Vulnerabilities > Invisionpower

DATE CVE VULNERABILITY TITLE RISK
2012-10-31 CVE-2012-5692 Unspecified vulnerability in Invisionpower Invision Power Board
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
network
low complexity
invisionpower
critical
10.0
2010-09-24 CVE-2010-3601 SQL Injection vulnerability in Invisionpower Ibphotohost 1.1.2
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
network
low complexity
invisionpower CWE-89
7.5
2010-09-16 CVE-2010-3424 Cross-Site Scripting vulnerability in Invisioncommunity Invision Power Board 3.1.2
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2009-11-18 CVE-2009-3974 SQL Injection vulnerability in Invisioncommunity Invision Power Board 3.0.0/3.0.1/3.0.2
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php.
network
low complexity
invisionpower CWE-89
7.5
2006-02-10 CVE-2006-0633 Improper Authentication vulnerability in Invisionpower Invision Power Board 2.1.4
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
network
low complexity
invisionpower CWE-287
6.4