Vulnerabilities > Invision Power Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-10 | CVE-2006-5203 | Cross-Site Scripting vulnerability in Invision Power Board Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. | 5.1 |
| 2006-08-16 | CVE-2006-4155 | Remote Security vulnerability in Invision Power Board Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." | 7.5 |
| 2006-06-23 | CVE-2006-3197 | HTML Injection vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. network invision-power-services | 4.3 |
| 2006-05-20 | CVE-2006-2498 | Arbitrary PHP Code Execution vulnerability in Invision Power Board Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | 6.4 |
| 2006-05-09 | CVE-2006-2251 | SQL Injection vulnerability in Invision Community Blog Mod.PHP SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. | 6.4 |
| 2006-05-05 | CVE-2006-2217 | SQL Injection vulnerability in Invision Power Board SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. | 7.5 |
| 2006-05-05 | CVE-2006-2204 | SQL Injection vulnerability in Invision Power Board Func_mod.PHP SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | 5.5 |
| 2006-05-04 | CVE-2006-2202 | SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.6 SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. | 6.4 |
| 2006-04-29 | CVE-2006-2097 | SQL Injection vulnerability in Invision Power Board Func_msg.PHP SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). | 7.5 |
| 2006-04-26 | CVE-2006-2061 | SQL Injection vulnerability in Invision Power Board Index.PHP CK Parameter SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. | 5.0 |