Vulnerabilites related to invision_power_services - invision_power_board
Vulnerability from fkie_nvd
Published
2006-04-26 20:06
Modified
2024-11-21 00:10
Severity ?
Summary
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1.5_2006-03-08 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a \"#e\" (execute) modifier."
}
],
"id": "CVE-2006-2059",
"lastModified": "2024-11-21T00:10:27.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-26T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432451/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17695"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432451/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26070"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-28 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories."
}
],
"id": "CVE-2006-0910",
"lastModified": "2024-11-21T00:07:37.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-28T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 04:06
Modified
2024-11-21 00:18
Severity ?
Summary
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69B5D71-781A-4FDF-A5AB-0CE8AE6BBDBC",
"versionEndIncluding": "2.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B83740E-6C38-4BEB-84A2-6B0F01799DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AF155D-BDF6-4B5F-89BF-62CDE6FB48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F5777B-25A8-4D20-AD24-A639E315582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF0C787-BDC5-4154-809A-864DA3D4769D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A69133-FF5A-457E-823F-64920A0DB9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "23C37B74-6486-46A2-AC2C-C27786ED697E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
},
{
"lang": "es",
"value": "Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elecci\u00f3n, o ejecutar comandos SQL de su elecci\u00f3n, a trav\u00e9s de una descripci\u00f3n del foro que contenga una imagen artesanal con c\u00f3digo PHP, lo cual es esjecutado cuando el usuario visita \"Mange Forum\" enlazando en el panel de control de Admin."
}
],
"evaluatorSolution": "The following requirements must be met for this attack to take place:\r\n- The database table prefix must be known\r\n- The admin must have access to the SQL Toolbox (any \"root admin\")\r\n- The admin must have images and referers turned on in their browser, and their browser must follow Location headers (default behaviour for most browsers)\r\n- The admin must view a malicious script as an image in their browser",
"id": "CVE-2006-5203",
"lastModified": "2024-11-21T00:18:17.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-02 21:18
Modified
2024-11-21 00:24
Severity ?
Summary
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1.1 | |
| invision_power_services | invision_power_board | 2.1.2 | |
| invision_power_services | invision_power_board | 2.1.3 | |
| invision_power_services | invision_power_board | 2.1.4 | |
| invision_power_services | invision_power_board | 2.1.5 | |
| invision_power_services | invision_power_board | 2.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en classes/class_session.php de Invision Power Board (IPB) 2.1 hasta 2.1.6 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro CLIENT_IP."
}
],
"id": "CVE-2006-7071",
"lastModified": "2024-11-21T00:24:19.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-02T21:18:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21072"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2325"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2010"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-29 19:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | * | |
| phpbb | phpbb | * | |
| sebflipper | multi-forums_module | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97F5B0EB-44D4-47C6-BEF9-E17787061471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8370A82D-83E8-4A70-8D04-1FCC6D24CAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sebflipper:multi-forums_module:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "076B4D89-3928-4017-95E9-7EA1D27D0B3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en directory.php en el m\u00f3dulo 1.3.3 de Multi-Forums (tambi\u00e9n conocido como Multi Host Forum Pro), para phpBB e Invision Power Board (IPB \u00f3 IP.Board), permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) go y (2) cat."
}
],
"id": "CVE-2007-5688",
"lastModified": "2024-11-21T00:38:27.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-29T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27406"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26213"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-24 01:28
Modified
2024-11-21 00:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B83740E-6C38-4BEB-84A2-6B0F01799DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AF155D-BDF6-4B5F-89BF-62CDE6FB48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F5777B-25A8-4D20-AD24-A639E315582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF0C787-BDC5-4154-809A-864DA3D4769D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A69133-FF5A-457E-823F-64920A0DB9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "23C37B74-6486-46A2-AC2C-C27786ED697E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en forum/admin.php para Invision Power Board (IPB) 2.1.6 y anteriores permiten a atacantes remotos inyectar secuencias de comandos qeb o HTML como administrador a trav\u00e9s del par\u00e1metro phpinfo."
}
],
"evaluatorImpact": "Given complete CIA triad impact because remote attackers can inject arbitrary web script or HTML as the administrator.",
"id": "CVE-2006-7064",
"lastModified": "2024-11-21T00:24:18.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-24T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2307"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18450"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 02:02
Modified
2024-11-21 00:08
Severity ?
Summary
Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request."
}
],
"id": "CVE-2006-1267",
"lastModified": "2024-11-21T00:08:27.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-16 22:04
Modified
2024-11-21 00:15
Severity ?
Summary
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69B5D71-781A-4FDF-A5AB-0CE8AE6BBDBC",
"versionEndIncluding": "2.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en func_topic_threaded.php (o modo de vista por por hilos) en Invision Power Board (IPB) anterior a 2.1.7 21013.60810.s permite a atacantes remotos \"acceder a mensajes fuera del hilo\""
}
],
"id": "CVE-2006-4155",
"lastModified": "2024-11-21T00:15:16.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-16T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21442"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header."
}
],
"id": "CVE-2004-1578",
"lastModified": "2024-11-20T23:51:14.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109701091207517\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12740"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109701091207517\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-25 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users."
}
],
"id": "CVE-2006-0888",
"lastModified": "2024-11-21T00:07:35.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-25T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16616"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1489"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-17 17:17
Modified
2024-11-21 00:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1.5_2006-03-08 | |
| invision_power_services | invision_power_board | 2.1.5_2006-04-25 | |
| invision_power_services | invision_power_board | 2.1.6 | |
| invision_power_services | invision_power_board | 2.2 | |
| invision_power_services | invision_power_board | 2.2.1 | |
| invision_power_services | invision_power_board | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ips_kernel/class_ajax.php en Invision Power Board (IPB or IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos inyectar secuencias de comandos web o HTML dentro de los campos de configuraci\u00f3n de usuario a trav\u00e9s de vectores no espec\u00edficos relacionado con la asignaci\u00f3n de caracteres diferentes de iso-8859-1 o utf-8."
}
],
"id": "CVE-2007-4912",
"lastModified": "2024-11-21T00:36:42.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-17T17:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26788"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-05 12:46
Modified
2024-11-21 00:10
Severity ?
Summary
SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"id": "CVE-2006-2217",
"lastModified": "2024-11-21T00:10:48.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-05T12:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.4 | |
| invision_power_services | invision_power_board | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer."
}
],
"id": "CVE-2006-1287",
"lastModified": "2024-11-21T00:08:30.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=206790"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19141"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=206790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0861"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-17 17:17
Modified
2024-11-21 00:36
Severity ?
Summary
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | * | |
| invision_power_services | invision_power_board | 2.1.5_2006-03-08 | |
| invision_power_services | invision_power_board | 2.1.5_2006-04-25 | |
| invision_power_services | invision_power_board | 2.1.6 | |
| invision_power_services | invision_power_board | 2.2 | |
| invision_power_services | invision_power_board | 2.2.1 | |
| invision_power_services | invision_power_board | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80F198C2-6AAD-482F-A95E-10505A69993C",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant."
