Search criteria
71 vulnerabilities by invision_power_services
CVE-2008-6565 (GCVE-0-2008-6565)
Vulnerability from cvelistv5 – Published: 2009-03-31 17:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28466"
},
{
"name": "Invisionpowerboard-signature-xss(41502)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"name": "20080326 Invision Power Board \u003c=2.3.x iFrame Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28466"
},
{
"name": "Invisionpowerboard-signature-xss(41502)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"name": "20080326 Invision Power Board \u003c=2.3.x iFrame Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28466"
},
{
"name": "Invisionpowerboard-signature-xss(41502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41502"
},
{
"name": "20080326 Invision Power Board \u003c=2.3.x iFrame Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490115/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6565",
"datePublished": "2009-03-31T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4171 (GCVE-0-2008-4171)
Vulnerability from cvelistv5 – Published: 2008-09-22 18:00 – Updated: 2024-08-07 10:08
VLAI?
Summary
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"name": "ADV-2008-2487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"name": "31288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31288"
},
{
"name": "1020817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"name": "ADV-2008-2487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"name": "31288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31288"
},
{
"name": "1020817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=276512",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=276512"
},
{
"name": "ADV-2008-2487",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2487"
},
{
"name": "31288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31288"
},
{
"name": "1020817",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4171",
"datePublished": "2008-09-22T18:00:00",
"dateReserved": "2008-09-22T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1359 (GCVE-0-2008-1359)
Vulnerability from cvelistv5 – Published: 2008-03-17 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29378"
},
{
"name": "ADV-2008-0899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"name": "ipb-nested-bbcodes-xss(41209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29378"
},
{
"name": "ADV-2008-0899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"name": "ipb-nested-bbcodes-xss(41209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29378"
},
{
"name": "ADV-2008-0899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0899/references"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=270637",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=270637"
},
{
"name": "ipb-nested-bbcodes-xss(41209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1359",
"datePublished": "2008-03-17T17:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0913 (GCVE-0-2008-0913)
Vulnerability from cvelistv5 – Published: 2008-02-22 23:00 – Updated: 2024-09-16 19:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-22T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29055"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=269961",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=269961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0913",
"datePublished": "2008-02-22T23:00:00Z",
"dateReserved": "2008-02-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:36:25.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0421 (GCVE-0-2008-0421)
Vulnerability from cvelistv5 – Published: 2008-01-23 20:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4966",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4966",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4966",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0421",
"datePublished": "2008-01-23T20:00:00",
"dateReserved": "2008-01-23T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5688 (GCVE-0-2007-5688)
Vulnerability from cvelistv5 – Published: 2007-10-29 19:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26213",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26213"
},
{
"name": "phpbb-multiforums-sql-injection(37461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"name": "27406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27406"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"name": "20071025 Multi Host Forum Pro phpbb \u0026 ipb Multiple Sql Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26213",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26213"
},
{
"name": "phpbb-multiforums-sql-injection(37461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"name": "27406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27406"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"name": "20071025 Multi Host Forum Pro phpbb \u0026 ipb Multiple Sql Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26213"
},
{
"name": "phpbb-multiforums-sql-injection(37461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37461"
},
{
"name": "27406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27406"
},
{
"name": "http://www.inj3ct-it.org/exploit/Multi_Host.txt",
"refsource": "MISC",
"url": "http://www.inj3ct-it.org/exploit/Multi_Host.txt"
},
{
"name": "20071025 Multi Host Forum Pro phpbb \u0026 ipb Multiple Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482838/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5688",
"datePublished": "2007-10-29T19:00:00",
"dateReserved": "2007-10-29T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1454 (GCVE-0-2003-1454)
Vulnerability from cvelistv5 – Published: 2007-10-23 01:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "invision-admin-plaintext-password(11871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"name": "7440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7440"
},
{
"name": "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"name": "3276",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "invision-admin-plaintext-password(11871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"name": "7440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7440"
},
{
"name": "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"name": "3276",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-admin-plaintext-password(11871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871"
},
{
"name": "7440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7440"
},
{
"name": "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/319747"
},
{
"name": "3276",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1454",
"datePublished": "2007-10-23T01:00:00",
"dateReserved": "2007-10-22T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1385 (GCVE-0-2003-1385)
Vulnerability from cvelistv5 – Published: 2007-10-19 10:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8182"
},
{
"name": "3357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3357"
},
{
"name": "20030227 Invision Power Board (PHP)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"name": "6976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6976"
},
{
