Invision Power Services

Invision Power Board

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2006-2204

  • EPSS 0.32%
  • Veröffentlicht 05.05.2006 12:46:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypas...

7.5

CVE-2006-2097

Exploit
  • EPSS 0.7%
  • Veröffentlicht 29.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).

5

CVE-2006-2061

  • EPSS 1.64%
  • Veröffentlicht 26.04.2006 20:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

6.4

CVE-2006-2060

  • EPSS 2.26%
  • Veröffentlicht 26.04.2006 20:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the...

5

CVE-2006-2059

  • EPSS 9.46%
  • Veröffentlicht 26.04.2006 20:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expressio...

6.8

CVE-2006-1369

  • EPSS 1.31%
  • Veröffentlicht 23.03.2006 23:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.

4.3

CVE-2006-1326

Exploit
  • EPSS 0.64%
  • Veröffentlicht 21.03.2006 01:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to ...

7.5

CVE-2006-1288

  • EPSS 0.65%
  • Veröffentlicht 19.03.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value...

5.8

CVE-2006-1287

  • EPSS 0.31%
  • Veröffentlicht 19.03.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.

5.1

CVE-2006-1267

Exploit
  • EPSS 0.63%
  • Veröffentlicht 19.03.2006 02:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.