},
{
"lang": "es",
"value": "ips_kernel/class_upload.php en Invision Power Board (IPB o IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos actualizar secuencias de comandos de su elecci\u00f3n a trav\u00e9s de archivos con nombres de archivo de im\u00e1genes manipuladas en uploads/, donde se salvan con una extensi\u00f3n .txt y no son ejecutables. NOTA: hay ciertos panoramas limitados de uso bajo los cuales esto ser\u00eda una vulnerabilidad, pero est\u00e1 siendo seguida por CVE puesto que el vendedor ha indicado que es seguridad-relevante."
}
],
"id": "CVE-2007-4913",
"lastModified": "2024-11-21T00:36:42.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-17T17:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 1.3_final |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php."
}
],
"id": "CVE-2004-2279",
"lastModified": "2024-11-20T23:52:56.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0082.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15448"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-17 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "156E6300-7128-44B2-85A6-E961509A1CDA",
"versionEndIncluding": "2.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados de Invision Power Board (IPB or IP.Board) 2.3.4 anterior a 2008-03-13, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de BBCodes anidados, Vulnerabilidad distinta a CVE-2008-0913."
}
],
"id": "CVE-2008-1359",
"lastModified": "2024-11-21T00:44:21.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-17T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29378"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_power_board | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter."
}
],
"id": "CVE-2005-1597",
"lastModified": "2024-11-20T23:57:42.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16298"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13534"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-29 10:02
Modified
2024-11-21 00:10
Severity ?
Summary
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D208E054-B73B-43E0-9A3C-FED1C5844538",
"versionEndIncluding": "2.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM)."
}
],
"id": "CVE-2006-2097",
"lastModified": "2024-11-21T00:10:33.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-29T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19861"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/813"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432248/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17719"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26107"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 04:06
Modified
2024-11-21 00:18
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F69B5D71-781A-4FDF-A5AB-0CE8AE6BBDBC",
"versionEndIncluding": "2.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B83740E-6C38-4BEB-84A2-6B0F01799DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AF155D-BDF6-4B5F-89BF-62CDE6FB48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F5777B-25A8-4D20-AD24-A639E315582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF0C787-BDC5-4154-809A-864DA3D4769D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A69133-FF5A-457E-823F-64920A0DB9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "23C37B74-6486-46A2-AC2C-C27786ED697E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action_admin/member.php en Invision Power Board (IPB) 2.1.7 y anteriores permite a un usuario remoto validado inyectar secuencias de comandos web o HTML a trav\u00e9s de una referancia a la secuencia de comandos en el ajuste de avatar, lo cual puede ser apalancado para un ataque de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) que afecta a un ejecuci\u00f3n forzada de SQL por un administrador.\r\n"
}
],
"evaluatorSolution": "An update for that addressed this vulnerability is available on the Invision Power Services web site.\r\nThe following requirements must be met for this attack to take place:\r\n- The database table prefix must be known\r\n- The admin must have access to the SQL Toolbox (any \"root admin\")\r\n- The admin must have images and referers turned on in their browser, and their browser must follow Location headers (default behaviour for most browsers)\r\n- The admin must view a malicious script as an image in their browser",
"id": "CVE-2006-5204",
"lastModified": "2024-11-21T00:18:17.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22272"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-02 20:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aleinbeen | \(nv2\)_awards | 1.1.0 | |
| invision_power_services | invision_power_board | 2.2 | |
| invision_power_services | invision_power_board | 2.2.1 | |
| invision_power_services | invision_power_board | 2.2.2 | |
| invision_power_services | invision_power_board | 2.3 | |
| invision_power_services | invision_power_board | 2.3.1 | |
| invision_power_services | invision_power_board | 2.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aleinbeen:\\(nv2\\)_awards:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6245708B-DDAE-470B-A5D3-4A954FAC789D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE56D215-CECF-4FB2-9042-A0CA9FC1D3AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E49D8E-2552-41B3-996E-92F88F39E15F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE147DA9-9482-45E4-BDBC-6BBFF1D5B902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n sQL en index.php en (nv2) Awards v1.1.0, modificado para Invision Power Board, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"id\" en una acci\u00f3n view."
}
],
"id": "CVE-2010-0802",
"lastModified": "2024-11-21T01:12:59.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-02T20:30:00.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38407"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11297"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-22 23:44
Modified
2024-11-21 00:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE147DA9-9482-45E4-BDBC-6BBFF1D5B902",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB or IP.Board) 2.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de BBCodes manipulados en un contexto no especificado."
}
],
"id": "CVE-2008-0913",
"lastModified": "2024-11-21T00:43:12.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-22T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2003-1385",
"lastModified": "2024-11-20T23:47:00.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8182"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3357"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6976"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-09 00:02
Modified
2024-11-21 00:08
Severity ?
Summary
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
],
"id": "CVE-2006-1076",
"lastModified": "2024-11-21T00:08:01.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426875/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430357/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16971"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426875/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430357/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/16971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-13 00:05
Modified
2024-11-21 00:13
Severity ?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B83740E-6C38-4BEB-84A2-6B0F01799DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AF155D-BDF6-4B5F-89BF-62CDE6FB48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F5777B-25A8-4D20-AD24-A639E315582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF0C787-BDC5-4154-809A-864DA3D4769D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A69133-FF5A-457E-823F-64920A0DB9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "23C37B74-6486-46A2-AC2C-C27786ED697E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"\u0027ketqua\u0027 [action] and file \u0027coin_list.php\u0027 are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB"
},
{
"lang": "es",
"value": "** IMPUGNADA ** M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Invision Power Board (IPB) 1.x y 2.x permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) idcat y (2) code en una acci\u00f3n ketqua de index.php; el par\u00e1metro id en una acci\u00f3n (3) Attach y (4) ref de index.php; el par\u00e1metro CODE en una acci\u00f3n (5) Profile, (6) Login, y (7) Help de index.php; y el par\u00e1metro (8) member_id de coins_list.php. NOTA: el desarrollador ha negado este problema, afirmando que \"el atributo CODE no est\u00e1 presente en una consulta SQL\" y \"[la acci\u00f3n] \u0027ketqua\u0027 y el archivo \u0027coin_list.php\u0027 no son funcionalidades est\u00e1ndar de IPB 2.x\". Se desconoce si estos vectores est\u00e1n asociados con un m\u00f3dulo independiente o una modificaci\u00f3n de IPB."
}
],
"id": "CVE-2006-3543",
"lastModified": "2024-11-21T00:13:51.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-13T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1231"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30084"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18836"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.3 | |
| invision_power_services | invision_power_board | 2.1_alpha2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters."
}
],
"id": "CVE-2005-1443",
"lastModified": "2024-11-20T23:57:21.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1013863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1013863"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-30 22:19
Modified
2024-11-21 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1 | |
| invision_power_services | invision_power_board | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IP.Board) 2.1.x y 2.2.x permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante la carga de im\u00e1genes o archivos PDF modificados."