"name": "invision-ipchat-file-include(11435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8182",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8182"
},
{
"name": "3357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3357"
},
{
"name": "20030227 Invision Power Board (PHP)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"name": "6976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6976"
},
{
"name": "invision-ipchat-file-include(11435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8182"
},
{
"name": "3357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3357"
},
{
"name": "20030227 Invision Power Board (PHP)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html"
},
{
"name": "6976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6976"
},
{
"name": "invision-ipchat-file-include(11435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1385",
"datePublished": "2007-10-19T10:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4914 (GCVE-0-2007-4914)
Vulnerability from cvelistv5 – Published: 2007-09-17 17:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-subscription-unauthorized-access(36590)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "41322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41322"
},
{
"name": "41321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41321"
},
{
"name": "41323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41323"
},
{
"name": "41320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41320"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-subscription-unauthorized-access(36590)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "41322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41322"
},
{
"name": "41321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41321"
},
{
"name": "41323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41323"
},
{
"name": "41320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41320"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-subscription-unauthorized-access(36590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36590"
},
{
"name": "25656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "41322",
"refsource": "OSVDB",
"url": "http://osvdb.org/41322"
},
{
"name": "41321",
"refsource": "OSVDB",
"url": "http://osvdb.org/41321"
},
{
"name": "41323",
"refsource": "OSVDB",
"url": "http://osvdb.org/41323"
},
{
"name": "41320",
"refsource": "OSVDB",
"url": "http://osvdb.org/41320"
},
{
"name": "26788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26788"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=237075",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
},
{
"name": "41319",
"refsource": "OSVDB",
"url": "http://osvdb.org/41319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4914",
"datePublished": "2007-09-17T17:00:00",
"dateReserved": "2007-09-17T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4912 (GCVE-0-2007-4912)
Vulnerability from cvelistv5 – Published: 2007-09-17 17:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-profile-xss(36589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-profile-xss(36589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"name": "25656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "26788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-profile-xss(36589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589"
},
{
"name": "25656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25656"
},
{
"name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "26788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26788"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=237075",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4912",
"datePublished": "2007-09-17T17:00:00",
"dateReserved": "2007-09-17T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4913 (GCVE-0-2007-4913)
Vulnerability from cvelistv5 – Published: 2007-09-17 17:00 – Updated: 2024-09-17 02:21
VLAI?
Summary
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-17T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?act=attach\u0026type=post\u0026id=11870"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=237075",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=237075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4913",
"datePublished": "2007-09-17T17:00:00Z",
"dateReserved": "2007-09-17T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:05.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3219 (GCVE-0-2007-3219)
Vulnerability from cvelistv5 – Published: 2007-06-14 22:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-xmlout-data-manipulation(34841)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"name": "24442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24442"
},
{
"name": "25637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25637"
},
{
"name": "35436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35436"
},
{
"name": "ADV-2007-2160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user\u0027s profile data, such as an AIM screen name or Yahoo! identity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-xmlout-data-manipulation(34841)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"name": "24442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24442"
},
{
"name": "25637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25637"
},
{
"name": "35436",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35436"
},
{
"name": "ADV-2007-2160",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user\u0027s profile data, such as an AIM screen name or Yahoo! identity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-xmlout-data-manipulation(34841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34841"
},
{
"name": "24442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24442"
},
{
"name": "25637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25637"
},
{
"name": "35436",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35436"
},
{
"name": "ADV-2007-2160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2160"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=235316",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=235316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3219",
"datePublished": "2007-06-14T22:00:00",
"dateReserved": "2007-06-14T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2963 (GCVE-0-2007-2963)
Vulnerability from cvelistv5 – Published: 2007-05-31 23:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-editorid-xss(34616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"name": "24244",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24244"
},
{
"name": "25437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25437"
},
{
"name": "35431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35431"
},
{
"name": "35430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"name": "35435",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35435"
},
{
"name": "ADV-2007-1993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"name": "35433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35433"
},
{
"name": "35434",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35434"
},
{
"name": "35432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-editorid-xss(34616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"name": "24244",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24244"
