Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2006-04-26	CVE-2006-2061	SQL Injection vulnerability in Invision Power Board Index.PHP CK Parameter SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. network low complexity invision-power-services	5.0
2005-11-16	CVE-2005-3549	Remote Security vulnerability in Invision Power Services Invision Board 2.0.1 Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". network low complexity invision-power-services	6.5
2005-11-16	CVE-2005-3548	Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1 Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. network low complexity invision-power-services CWE-22	4.0
2005-11-16	CVE-2005-3547	Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1 Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. network invision-power-services	4.3
2005-08-10	CVE-2005-2542	Cross-Site Scripting vulnerability in Invision Power Board Attached File Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. network low complexity invision-power-services	5.0
2005-06-01	CVE-2005-1817	Unspecified vulnerability in Invision Power Services Invision Board Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. network low complexity invision-power-services	5.0
2005-06-01	CVE-2005-1816	Privilege Escalation vulnerability in Invision Power Board Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. local low complexity invision-power-services	4.6
2005-05-16	CVE-2005-1597	Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. network invision-power-services	4.3
2005-05-02	CVE-2005-0886	HTML Injection vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request. network invision-power-services	4.3
2004-11-23	CVE-2004-0359	Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters. network invision-power-services	6.8