}
],
"evaluatorSolution": "The vendor has addressed this issue with the following product update:\r\nhttp://forums.invisionpower.com/index.php?showtopic=234377",
"id": "CVE-2007-2349",
"lastModified": "2024-11-21T00:30:34.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-30T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35427"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25021"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-23 00:02
Modified
2024-11-21 00:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1 | |
| invision_power_services | invision_power_board | 2.1.0 | |
| invision_power_services | invision_power_board | 2.1.1 | |
| invision_power_services | invision_power_board | 2.1.2 | |
| invision_power_services | invision_power_board | 2.1.3 | |
| invision_power_services | invision_power_board | 2.1.4 | |
| invision_power_services | invision_power_board | 2.1.5 | |
| invision_power_services | invision_power_board | 2.1.6 | |
| invision_power_services | invision_power_board | 2.1_alpha2 | |
| invision_power_services | invision_power_board | 2.1_beta2 | |
| invision_power_services | invision_power_board | 2.1_beta3 | |
| invision_power_services | invision_power_board | 2.1_beta4 | |
| invision_power_services | invision_power_board | 2.1_beta5 | |
| invision_power_services | invision_power_board | 2.1_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board (IPB) v2.1.6 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una petici\u00f3n POST que contenga c\u00f3digo HTML codificado en hexadecimal."
}
],
"id": "CVE-2006-3197",
"lastModified": "2024-11-21T00:13:02.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-23T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20772"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/596"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26747"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18571"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-30 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 1.0 | |
| invision_power_services | invision_power_board | 1.0.1 | |
| invision_power_services | invision_power_board | 1.1.1 | |
| invision_power_services | invision_power_board | 1.1.2 | |
| invision_power_services | invision_power_board | 1.2 | |
| invision_power_services | invision_power_board | 1.3 | |
| invision_power_services | invision_power_board | 1.3.1_final | |
| invision_power_services | invision_power_board | 1.3_final |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en el c\u00f3digo SML de Invision Power Board 1.3.1 FINAL permite a atacantes remotos la inyecci\u00f3n de sripts arbitrarios mediante:\r\n\r\nun fichero de firmas,\r\nun mensaje que contiene una etiqueta IMG en una etiqueta COLOR cuyo estilo est\u00e1 puesto como background:url."
}
],
"id": "CVE-2005-0477",
"lastModified": "2024-11-20T23:55:13.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-03-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110868196922995\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110868196922995\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-23 23:06
Modified
2024-11-21 00:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.1 | |
| invision_power_services | invision_power_board | 2.1.5 | |
| invision_power_services | invision_power_board | 2.1_alpha2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances."
}
],
"evaluatorSolution": "Update to version 2.1.5 (2006-03-08 or later).",
"id": "CVE-2006-1369",
"lastModified": "2024-11-21T00:08:41.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-23T23:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19299"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17187"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1044"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 17:30
Modified
2024-11-21 00:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80F198C2-6AAD-482F-A95E-10505A69993C",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19CF6BD7-04F2-4D69-8402-EC4B637EA083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0C566E-2AC5-47A2-9246-2FBC87828690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B83740E-6C38-4BEB-84A2-6B0F01799DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29692429-A920-4BAD-9D79-D36EBE74EFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52AB16-A202-48B6-82C0-AD13EBCC7FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C498DCB3-3CC7-4334-BF61-F5DA43F4B90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A7875E-DAF0-46CD-AE30-246EB3FC6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "F2103FBA-1B72-43FC-A1ED-28F8C7DA0EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*",
"matchCriteriaId": "94FBF21B-CF52-41BB-BAF1-AF822586D28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AF155D-BDF6-4B5F-89BF-62CDE6FB48DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:*:*:*:*:*:*:*",
"matchCriteriaId": "14F5777B-25A8-4D20-AD24-A639E315582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF0C787-BDC5-4154-809A-864DA3D4769D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A69133-FF5A-457E-823F-64920A0DB9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "23C37B74-6486-46A2-AC2C-C27786ED697E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEA453B-2359-4B20-A8EE-71B07B60EDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.x:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA02AE-B0C9-4C37-8A0A-23351EBE58FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE56D215-CECF-4FB2-9042-A0CA9FC1D3AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board v2.3.1 y anteriores, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de una etiqueta IFRAME en la firma."
}
],
"id": "CVE-2008-6565",
"lastModified": "2024-11-21T00:56:51.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-31T17:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28466"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-16 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 1.0 | |
| invision_power_services | invision_board | 1.0.1 | |
| invision_power_services | invision_board | 1.1.1 | |
| invision_power_services | invision_board | 1.1.2 | |
| invision_power_services | invision_board | 1.2 | |
| invision_power_services | invision_board | 1.3 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_power_board | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC7F0E6-7DA6-41E3-9F73-4FFF699195C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA35A95-B8FD-4ED8-95E0-409E50BF13AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4066556-F0CE-4E8B-B88D-C3BA03D98D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25D5B0-082C-41AF-A3BA-5B35E54BCCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93242B-85AD-451E-BC0A-D8561C292430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52954D4B-72E9-434C-991A-7B3D6C71183C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable."
}
],
"id": "CVE-2005-1598",
"lastModified": "2024-11-20T23:57:42.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014499"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16297"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13529"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-14 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.2 | |
| invision_power_services | invision_power_board | 2.2.1 | |
| invision_power_services | invision_power_board | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user\u0027s profile data, such as an AIM screen name or Yahoo! identity."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en sources/action_public/xmlout.php en Invision Power Board (IPB o IP.Board) 2.2.0 hasta 2.2.2 permite a atacantes remotos modificar a otros datos del perfil de usuario, como por ejemplo una pantalla de nombre AIM o identidad de Yahoo!."
}
],
"id": "CVE-2007-3219",
"lastModified": "2024-11-21T00:32:41.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-14T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25637"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35436"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24442"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.4 | |
| invision_power_services | invision_power_board | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php."
}
],
"id": "CVE-2006-1288",
"lastModified": "2024-11-21T00:08:30.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=9642"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19141"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=9642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-31 23:30
Modified
2024-11-21 00:32
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2A2644-353B-4B55-BB02-2C2E9F8948E9",
"versionEndIncluding": "2.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IPB o IP.Board) 2.2.2 y, posiblemente, versiones anteriores, permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php o (6) el par\u00e1metro editorid en el module_table.php del jscripts/folder_rte_files/. NOTA: algunos de estos detalles se obtienen a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-2963",
"lastModified": "2024-11-21T00:32:04.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-31T23:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35430"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35431"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35432"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35433"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35434"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35435"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25437"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24244"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-26 20:06
Modified
2024-11-21 00:10
Severity ?
Summary
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.x | |
| invision_power_services | invision_power_board | 2.1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.x:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEA02AE-B0C9-4C37-8A0A-23351EBE58FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename."
}
],
"evaluatorSolution": "If you\u0027ve downloaded IPB 2.1.5 since the time of this post, there is no need to update your installation as the main download has been updated.",
"id": "CVE-2006-2060",
"lastModified": "2024-11-21T00:10:27.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-26T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25008"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-20 03:02
Modified
2024-11-21 00:11
Severity ?
Summary
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php."
}
],
"id": "CVE-2006-2498",
"lastModified": "2024-11-21T00:11:26.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-20T03:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20158"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25667"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25668"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18040"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-22 18:34
Modified
2024-11-21 00:51
Severity ?
Summary
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.2 | |
| invision_power_services | invision_power_board | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE56D215-CECF-4FB2-9042-A0CA9FC1D3AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en xmlout.php en Invision Power Board (IP.Board o IPB) 2.2.x y 2.3.x permite a atacantes remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"name\"."
