Vulnerabilities > Invision Power Services

DATE CVE VULNERABILITY TITLE RISK
2006-02-25 CVE-2006-0888 Denial of Service vulnerability in Invision Power Services Invision Power Board 2.0.1
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
network
high complexity
invision-power-services
2.6
2005-11-16 CVE-2005-3549 Remote Security vulnerability in Invision Power Services Invision Board 2.0.1
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
network
low complexity
invision-power-services
6.5
2005-11-16 CVE-2005-3548 Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1
Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a ..
network
low complexity
invision-power-services CWE-22
4.0
2005-11-16 CVE-2005-3547 Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
4.3
2005-11-03 CVE-2005-3477 HTML Injection vulnerability in Invision Power Services Invision Gallery 2.0.3
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312.
4.3
2005-11-01 CVE-2005-3395 SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.3
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
network
low complexity
invision-power-services
7.5
2005-08-10 CVE-2005-2542 Cross-Site Scripting vulnerability in Invision Power Board Attached File
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
network
low complexity
invision-power-services
5.0
2005-06-09 CVE-2005-1948 SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1/1.3
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
network
low complexity
invision-power-services
7.5
2005-06-09 CVE-2005-1946 SQL-Injection vulnerability in Invision Community Blog 1.0/1.1
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
network
low complexity
invision-power-services
7.5
2005-06-09 CVE-2005-1945 Cross-Site Scripting vulnerability in Invision Community Blog 1.0/1.1
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.
4.3