515"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13097"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Apr/1013676.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/395515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securitytracker.com/alerts/2005/Apr/1013676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-11 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings."
},
{
"lang": "es",
"value": "El procedimiento de instalaci\u00f3n en Invision Board sugiere que los usuarios instalen el programa phpinfo.php en la ra\u00edz del web, lo que filtra informaci\u00f3n sensible como nombres de rutas, informaci\u00f3n del SO, y configuraci\u00f3n de php."
}
],
"id": "CVE-2002-1149",
"lastModified": "2024-11-20T23:40:42.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10178.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3356"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10178.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5789"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2024-11-21 00:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board 2.1 permite a atacantes remotos inyectar web scritp o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) adsess, (2) name y (3) description en admin.php, y (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, y otros m\u00faltiples campos de entrada.\r\n"
}
],
"id": "CVE-2005-3547",
"lastModified": "2024-11-21T00:02:09.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20516"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20517"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20518"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20519"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20520"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20521"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/20522"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17443"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15344"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15345"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_power_board | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable."
}
],
"id": "CVE-2005-1598",
"lastModified": "2024-11-20T23:57:42.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014499"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16297"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13529"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for \"Personal Photo\" that is not an image file, which displays the installation path in an error message."
}
],
"id": "CVE-2004-0355",
"lastModified": "2024-11-20T23:48:23.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107850510428567\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9810"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107850510428567\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.3.1_final | |
| invision_power_services | invision_board | 1.3_final |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "6B42A0B9-628F-4173-8F94-3EACDE1D57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "13A127C8-803E-44A5-BB30-09C351CF3ACD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters."
}
],
"id": "CVE-2004-0359",
"lastModified": "2024-11-20T23:48:24.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107851589701916\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11053"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4154"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9768"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107851589701916\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.0 | |
| invision_power_services | invision_board | 2.0.1 | |
| invision_power_services | invision_board | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter."
}
],
"id": "CVE-2004-1531",
"lastModified": "2024-11-20T23:51:07.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=154916"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110079592702417\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111454805209191\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111462421824202\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13245"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11703"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=154916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110079592702417\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111454805209191\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111462421824202\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/11703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18164"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-01 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 1.3.1_final | |
| invision_power_services | invision_board | 1.3_final | |
| invision_power_services | invision_board | 2.0 | |
| invision_power_services | invision_board | 2.0.1 | |
| invision_power_services | invision_board | 2.0.2 | |
| invision_power_services | invision_board | 2.0.3 | |
| invision_power_services | invision_board | 2.0.4 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_board | 2.0_pf1 | |
| invision_power_services | invision_board | 2.0_pf2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "6B42A0B9-628F-4173-8F94-3EACDE1D57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "13A127C8-803E-44A5-BB30-09C351CF3ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "993BCE2D-C03F-4F2F-A973-68CEC6B34EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen."
}
],
"id": "CVE-2005-1816",
"lastModified": "2024-11-20T23:58:12.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15545"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13797"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-13 00:05
Modified
2024-11-21 00:13
Severity ?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.3.1_final | |
| invision_power_services | invision_board | 1.3_final |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "6B42A0B9-628F-4173-8F94-3EACDE1D57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "13A127C8-803E-44A5-BB30-09C351CF3ACD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run."
},
{
"lang": "es",
"value": "** IMPUGNADA ** M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Invision Power Board (IPB) 1.3 Final permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro CODE de una acci\u00f3n (1) Stats, (2) Mail, y (3) Reg de index.php. NOTA: el desarrollador ha negado este problema, afirmando que \"En ning\u00fan punto el par\u00e1metro CODE toca la base de datos. El par\u00e1metro CODE se usa en una sentencia SWITCH para determinar qu\u00e9 funci\u00f3n ejecutar\"."
}
],
"id": "CVE-2006-3544",
"lastModified": "2024-11-21T00:13:51.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-13T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1225"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30084"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18782"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 1.3.1_final | |
| invision_power_services | invision_board | 1.3_final | |
| invision_power_services | invision_board | 2.0 | |
| invision_power_services | invision_board | 2.0.1 | |
| invision_power_services | invision_board | 2.0.2 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_board | 2.0_pf1 | |
| invision_power_services | invision_board | 2.0_pf2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "6B42A0B9-628F-4173-8F94-3EACDE1D57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "13A127C8-803E-44A5-BB30-09C351CF3ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request."
}
],
"id": "CVE-2005-0886",
"lastModified": "2024-11-20T23:56:06.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12888"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter."
}
],
"id": "CVE-2004-0338",
"lastModified": "2024-11-20T23:48:21.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107799527428834\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9766"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107799527428834\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15343"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_power_board | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter."
}
],
"id": "CVE-2005-1597",
"lastModified": "2024-11-20T23:57:42.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16298"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13534"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2024-11-21 00:02
Severity ?
Summary
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in \"Task PHP File To Run\" field and selecting \"Run Task Now\"."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n directa de c\u00f3digo en Administrador de Tareas de Invision Power Board 2.0.1 permite a atacantes remotos limitados ejecutar c\u00f3digo de su elecci\u00f3n referenciando el fichero en el campo Task PHP File To Run y seleccionando Run Task Now."
}
],
"id": "CVE-2005-3549",
"lastModified": "2024-11-21T00:02:09.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17443"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2024-11-21 00:02
Severity ?
Summary
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesammiento de directorios en Administrador de Tareas de Invision Power Board 2.0.1 (IP.Board) permite a atacantes remotos limitados incluir ficheros mediante un .. (punto punto) en el campo Task PHP File To Run."
}
],
"id": "CVE-2005-3548",
"lastModified": "2024-11-21T00:02:09.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17443"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35429"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-26 20:06
Modified
2024-11-21 00:10
Severity ?
Summary
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.0 | |
| invision_power_services | invision_board | 2.0.1 | |
| invision_power_services | invision_board | 2.0.2 | |
| invision_power_services | invision_board | 2.0.3 | |
| invision_power_services | invision_board | 2.0.4 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_board | 2.0_pf1 | |
| invision_power_services | invision_board | 2.0_pf2 | |
| invision_power_services | invision_board | 2.1 | |
| invision_power_services | invision_board | 2.1.5 | |
| invision_power_services | invision_board | 2.1_alpha2 | |
| invision_power_services | invision_power_board | 2.1.5_2006-03-08 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "993BCE2D-C03F-4F2F-A973-68CEC6B34EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09F88FD5-0335-4404-AD20-63737A76B051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B47FAD-8DCA-4B31-A5CF-884286F49E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
}
],
"evaluatorSolution": "The vendor has released an update to address this and other versions.",
"id": "CVE-2006-2061",
"lastModified": "2024-11-21T00:10:27.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-26T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.0 | |
| invision_power_services | invision_board | 2.0.1 | |
| invision_power_services | invision_board | 2.0.2 | |
| invision_power_services | invision_board | 2.0.3 | |
| invision_power_services | invision_board | 2.0.4 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_board | 2.0_pf1 | |
| invision_power_services | invision_board | 2.0_pf2 | |
| invision_power_services | invision_board | 2.1_alpha2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "993BCE2D-C03F-4F2F-A973-68CEC6B34EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B47FAD-8DCA-4B31-A5CF-884286F49E05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML."
}
],
"id": "CVE-2005-2542",
"lastModified": "2024-11-20T23:59:47.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-10T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112327712614854\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16348"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112327712614854\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14492"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| microsoft | all_windows | * | |
| unix | unix | * | |
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access."
}
],
"id": "CVE-2003-1454",
"lastModified": "2024-11-20T23:47:11.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7440"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}