}
],
"id": "CVE-2008-4171",
"lastModified": "2024-11-21T00:51:04.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-22T18:34:16.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31288"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020817"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2487"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-21 01:06
Modified
2024-11-21 00:08
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action."
}
],
"id": "CVE-2006-1326",
"lastModified": "2024-11-21T00:08:35.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-21T01:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25009"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25010"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25011"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25012"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25013"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25014"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25015"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428015/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428015/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17144"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-17 17:17
Modified
2024-11-21 00:36
Severity ?
Summary
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_power_board | * | |
| invision_power_services | invision_power_board | 2.1.5_2006-03-08 | |
| invision_power_services | invision_power_board | 2.1.5_2006-04-25 | |
| invision_power_services | invision_power_board | 2.1.6 | |
| invision_power_services | invision_power_board | 2.2 | |
| invision_power_services | invision_power_board | 2.2.1 | |
| invision_power_services | invision_power_board | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80F198C2-6AAD-482F-A95E-10505A69993C",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la gesti\u00f3n de suscripciones en Invision Power Board (IPB o IP.Board) 2.3.1 anterior a 20070912 permite a usuarios remotos validados cambiar el ID de miembro y reducir el nivel de privilegio de usuarios de su elecci\u00f3n a trav\u00e9s de un formulario de pago manipulado, relacionado con (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, y (5) class_gw_safshop.php en sources/classes/paymentgateways/."
}
],
"id": "CVE-2007-4914",
"lastModified": "2024-11-21T00:36:42.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-17T17:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41319"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41320"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41321"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41322"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41323"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26788"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-28 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory."
}
],
"id": "CVE-2006-0909",
"lastModified": "2024-11-21T00:07:37.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-28T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466275/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466275/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-26 20:06
Modified
2024-11-21 00:10
Severity ?
Summary
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| invision_power_services | invision_board | 2.0 | |
| invision_power_services | invision_board | 2.0.1 | |
| invision_power_services | invision_board | 2.0.2 | |
| invision_power_services | invision_board | 2.0.3 | |
| invision_power_services | invision_board | 2.0.4 | |
| invision_power_services | invision_board | 2.0_alpha_3 | |
| invision_power_services | invision_board | 2.0_pdr3 | |
| invision_power_services | invision_board | 2.0_pf1 | |
| invision_power_services | invision_board | 2.0_pf2 | |
| invision_power_services | invision_board | 2.1 | |
| invision_power_services | invision_board | 2.1.5 | |
| invision_power_services | invision_board | 2.1_alpha2 | |
| invision_power_services | invision_power_board | 2.1.5_2006-03-08 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FABB6806-5DC0-4146-89FC-05D079F0CFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C15A2-9A9D-4C3F-8A62-18C54941B79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C79F9F-FE3C-4CC6-88A9-6EFB27724CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F427913-7FEB-49CA-AD9F-5E5EC77CA9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "993BCE2D-C03F-4F2F-A973-68CEC6B34EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C2DB4-06C3-4400-B0F3-2025FD829788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*",
"matchCriteriaId": "053B554A-AC3D-496F-9E3D-D357D14B87E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*",
"matchCriteriaId": "61B7742A-2BD1-4119-8850-5BCB35E9F7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4CBB17-B8EB-4A60-B8F5-34A2816373FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09F88FD5-0335-4404-AD20-63737A76B051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B47FAD-8DCA-4B31-A5CF-884286F49E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
}
],
"evaluatorSolution": "The vendor has released an update to address this and other versions.",
"id": "CVE-2006-2061",
"lastModified": "2024-11-21T00:10:27.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-26T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-05 12:46
Modified
2024-11-21 00:10
Severity ?
Summary
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "615FFE8F-1EDA-4CE2-BC6F-E7348DAE37E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B001F3-8A6E-423D-9382-AA696D193F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDB243-B03B-4DFE-9234-FD886EA80C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7139AE38-8E5D-4D1D-A126-9CD10CE13E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E24336F-BD4C-4596-8FFE-9D53AB802BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AE478AB9-7ED4-4FDD-8990-CC4442CFA416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C63DDA0-9B4C-4D3E-9633-82C330753ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB960ACC-74D4-4AFB-886C-11EB5180DFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1BA6316-7E7E-4A6B-AA54-1846198D64BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA70C944-F70E-49F4-AA9C-D19148925C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAF5259-D99A-45A1-8DD4-C6858B302272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67ED0140-7137-4F8D-AEA1-53251D4D4273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75723F84-9989-4195-9827-E3A6DF2ABA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*",
"matchCriteriaId": "232885C1-B578-4E6E-8472-FF47A17DF976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "19FFFBC9-F6F0-421C-BD8A-6F2F81C4E62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB7078D-61D2-4ED9-AC8E-2D4F350F0716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2800F-3A8C-4B63-B754-D921DFF79496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8BA41-7876-4738-A68A-2162E28A3AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF761A-6459-42B0-BCB8-F735FBDD6139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array."
}
],
"id": "CVE-2006-2204",
"lastModified": "2024-11-21T00:10:47.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-05T12:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19901"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/551"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17837"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2006-3197
Vulnerability from cvelistv5
Published
2006-06-23 00:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.invisionpower.com/index.php?showtopic=219126 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/2481 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/596 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/18571 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20772 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/26747 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27701 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:20.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=219126",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3197",
"datePublished": "2006-06-23T00:00:00",
"dateReserved": "2006-06-22T00:00:00",
"dateUpdated": "2024-08-07T18:23:20.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4171
Vulnerability from cvelistv5
Published
2008-09-22 18:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.invisionpower.com/index.php?showtopic=276512 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2487 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/31288 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020817 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"name": "ADV-2008-2487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"name": "31288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31288"
},
{
"name": "1020817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"name": "ADV-2008-2487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"name": "31288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31288"
},
{
"name": "1020817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=276512",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"name": "ADV-2008-2487",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"name": "31288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31288"
},
{
"name": "1020817",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4171",
"datePublished": "2008-09-22T18:00:00",
"dateReserved": "2008-09-22T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2059
Vulnerability from cvelistv5
Published
2006-04-26 20:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17695 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/432226/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26070 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/432451/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/796 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/19830 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1534 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/431990/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/439607/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/25005 | vdb-entry, x_refsource_OSVDB | |
| http://forums.invisionpower.com/index.php?showtopic=213374 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17695",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17695"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "invision-search-file-include(26070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26070"
},
{
"name": "20060427 Invision Power Board 2.1.5 POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432451/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"name": "25005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a \"#e\" (execute) modifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17695",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17695"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "invision-search-file-include(26070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26070"
},
{
"name": "20060427 Invision Power Board 2.1.5 POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432451/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"name": "25005",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a \"#e\" (execute) modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17695"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "invision-search-file-include(26070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26070"
},
{
"name": "20060427 Invision Power Board 2.1.5 POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432451/100/0/threaded"
},
{
"name": "796",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "19830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"name": "25005",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25005"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=213374",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2059",
"datePublished": "2006-04-26T20:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3543
Vulnerability from cvelistv5
Published
2006-07-13 00:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/18836 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/1231 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/439145/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/30084 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/439602/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18836"
},
{
"name": "1231",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1231"
},
{
"name": "20060704 Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "20060710 Re: Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"\u0027ketqua\u0027 [action] and file \u0027coin_list.php\u0027 are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18836"
},
{
"name": "1231",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1231"
},
{
"name": "20060704 Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "20060710 Re: Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"\u0027ketqua\u0027 [action] and file \u0027coin_list.php\u0027 are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18836"
},
{
"name": "1231",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1231"
},
{
"name": "20060704 Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"name": "30084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30084"
},
{
"name": "20060710 Re: Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3543",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1443
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1013863 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013863",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-03T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013863",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013863",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1443",
