Vulnerabilities > Invision Power Services
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-25 | CVE-2006-0888 | Denial of Service vulnerability in Invision Power Services Invision Power Board 2.0.1 index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. | 2.6 |
2005-11-16 | CVE-2005-3549 | Remote Security vulnerability in Invision Power Services Invision Board 2.0.1 Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". | 6.5 |
2005-11-16 | CVE-2005-3548 | Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1 Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. | 4.0 |
2005-11-16 | CVE-2005-3547 | Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1 Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. network invision-power-services | 4.3 |
2005-11-03 | CVE-2005-3477 | HTML Injection vulnerability in Invision Power Services Invision Gallery 2.0.3 Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. network invision-power-services | 4.3 |
2005-11-01 | CVE-2005-3395 | SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.3 SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter. | 7.5 |
2005-08-10 | CVE-2005-2542 | Cross-Site Scripting vulnerability in Invision Power Board Attached File Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. | 5.0 |
2005-06-09 | CVE-2005-1948 | SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1/1.3 Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. | 7.5 |
2005-06-09 | CVE-2005-1946 | SQL-Injection vulnerability in Invision Community Blog 1.0/1.1 Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. | 7.5 |
2005-06-09 | CVE-2005-1945 | Cross-Site Scripting vulnerability in Invision Community Blog 1.0/1.1 Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. network invision-power-services | 4.3 |