},
{
"name": "25437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25437"
},
{
"name": "35431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35431"
},
{
"name": "35430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"name": "35435",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35435"
},
{
"name": "ADV-2007-1993",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"name": "35433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35433"
},
{
"name": "35434",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35434"
},
{
"name": "35432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-editorid-xss(34616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"
},
{
"name": "24244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24244"
},
{
"name": "25437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25437"
},
{
"name": "35431",
"refsource": "OSVDB",
"url": "http://osvdb.org/35431"
},
{
"name": "35430",
"refsource": "OSVDB",
"url": "http://osvdb.org/35430"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=235069",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=235069"
},
{
"name": "35435",
"refsource": "OSVDB",
"url": "http://osvdb.org/35435"
},
{
"name": "ADV-2007-1993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1993"
},
{
"name": "35433",
"refsource": "OSVDB",
"url": "http://osvdb.org/35433"
},
{
"name": "35434",
"refsource": "OSVDB",
"url": "http://osvdb.org/35434"
},
{
"name": "35432",
"refsource": "OSVDB",
"url": "http://osvdb.org/35432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2963",
"datePublished": "2007-05-31T23:00:00",
"dateReserved": "2007-05-31T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2349 (GCVE-0-2007-2349)
Vulnerability from cvelistv5 – Published: 2007-04-30 22:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"name": "ipb-classupload-xss(33942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"name": "35427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35427"
},
{
"name": "ADV-2007-1558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"name": "25021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"name": "ipb-classupload-xss(33942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"name": "35427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35427"
},
{
"name": "ADV-2007-1558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"name": "25021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=234377",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=234377"
},
{
"name": "ipb-classupload-xss(33942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33942"
},
{
"name": "35427",
"refsource": "OSVDB",
"url": "http://osvdb.org/35427"
},
{
"name": "ADV-2007-1558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1558"
},
{
"name": "25021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2349",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-30T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7071 (GCVE-0-2006-7071)
Vulnerability from cvelistv5 – Published: 2007-02-27 18:00 – Updated: 2024-08-07 20:50
VLAI?
Summary
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"name": "20060714 Invision Power Board 2.1 \u003c= 2.1.6 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"name": "21072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21072"
},
{
"name": "ADV-2006-2810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"name": "2010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"name": "ipb-classsession-sql-injection(27753)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"name": "2325",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"name": "20060714 Invision Power Board 2.1 \u003c= 2.1.6 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"name": "21072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21072"
},
{
"name": "ADV-2006-2810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"name": "2010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"name": "ipb-classsession-sql-injection(27753)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"name": "2325",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rst.void.ru/download/r57ipb216gui.txt",
"refsource": "MISC",
"url": "http://rst.void.ru/download/r57ipb216gui.txt"
},
{
"name": "20060714 Invision Power Board 2.1 \u003c= 2.1.6 sql injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0249.html"
},
{
"name": "21072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21072"
},
{
"name": "ADV-2006-2810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2810"
},
{
"name": "2010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2010"
},
{
"name": "ipb-classsession-sql-injection(27753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27753"
},
{
"name": "2325",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7071",
"datePublished": "2007-02-27T18:00:00",
"dateReserved": "2007-02-27T00:00:00",
"dateUpdated": "2024-08-07T20:50:06.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7064 (GCVE-0-2006-7064)
Vulnerability from cvelistv5 – Published: 2007-02-24 01:00 – Updated: 2024-08-07 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060609 Invision Power Board XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060609 Invision Power Board XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060609 Invision Power Board XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html"
},
{
"name": "18450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18450"
},
{
"name": "2307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2307"
},
{
"name": "ipb-admin-phpinfo-xss(27069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7064",
"datePublished": "2007-02-24T01:00:00",
"dateReserved": "2007-02-23T00:00:00",
"dateUpdated": "2024-08-07T20:50:05.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6369 (GCVE-0-2006-6369)
Vulnerability from cvelistv5 – Published: 2006-12-07 17:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=230108"
},
{
"name": "20061201 Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453159/100/100/threaded"
},
{
"name": "ADV-2006-4820",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4820"
},
{
"name": "20061130 Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453126/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the \"Preview message\" functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=230108"
},
{
"name": "20061201 Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453159/100/100/threaded"
},
{
"name": "ADV-2006-4820",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4820"
},
{
"name": "20061130 Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453126/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the \"Preview message\" functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=230108",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=230108"
},
{
"name": "20061201 Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453159/100/100/threaded"
},
{
"name": "ADV-2006-4820",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4820"
},
{
"name": "20061130 Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453126/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6369",