"datePublished": "2005-05-03T04:00:00Z",
"dateReserved": "2005-05-03T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:42.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1578
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12740 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17604 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11332 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109701091207517&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12740"
},
{
"name": "invision-referer-header-xss(17604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604"
},
{
"name": "11332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11332"
},
{
"name": "20041005 [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109701091207517\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12740"
},
{
"name": "invision-referer-header-xss(17604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604"
},
{
"name": "11332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11332"
},
{
"name": "20041005 [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109701091207517\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12740"
},
{
"name": "invision-referer-header-xss(17604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604"
},
{
"name": "11332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11332"
},
{
"name": "20041005 [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109701091207517\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1578",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1597
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15265 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16298 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/13534 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=111539908705851&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013907 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/0487 | vdb-entry, x_refsource_VUPEN | |
| http://forums.invisionpower.com/index.php?showtopic=168016 | x_refsource_CONFIRM | |
| http://www.gulftech.org/?node=research&article_id=00073-05052005 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20445 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:22.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16298",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16298"
},
{
"name": "13534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13534"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "ADV-2005-0487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"name": "invision-powerboard-highlite-xss(20445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16298",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16298"
},
{
"name": "13534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13534"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "ADV-2005-0487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"name": "invision-powerboard-highlite-xss(20445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16298",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16298"
},
{
"name": "13534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13534"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "ADV-2005-0487",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0487"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=168016",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
},
{
"name": "invision-powerboard-highlite-xss(20445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1597",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-05-16T00:00:00",
"dateUpdated": "2024-08-07T21:59:22.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2097
Vulnerability from cvelistv5
Published
2006-04-29 10:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/19861 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/432248/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/25021 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26107 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/17719 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/813 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19861"
},
{
"name": "20060427 SQL injection exploit IPB \u003c= 2.1.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432248/100/0/threaded"
},
{
"name": "25021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25021"
},
{
"name": "invision-fromcontact-sql-injection(26107)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26107"
},
{
"name": "17719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17719"
},
{
"name": "813",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19861"
},
{
"name": "20060427 SQL injection exploit IPB \u003c= 2.1.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432248/100/0/threaded"
},
{
"name": "25021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25021"
},
{
"name": "invision-fromcontact-sql-injection(26107)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26107"
},
{
"name": "17719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17719"
},
{
"name": "813",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19861"
},
{
"name": "20060427 SQL injection exploit IPB \u003c= 2.1.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432248/100/0/threaded"
},
{
"name": "25021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25021"
},
{
"name": "invision-fromcontact-sql-injection(26107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26107"
},
{
"name": "17719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17719"
},
{
"name": "813",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2097",
"datePublished": "2006-04-29T10:00:00",
"dateReserved": "2006-04-29T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1385
Vulnerability from cvelistv5
Published
2007-10-19 10:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/8182 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/3357 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/6976 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11435 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8182"
},
{
"name": "3357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3357"
},
{
"name": "20030227 Invision Power Board (PHP)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"name": "6976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6976"
},
{
"name": "invision-ipchat-file-include(11435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8182"
},
{
"name": "3357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3357"
},
{
"name": "20030227 Invision Power Board (PHP)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"name": "6976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6976"
},
{
"name": "invision-ipchat-file-include(11435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8182"
},
{
"name": "3357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3357"
},
{
"name": "20030227 Invision Power Board (PHP)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"name": "6976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6976"
},
{
"name": "invision-ipchat-file-include(11435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1385",
"datePublished": "2007-10-19T10:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1076
Vulnerability from cvelistv5
Published
2006-03-09 00:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25254 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/426875/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/16971 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/430357/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-index-sql-injection(25254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254"
},
{
"name": "20060306 SQL injection in Invision Power Board v2.1.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426875/100/0/threaded"
},
{
"name": "16971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16971"
},
{
"name": "20060405 Re: SQL injection in Invision Power Board v2.1.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430357/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-index-sql-injection(25254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254"
},
{
"name": "20060306 SQL injection in Invision Power Board v2.1.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426875/100/0/threaded"
},
{
"name": "16971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16971"
},
{
"name": "20060405 Re: SQL injection in Invision Power Board v2.1.5",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430357/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-index-sql-injection(25254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25254"
},
{
"name": "20060306 SQL injection in Invision Power Board v2.1.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426875/100/0/threaded"
},
{
"name": "16971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16971"
},
{
"name": "20060405 Re: SQL injection in Invision Power Board v2.1.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430357/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1076",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1267
Vulnerability from cvelistv5
Published
2006-03-19 02:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/427847/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/427751/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060316 Re: Invision Power Board v2.1.4 - session hijacking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
},
{
"name": "20060314 Invision Power Board v2.1.4 - session hijacking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060316 Re: Invision Power Board v2.1.4 - session hijacking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
},
{
"name": "20060314 Invision Power Board v2.1.4 - session hijacking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060316 Re: Invision Power Board v2.1.4 - session hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
},
{
"name": "20060314 Invision Power Board v2.1.4 - session hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1267",
"datePublished": "2006-03-19T02:00:00",
"dateReserved": "2006-03-18T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2204
Vulnerability from cvelistv5
Published
2006-05-05 10:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17837 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26190 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/551 | third-party-advisory, x_refsource_SREASON | |
| http://forums.invisionpower.com/index.php?showtopic=214248&view=getnewpo | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1605 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/432591/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/432948/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/19901 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17837"
},
{
"name": "invision-func_mod-sql-injection(26190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"name": "551",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"name": "ADV-2006-1605",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"name": "20060428 Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"name": "20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"name": "19901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17837"
},
{
"name": "invision-func_mod-sql-injection(26190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"name": "551",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"name": "ADV-2006-1605",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"name": "20060428 Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"name": "20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"name": "19901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17837"
},
{
"name": "invision-func_mod-sql-injection(26190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"name": "551",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/551"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"name": "ADV-2006-1605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"name": "20060428 Invision Power Board v2.1.5 Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"name": "20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"name": "19901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2204",
"datePublished": "2006-05-05T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4155
Vulnerability from cvelistv5
Published
2006-08-16 21:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/21442 | third-party-advisory, x_refsource_SECUNIA | |
| http://forums.invisionpower.com/index.php?&showtopic=225755 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/3260 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"name": "ADV-2006-3260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"name": "ADV-2006-3260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21442"
},
{
"name": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"name": "ADV-2006-3260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4155",
"datePublished": "2006-08-16T21:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0888
Vulnerability from cvelistv5
Published
2006-02-25 11:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/1489 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/16616 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1489"
},
{
"name": "16616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1489"
},
{
"name": "16616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1489",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1489"
},
{
"name": "16616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0888",
"datePublished": "2006-02-25T11:00:00",
