Vulnerabilities > Invision Power Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-14 | CVE-2007-3219 | Unspecified vulnerability in Invision Power Services Invision Power Board 2.2/2.2.1/2.2.2 Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. | 7.8 |
| 2007-05-31 | CVE-2007-2963 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. network invision-power-services | 4.3 |
| 2007-04-30 | CVE-2007-2349 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.2 Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. network invision-power-services | 5.8 |
| 2007-03-02 | CVE-2006-7071 | SQL-Injection vulnerability in Invision Power Board SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. | 7.5 |
| 2007-02-24 | CVE-2006-7064 | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. | 9.3 |
| 2006-12-07 | CVE-2006-6370 | SQL-Injection vulnerability in Invision Power Services Invision Gallery 2.0.7 SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. | 7.5 |
| 2006-12-07 | CVE-2006-6369 | SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4 SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | 7.5 |
| 2006-10-10 | CVE-2006-5206 | SQL Injection vulnerability in Invision Gallery SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. | 7.5 |
| 2006-10-10 | CVE-2006-5205 | Directory Traversal vulnerability in Invision Gallery Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-10-10 | CVE-2006-5204 | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | 2.1 |