Vulnerabilities > Invisionpower
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-10-31 | CVE-2012-5692 | Unspecified vulnerability in Invisionpower Invision Power Board Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. | 10.0 |
2010-09-24 | CVE-2010-3601 | SQL Injection vulnerability in Invisionpower Ibphotohost 1.1.2 SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
2010-09-16 | CVE-2010-3424 | Cross-Site Scripting vulnerability in Invisioncommunity Invision Power Board 3.1.2 Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-11-18 | CVE-2009-3974 | SQL Injection vulnerability in Invisioncommunity Invision Power Board 3.0.0/3.0.1/3.0.2 Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. | 7.5 |
2006-02-10 | CVE-2006-0633 | Improper Authentication vulnerability in Invisionpower Invision Power Board 2.1.4 The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | 6.4 |