"dateReserved": "2006-02-25T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5688
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26213 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37461 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27406 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.inj3ct-it.org/exploit/Multi_Host.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/482838/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26213",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26213"
},
{
"name": "phpbb-multiforums-sql-injection(37461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"name": "27406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27406"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"name": "20071025 Multi Host Forum Pro phpbb \u0026 ipb Multiple Sql Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26213",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26213"
},
{
"name": "phpbb-multiforums-sql-injection(37461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"name": "27406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27406"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"name": "20071025 Multi Host Forum Pro phpbb \u0026 ipb Multiple Sql Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26213"
},
{
"name": "phpbb-multiforums-sql-injection(37461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"name": "27406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27406"
},
{
"name": "http://www.inj3ct-it.org/exploit/Multi_Host.txt",
"refsource": "MISC",
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"name": "20071025 Multi Host Forum Pro phpbb \u0026 ipb Multiple Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5688",
"datePublished": "2007-10-29T19:00:00",
"dateReserved": "2007-10-29T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2217
Vulnerability from cvelistv5
Published
2006-05-05 10:00
Modified
2024-09-17 04:05
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17839 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2217",
"datePublished": "2006-05-05T10:00:00Z",
"dateReserved": "2006-05-05T00:00:00Z",
"dateUpdated": "2024-09-17T04:05:07.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2061
Vulnerability from cvelistv5
Published
2006-04-26 20:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26071 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/432226/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/796 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/17690 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/19830 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1534 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/431990/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://forums.invisionpower.com/index.php?showtopic=213374 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-index-ck-sql-injection(26071)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "17690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-index-ck-sql-injection(26071)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "17690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17690"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-index-ck-sql-injection(26071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26071"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "17690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17690"
},
{
"name": "19830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19830"
},
{
"name": "ADV-2006-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=213374",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2061",
"datePublished": "2006-04-26T20:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4912
Vulnerability from cvelistv5
Published
2007-09-17 17:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36589 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25656 | vdb-entry, x_refsource_BID | |
| http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/26788 | third-party-advisory, x_refsource_SECUNIA | |
| http://forums.invisionpower.com/index.php?showtopic=237075 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-profile-xss(36589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-profile-xss(36589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-profile-xss(36589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"name": "25656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "26788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26788"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=237075",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4912",
"datePublished": "2007-09-17T17:00:00",
"dateReserved": "2007-09-17T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1369
Vulnerability from cvelistv5
Published
2006-03-23 23:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/19299 | third-party-advisory, x_refsource_SECUNIA | |
| http://forums.invisionpower.com/index.php?showtopic=209178 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/1044 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/17187 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25384 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"name": "ADV-2006-1044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1044"
},
{
"name": "17187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17187"
},
{
"name": "invision-privatemessage-xss(25384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"name": "ADV-2006-1044",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1044"
},
{
"name": "17187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17187"
},
{
"name": "invision-privatemessage-xss(25384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19299"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=209178",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=209178"
},
{
"name": "ADV-2006-1044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1044"
},
{
"name": "17187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17187"
},
{
"name": "invision-privatemessage-xss(25384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1369",
"datePublished": "2006-03-23T23:00:00",
"dateReserved": "2006-03-23T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2498
Vulnerability from cvelistv5
Published
2006-05-20 02:59
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/25668 | vdb-entry, x_refsource_OSVDB | |
| http://forums.invisionpower.com/index.php?showtopic=215527 | x_refsource_CONFIRM | |
| http://attrition.org/pipermail/vim/2006-May/000776.html | mailing-list, x_refsource_VIM | |
| http://www.securityfocus.com/bid/18040 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/1859 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/20158 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/25667 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26541 | vdb-entry, x_refsource_XF | |
| http://forums.invisionpower.com/index.php?act=Attach&type=post&id=10026 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"name": "20060519 Partial details on Invision Power Board (IPB) PHP execution issue",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"name": "18040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18040"
},
{
"name": "ADV-2006-1859",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"name": "20158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20158"
},
{
"name": "25667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25667"
},
{
"name": "invision-unspecified-code-execution(26541)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"name": "20060519 Partial details on Invision Power Board (IPB) PHP execution issue",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"name": "18040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18040"
},
{
"name": "ADV-2006-1859",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"name": "20158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20158"
},
{
"name": "25667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25667"
},
{
"name": "invision-unspecified-code-execution(26541)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25668"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=215527",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"name": "20060519 Partial details on Invision Power Board (IPB) PHP execution issue",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"name": "18040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18040"
},
{
"name": "ADV-2006-1859",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"name": "20158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20158"
},
{
"name": "25667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25667"
},
{
"name": "invision-unspecified-code-execution(26541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"name": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026",
"refsource": "MISC",
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2498",
"datePublished": "2006-05-20T02:59:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0913
Vulnerability from cvelistv5
Published
2008-02-22 23:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29055 | third-party-advisory, x_refsource_SECUNIA | |
| http://forums.invisionpower.com/index.php?showtopic=269961 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29055"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=269961",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0913",
"datePublished": "2008-02-22T23:00:00Z",
"dateReserved": "2008-02-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:36:25.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1359
Vulnerability from cvelistv5
Published
2008-03-17 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29378 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0899/references | vdb-entry, x_refsource_VUPEN | |
| http://forums.invisionpower.com/index.php?showtopic=270637 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41209 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29378"
},
{
"name": "ADV-2008-0899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"name": "ipb-nested-bbcodes-xss(41209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29378"
},
{
"name": "ADV-2008-0899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"name": "ipb-nested-bbcodes-xss(41209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29378"
},
{
"name": "ADV-2008-0899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=270637",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"name": "ipb-nested-bbcodes-xss(41209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1359",
"datePublished": "2008-03-17T17:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3219
Vulnerability from cvelistv5
Published
2007-06-14 22:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34841 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24442 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25637 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/35436 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/2160 | vdb-entry, x_refsource_VUPEN | |
| http://forums.invisionpower.com/index.php?showtopic=235316 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-xmlout-data-manipulation(34841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"name": "24442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24442"
},
{
"name": "25637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25637"
},
{
"name": "35436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35436"
},
{
"name": "ADV-2007-2160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user\u0027s profile data, such as an AIM screen name or Yahoo! identity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-xmlout-data-manipulation(34841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"name": "24442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24442"
},
{
"name": "25637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25637"
},
{
"name": "35436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35436"
},
{
"name": "ADV-2007-2160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user\u0027s profile data, such as an AIM screen name or Yahoo! identity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-xmlout-data-manipulation(34841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"name": "24442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24442"
},
{
"name": "25637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25637"
},
{
"name": "35436",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35436"
},
{
"name": "ADV-2007-2160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=235316",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3219",
"datePublished": "2007-06-14T22:00:00",
"dateReserved": "2007-06-14T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0802
Vulnerability from cvelistv5
Published
2010-03-02 20:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38407 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/11297 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38407"
},
{
"name": "11297",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38407"
},
{
"name": "11297",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38407"
},
{
"name": "11297",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11297"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0802",
"datePublished": "2010-03-02T20:00:00",
"dateReserved": "2010-03-02T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0477
Vulnerability from cvelistv5
Published
2005-02-19 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19399 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110868196922995&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-power-board-sml-xss(19399)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399"