"datePublished": "2006-12-07T17:00:00",
"dateReserved": "2006-12-07T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6370 (GCVE-0-2006-6370)
Vulnerability from cvelistv5 – Published: 2006-12-07 17:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061201 Invision Gallery 2.0.7 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453167/100/100/threaded"
},
{
"name": "20061204 Re: Invision Gallery 2.0.7 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453468/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a \"SELECT BENCHMARK\" statement in the img parameter in a doaddcomment operation in index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061201 Invision Gallery 2.0.7 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453167/100/100/threaded"
},
{
"name": "20061204 Re: Invision Gallery 2.0.7 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453468/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a \"SELECT BENCHMARK\" statement in the img parameter in a doaddcomment operation in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061201 Invision Gallery 2.0.7 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453167/100/100/threaded"
},
{
"name": "20061204 Re: Invision Gallery 2.0.7 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453468/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6370",
"datePublished": "2006-12-07T17:00:00",
"dateReserved": "2006-12-07T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5205 (GCVE-0-2006-5205)
Vulnerability from cvelistv5 – Published: 2006-10-09 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2473",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2473"
},
{
"name": "invisiongallery-index-directory-traversal(29334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29334"
},
{
"name": "22400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22400"
},
{
"name": "20328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2473",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2473"
},
{
"name": "invisiongallery-index-directory-traversal(29334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29334"
},
{
"name": "22400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22400"
},
{
"name": "20328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20328"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2473",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2473"
},
{
"name": "invisiongallery-index-directory-traversal(29334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29334"
},
{
"name": "22400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22400"
},
{
"name": "20328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20328"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5205",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5203 (GCVE-0-2006-5203)
Vulnerability from cvelistv5 – Published: 2006-10-09 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipb-description-xss(29352)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipb-description-xss(29352)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the \"Manage Forums\" link in the Admin control panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipb-description-xss(29352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29352"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5203",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5206 (GCVE-0-2006-5206)
Vulnerability from cvelistv5 – Published: 2006-10-09 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2473",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2473"
},
{
"name": "22400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22400"
},
{
"name": "20327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20327"
},
{
"name": "invisiongallery-index-sql-injection(29333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2473",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2473"
},
{
"name": "22400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22400"
},
{
"name": "20327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20327"
},
{
"name": "invisiongallery-index-sql-injection(29333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29333"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2473",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2473"
},
{
"name": "22400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22400"
},
{
"name": "20327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20327"
},
{
"name": "invisiongallery-index-sql-injection(29333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29333"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5206",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5204 (GCVE-0-2006-5204)
Vulnerability from cvelistv5 – Published: 2006-10-09 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3927",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22272"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=227937",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5204",
"datePublished": "2006-10-09T19:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4155 (GCVE-0-2006-4155)
Vulnerability from cvelistv5 – Published: 2006-08-16 21:00 – Updated: 2024-08-07 18:57
VLAI?
Summary
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"name": "ADV-2006-3260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"name": "ADV-2006-3260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to \"access posts outside the topic.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21442"
},
{
"name": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?\u0026showtopic=225755"
},
{
"name": "ADV-2006-3260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4155",
"datePublished": "2006-08-16T21:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3543 (GCVE-0-2006-3543)
Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30 Disputed
VLAI?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18836",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18836"
},
{
"name": "1231",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1231"
},
{
"name": "20060704 Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "20060710 Re: Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"\u0027ketqua\u0027 [action] and file \u0027coin_list.php\u0027 are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18836",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18836"
},
{
"name": "1231",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1231"
},
{
"name": "20060704 Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "20060710 Re: Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"\u0027ketqua\u0027 [action] and file \u0027coin_list.php\u0027 are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18836"
},
{
"name": "1231",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1231"
},
{
"name": "20060704 Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded"
},
{
"name": "30084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30084"
},
{
"name": "20060710 Re: Invision Power Board \"v1.X \u0026 2.X\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3543",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3544 (GCVE-0-2006-3544)
Vulnerability from cvelistv5 – Published: 2006-07-13 00:00 – Updated: 2024-08-07 18:30 Disputed
VLAI?
