Invisioncommunity

Invision Power Board

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-8897

Exploit
  • EPSS 0.29%
  • Veröffentlicht 11.05.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to mak...

5.9

CVE-2016-2564

  • EPSS 0.31%
  • Veröffentlicht 23.04.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time ...

8.1

CVE-2016-6174

Exploit
  • EPSS 19.83%
  • Veröffentlicht 12.07.2016 19:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execut...

7.8

CVE-2015-6812

  • EPSS 0.49%
  • Veröffentlicht 04.09.2015 17:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.

7.5

CVE-2014-9239

Exploit
  • EPSS 0.36%
  • Veröffentlicht 03.12.2014 21:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the...

4.3

CVE-2014-5106

  • EPSS 0.25%
  • Veröffentlicht 28.07.2014 15:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

4.3

CVE-2014-3149

  • EPSS 0.37%
  • Veröffentlicht 03.07.2014 14:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inje...

10

CVE-2012-5692

  • EPSS 82.86%
  • Veröffentlicht 31.10.2012 10:50:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

4.3

CVE-2010-3424

  • EPSS 0.31%
  • Veröffentlicht 16.09.2010 22:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2009-3974

  • EPSS 0.32%
  • Veröffentlicht 18.11.2009 23:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/searc...