},
{
"name": "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110868196922995\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-power-board-sml-xss(19399)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399"
},
{
"name": "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110868196922995\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-power-board-sml-xss(19399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399"
},
{
"name": "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110868196922995\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0477",
"datePublished": "2005-02-19T05:00:00",
"dateReserved": "2005-02-19T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2279
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15448 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2004-03/0082.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-indexphp-xss(15448)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15448"
},
{
"name": "20040308 Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0082.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-indexphp-xss(15448)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15448"
},
{
"name": "20040308 Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0082.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-indexphp-xss(15448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15448"
},
{
"name": "20040308 Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0082.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2279",
"datePublished": "2005-07-19T04:00:00",
"dateReserved": "2005-07-19T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2349
Vulnerability from cvelistv5
Published
2007-04-30 22:00
Modified
2024-08-07 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.invisionpower.com/index.php?showtopic=234377 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33942 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/35427 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/1558 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25021 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"name": "ipb-classupload-xss(33942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"name": "35427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35427"
},
{
"name": "ADV-2007-1558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"name": "25021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"name": "ipb-classupload-xss(33942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"name": "35427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35427"
},
{
"name": "ADV-2007-1558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"name": "25021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=234377",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"name": "ipb-classupload-xss(33942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"name": "35427",
"refsource": "OSVDB",
"url": "http://osvdb.org/35427"
},
{
"name": "ADV-2007-1558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"name": "25021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2349",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7071
Vulnerability from cvelistv5
Published
2007-02-27 18:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rst.void.ru/download/r57ipb216gui.txt | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/21072 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/2810 | vdb-entry, x_refsource_VUPEN | |
| https://www.exploit-db.com/exploits/2010 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27753 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/2325 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"name": "20060714 Invision Power Board 2.1 \u003c= 2.1.6 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"name": "21072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21072"
},
{
"name": "ADV-2006-2810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"name": "2010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"name": "ipb-classsession-sql-injection(27753)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"name": "2325",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"name": "20060714 Invision Power Board 2.1 \u003c= 2.1.6 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"name": "21072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21072"
},
{
"name": "ADV-2006-2810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"name": "2010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"name": "ipb-classsession-sql-injection(27753)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"name": "2325",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rst.void.ru/download/r57ipb216gui.txt",
"refsource": "MISC",
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"name": "20060714 Invision Power Board 2.1 \u003c= 2.1.6 sql injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"name": "21072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21072"
},
{
"name": "ADV-2006-2810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"name": "2010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"name": "ipb-classsession-sql-injection(27753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"name": "2325",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7071",
"datePublished": "2007-02-27T18:00:00",
"dateReserved": "2007-02-27T00:00:00",
"dateUpdated": "2024-08-07T20:50:06.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6565
Vulnerability from cvelistv5
Published
2009-03-31 17:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28466 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41502 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/490115/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28466"
},
{
"name": "Invisionpowerboard-signature-xss(41502)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"name": "20080326 Invision Power Board \u003c=2.3.x iFrame Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28466"
},
{
"name": "Invisionpowerboard-signature-xss(41502)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"name": "20080326 Invision Power Board \u003c=2.3.x iFrame Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28466"
},
{
"name": "Invisionpowerboard-signature-xss(41502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"name": "20080326 Invision Power Board \u003c=2.3.x iFrame Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6565",
"datePublished": "2009-03-31T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1287
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/19141 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0861 | vdb-entry, x_refsource_VUPEN | |
| http://forums.invisionpower.com/index.php?showtopic=206790 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=206790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=206790"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=206790",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=206790"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1287",
"datePublished": "2006-03-19T23:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4913
Vulnerability from cvelistv5
Published
2007-09-17 17:00
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 | x_refsource_CONFIRM | |
| http://forums.invisionpower.com/index.php?showtopic=237075 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-17T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=237075",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4913",
"datePublished": "2007-09-17T17:00:00Z",
"dateReserved": "2007-09-17T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:05.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0909
Vulnerability from cvelistv5
Published
2006-02-28 11:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24840 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/425713/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://neosecurityteam.net/index.php?action=advisories&id=16 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/466275/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://neosecurityteam.net/advisories/Advisory-16.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"name": "20070419 IPB (Invision Power Board) Full Path Disclusure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466275/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"name": "20070419 IPB (Invision Power Board) Full Path Disclusure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466275/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"name": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16",
"refsource": "MISC",
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"name": "20070419 IPB (Invision Power Board) Full Path Disclusure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466275/100/0/threaded"
},
{
"name": "http://neosecurityteam.net/advisories/Advisory-16.txt",
"refsource": "MISC",
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0909",
"datePublished": "2006-02-28T11:00:00",
"dateReserved": "2006-02-28T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7064
Vulnerability from cvelistv5
Published
2007-02-24 01:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/18450 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/2307 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27069 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060609 Invision Power Board XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060609 Invision Power Board XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060609 Invision Power Board XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7064",
"datePublished": "2007-02-24T01:00:00",
"dateReserved": "2007-02-23T00:00:00",
"dateUpdated": "2024-08-07T20:50:05.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1288
Vulnerability from cvelistv5
Published
2006-03-19 23:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.invisionpower.com/index.php?showtopic=204627 | x_refsource_CONFIRM | |
| http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9642 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/19141 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0861 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25100 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=9642"
},
{
"name": "19141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name": "invision-multiple-sql-injection(25100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=9642"
},
{
"name": "19141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name": "invision-multiple-sql-injection(25100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=204627",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=204627"
},
{
"name": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=9642",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=9642"
},
{
"name": "19141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name": "invision-multiple-sql-injection(25100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1288",
"datePublished": "2006-03-19T23:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2060
Vulnerability from cvelistv5
Published
2006-04-26 20:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26072 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/432226/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/796 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/19830 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/25008 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/1534 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/431990/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/439607/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://forums.invisionpower.com/index.php?showtopic=213374 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-admin-file-include(26072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "25008",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25008"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-admin-file-include(26072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "19830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19830"
},
{
"name": "25008",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25008"
},
{
"name": "ADV-2006-1534",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-admin-file-include(26072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26072"
},
{
"name": "20060427 Re: Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432226/100/0/threaded"
},
{
"name": "796",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/796"
},
{
"name": "19830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19830"
},
{
"name": "25008",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25008"
},
{
"name": "ADV-2006-1534",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1534"
},
{
"name": "20060425 Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431990/100/0/threaded"
},
{
"name": "20060710 Re: RE: Invision Vulnerabilities, including remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439607/100/0/threaded"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=213374",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=213374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2060",
"datePublished": "2006-04-26T20:00:00",
"dateReserved": "2006-04-26T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4914
Vulnerability from cvelistv5
Published
2007-09-17 17:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36590 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25656 | vdb-entry, x_refsource_BID | |
| http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 | x_refsource_CONFIRM | |
| http://osvdb.org/41322 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/41321 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/41323 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/41320 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/26788 | third-party-advisory, x_refsource_SECUNIA | |
