Vulnerabilities > CVE-2006-0910 - Unspecified vulnerability in Invision Power Services Invision Power Board
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.
Vulnerable Configurations
References
- http://neosecurityteam.net/advisories/Advisory-16.txt
- http://neosecurityteam.net/advisories/Advisory-16.txt
- http://neosecurityteam.net/index.php?action=advisories&id=16
- http://neosecurityteam.net/index.php?action=advisories&id=16
- http://www.securityfocus.com/archive/1/425713/100/0/threaded
- http://www.securityfocus.com/archive/1/425713/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24840