Summary
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1225",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1225"
},
{
"name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"name": "18782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18782"
},
{
"name": "20060702 Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "ipb-index-sql-injection(27555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1225",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1225"
},
{
"name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"name": "18782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18782"
},
{
"name": "20060702 Invision Power Board v1.3 Final SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"name": "30084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30084"
},
{
"name": "ipb-index-sql-injection(27555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that \"At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1225",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1225"
},
{
"name": "20060710 Re: Invision Power Board v1.3 Final SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439629/100/0/threaded"
},
{
"name": "18782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18782"
},
{
"name": "20060702 Invision Power Board v1.3 Final SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438961/100/0/threaded"
},
{
"name": "30084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30084"
},
{
"name": "ipb-index-sql-injection(27555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3544",
"datePublished": "2006-07-13T00:00:00",
"dateReserved": "2006-07-12T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3197 (GCVE-0-2006-3197)
Vulnerability from cvelistv5 – Published: 2006-06-23 00:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:20.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=219126",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3197",
"datePublished": "2006-06-23T00:00:00",
"dateReserved": "2006-06-22T00:00:00",
"dateUpdated": "2024-08-07T18:23:20.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2498 (GCVE-0-2006-2498)
Vulnerability from cvelistv5 – Published: 2006-05-20 02:59 – Updated: 2024-08-07 17:51
VLAI?
Summary
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"name": "20060519 Partial details on Invision Power Board (IPB) PHP execution issue",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"name": "18040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18040"
},
{
"name": "ADV-2006-1859",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"name": "20158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20158"
},
{
"name": "25667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25667"
},
{
"name": "invision-unspecified-code-execution(26541)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"name": "20060519 Partial details on Invision Power Board (IPB) PHP execution issue",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"name": "18040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18040"
},
{
"name": "ADV-2006-1859",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"name": "20158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20158"
},
{
"name": "25667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25667"
},
{
"name": "invision-unspecified-code-execution(26541)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25668"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=215527",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=215527"
},
{
"name": "20060519 Partial details on Invision Power Board (IPB) PHP execution issue",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-May/000776.html"
},
{
"name": "18040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18040"
},
{
"name": "ADV-2006-1859",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1859"
},
{
"name": "20158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20158"
},
{
"name": "25667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25667"
},
{
"name": "invision-unspecified-code-execution(26541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26541"
},
{
"name": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026",
"refsource": "MISC",
"url": "http://forums.invisionpower.com/index.php?act=Attach\u0026type=post\u0026id=10026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2498",
"datePublished": "2006-05-20T02:59:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2251 (GCVE-0-2006-2251)
Vulnerability from cvelistv5 – Published: 2006-05-09 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17851",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17851"
},
{
"name": "20060508 Re: Invision Community Blog .. Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpost"
},
{
"name": "19973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19973"
},
{
"name": "invision-mod-sql-injection(26290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26290"
},
{
"name": "25252",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25252"
},
{
"name": "20060505 Invision Community Blog .. Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17851",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17851"
},
{
"name": "20060508 Re: Invision Community Blog .. Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpost"
},
{
"name": "19973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19973"
},
{
"name": "invision-mod-sql-injection(26290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26290"
},
{
"name": "25252",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25252"
},
{
"name": "20060505 Invision Community Blog .. Bugs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17851"
},
{
"name": "20060508 Re: Invision Community Blog .. Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0142.html"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpost",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpost"
},
{
"name": "19973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19973"
},
{
"name": "invision-mod-sql-injection(26290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26290"
},
{
"name": "25252",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25252"
},
{
"name": "20060505 Invision Community Blog .. Bugs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2251",
"datePublished": "2006-05-09T10:00:00",
"dateReserved": "2006-05-08T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2204 (GCVE-0-2006-2204)
Vulnerability from cvelistv5 – Published: 2006-05-05 10:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17837",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17837"
},
{
"name": "invision-func_mod-sql-injection(26190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"name": "551",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"name": "ADV-2006-1605",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"name": "20060428 Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"name": "20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"name": "19901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17837",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17837"
},
{
"name": "invision-func_mod-sql-injection(26190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"name": "551",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"name": "ADV-2006-1605",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"name": "20060428 Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"name": "20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"name": "19901",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17837"
},
{
"name": "invision-func_mod-sql-injection(26190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26190"
},
{
"name": "551",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/551"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=214248\u0026view=getnewpo"
},
{
"name": "ADV-2006-1605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1605"
},
{
"name": "20060428 Invision Power Board v2.1.5 Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432591/100/0/threaded"
},
{
"name": "20060504 Re: Invision Power Board v2.1.5 Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432948/30/0/threaded"
},
{
"name": "19901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2204",
"datePublished": "2006-05-05T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2217 (GCVE-0-2006-2217)
Vulnerability from cvelistv5 – Published: 2006-05-05 10:00 – Updated: 2024-09-17 04:05
VLAI?
Summary
SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-05T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2217",
"datePublished": "2006-05-05T10:00:00Z",
"dateReserved": "2006-05-05T00:00:00Z",
"dateUpdated": "2024-09-17T04:05:07.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}