| http://forums.invisionpower.com/index.php?showtopic=237075 | x_refsource_CONFIRM | |
| http://osvdb.org/41319 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-subscription-unauthorized-access(36590)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "41322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41322"
},
{
"name": "41321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41321"
},
{
"name": "41323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41323"
},
{
"name": "41320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41320"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-subscription-unauthorized-access(36590)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "41322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41322"
},
{
"name": "41321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41321"
},
{
"name": "41323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41323"
},
{
"name": "41320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41320"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-subscription-unauthorized-access(36590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"name": "25656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "41322",
"refsource": "OSVDB",
"url": "http://osvdb.org/41322"
},
{
"name": "41321",
"refsource": "OSVDB",
"url": "http://osvdb.org/41321"
},
{
"name": "41323",
"refsource": "OSVDB",
"url": "http://osvdb.org/41323"
},
{
"name": "41320",
"refsource": "OSVDB",
"url": "http://osvdb.org/41320"
},
{
"name": "26788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26788"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=237075",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"name": "41319",
"refsource": "OSVDB",
"url": "http://osvdb.org/41319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4914",
"datePublished": "2007-09-17T17:00:00",
"dateReserved": "2007-09-17T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2963
Vulnerability from cvelistv5
Published
2007-05-31 23:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34616 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24244 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25437 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/35431 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/35430 | vdb-entry, x_refsource_OSVDB | |
| http://forums.invisionpower.com/index.php?showtopic=235069 | x_refsource_CONFIRM | |
| http://osvdb.org/35435 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/1993 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/35433 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/35434 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/35432 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-editorid-xss(34616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"name": "24244",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24244"
},
{
"name": "25437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25437"
},
{
"name": "35431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35431"
},
{
"name": "35430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"name": "35435",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35435"
},
{
"name": "ADV-2007-1993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"name": "35433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35433"
},
{
"name": "35434",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35434"
},
{
"name": "35432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-editorid-xss(34616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"name": "24244",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24244"
},
{
"name": "25437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25437"
},
{
"name": "35431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35431"
},
{
"name": "35430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"name": "35435",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35435"
},
{
"name": "ADV-2007-1993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"name": "35433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35433"
},
{
"name": "35434",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35434"
},
{
"name": "35432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-editorid-xss(34616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"name": "24244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24244"
},
{
"name": "25437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25437"
},
{
"name": "35431",
"refsource": "OSVDB",
"url": "http://osvdb.org/35431"
},
{
"name": "35430",
"refsource": "OSVDB",
"url": "http://osvdb.org/35430"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=235069",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"name": "35435",
"refsource": "OSVDB",
"url": "http://osvdb.org/35435"
},
{
"name": "ADV-2007-1993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"name": "35433",
"refsource": "OSVDB",
"url": "http://osvdb.org/35433"
},
{
"name": "35434",
"refsource": "OSVDB",
"url": "http://osvdb.org/35434"
},
{
"name": "35432",
"refsource": "OSVDB",
"url": "http://osvdb.org/35432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2963",
"datePublished": "2007-05-31T23:00:00",
"dateReserved": "2007-05-31T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0910
Vulnerability from cvelistv5
Published
2006-02-28 11:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24840 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/425713/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://neosecurityteam.net/index.php?action=advisories&id=16 | x_refsource_MISC | |
| http://neosecurityteam.net/advisories/Advisory-16.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invisionpowerboard-multiple-info-disclosure(24840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24840"
},
{
"name": "20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425713/100/0/threaded"
},
{
"name": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16",
"refsource": "MISC",
"url": "http://neosecurityteam.net/index.php?action=advisories\u0026id=16"
},
{
"name": "http://neosecurityteam.net/advisories/Advisory-16.txt",
"refsource": "MISC",
"url": "http://neosecurityteam.net/advisories/Advisory-16.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0910",
"datePublished": "2006-02-28T11:00:00",
"dateReserved": "2006-02-28T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5204
Vulnerability from cvelistv5
Published
2006-10-09 19:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/3927 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29351 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22272 | third-party-advisory, x_refsource_SECUNIA | |
| http://forums.invisionpower.com/index.php?showtopic=227937 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/447710/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3927",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22272"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=227937",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5204",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1326
Vulnerability from cvelistv5
Published
2006-03-21 01:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/25010 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/25013 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/25011 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/25014 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/428015/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/25012 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/17144 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/25009 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/25015 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25010"
},
{
"name": "25013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25013"
},
{
"name": "25011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25011"
},
{
"name": "25014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25014"
},
{
"name": "20060317 XSS IN Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428015/100/0/threaded"
},
{
"name": "25012",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25012"
},
{
"name": "17144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17144"
},
{
"name": "25009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25009"
},
{
"name": "25015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25010",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25010"
},
{
"name": "25013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25013"
},
{
"name": "25011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25011"
},
{
"name": "25014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25014"
},
{
"name": "20060317 XSS IN Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428015/100/0/threaded"
},
{
"name": "25012",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25012"
},
{
"name": "17144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17144"
},
{
"name": "25009",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25009"
},
{
"name": "25015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25010",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25010"
},
{
"name": "25013",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25013"
},
{
"name": "25011",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25011"
},
{
"name": "25014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25014"
},
{
"name": "20060317 XSS IN Invision Power Board",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428015/100/0/threaded"
},
{
"name": "25012",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25012"
},
{
"name": "17144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17144"
},
{
"name": "25009",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25009"
},
{
"name": "25015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1326",
"datePublished": "2006-03-21T01:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1598
Vulnerability from cvelistv5
Published
2005-05-16 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111712587206834&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/15265 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16297 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1014499 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=111539908705851&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1013907 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/13529 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/1013 | exploit, x_refsource_EXPLOIT-DB | |
| http://forums.invisionpower.com/index.php?showtopic=168016 | x_refsource_CONFIRM | |
| http://www.securiteam.com/exploits/5GP0E2KFQQ.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20446 | vdb-entry, x_refsource_XF | |
| http://www.gulftech.org/?node=research&article_id=00073-05052005 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16297"
},
{
"name": "1014499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014499"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "13529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13529"
},
{
"name": "1013",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"name": "invision-powerboard-login-sql-injection(20446)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"name": "15265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16297"
},
{
"name": "1014499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014499"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "13529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13529"
},
{
"name": "1013",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"name": "invision-powerboard-login-sql-injection(20446)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050526 Invision Power Board 1.* and 2.* Exploit (BID 13529)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111712587206834\u0026w=2"
},
{
"name": "15265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15265"
},
{
"name": "16297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16297"
},
{
"name": "1014499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014499"
},
{
"name": "20050506 Multiple Vulnerabilities In Invision Power Board",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111539908705851\u0026w=2"
},
{
"name": "1013907",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013907"
},
{
"name": "13529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13529"
},
{
"name": "1013",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1013"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=168016",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=168016"
},
{
"name": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5GP0E2KFQQ.html"
},
{
"name": "invision-powerboard-login-sql-injection(20446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20446"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00073-05052005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1598",
"datePublished": "2005-05-16T04:00:00",
"dateReserved": "2005-05-16T00:00:00",
"dateUpdated": "2024-08-07T21:59:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5203
Vulnerability from cvelistv5
Published
2006-10-09 19:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29352 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/447710/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-description-xss(29352)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-description-xss(29352)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-description-xss(29352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5203",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}