Vulnerabilities > Invisioncommunity > Invision Power Board

DATE CVE VULNERABILITY TITLE RISK
2017-04-23 CVE-2016-2564 Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag.
network
high complexity
invisioncommunity CWE-331
5.9
5.9
2016-07-12 CVE-2016-6174 PHP Code Injection vulnerability in IPS Community Suite
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter. 		6.8
6.8
2015-09-04 CVE-2015-6812 Resource Management Errors vulnerability in Invisioncommunity Invision Power Board
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.
network
low complexity
invisionpower invisioncommunity CWE-399
7.8
7.8
2014-12-03 CVE-2014-9239 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
network
low complexity
invisionpower invisioncommunity CWE-89
7.5
7.5
2014-07-28 CVE-2014-5106 Cross-Site Scripting vulnerability in Invisioncommunity Invision Power Board
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. 		4.3
4.3
2014-07-03 CVE-2014-3149 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 		4.3
4.3