Invisioncommunity

Invision Power Board

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-8897

Exploit
  • EPSS 0.29%
  • Published 11.05.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to mak...

5.9

CVE-2016-2564

  • EPSS 0.31%
  • Published 23.04.2017 15:59:00
  • Last modified 20.04.2025 01:37:25

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time ...

8.1

CVE-2016-6174

Exploit
  • EPSS 19.83%
  • Published 12.07.2016 19:59:09
  • Last modified 12.04.2025 10:46:40

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execut...

7.8

CVE-2015-6812

  • EPSS 0.49%
  • Published 04.09.2015 17:59:00
  • Last modified 12.04.2025 10:46:40

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.

7.5

CVE-2014-9239

Exploit
  • EPSS 0.36%
  • Published 03.12.2014 21:59:08
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the...

4.3

CVE-2014-5106

  • EPSS 0.25%
  • Published 28.07.2014 15:55:03
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

4.3

CVE-2014-3149

  • EPSS 0.37%
  • Published 03.07.2014 14:55:07
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inje...

10

CVE-2012-5692

  • EPSS 82.86%
  • Published 31.10.2012 10:50:32
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

4.3

CVE-2010-3424

  • EPSS 0.31%
  • Published 16.09.2010 22:00:03
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2009-3974

  • EPSS 0.32%
  • Published 18.11.2009 23:30:00
  • Last modified 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/searc...