26 matches found
EUVD-2002-1136
Malware in sbrugna...
EUVD-2004-0338
Malware in sbrugna...
EUVD-2003-1444
Malware in sbrugna...
VulnCheck KEV: CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings...
Invision Board 1.1.1 ipchat.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote use...
Invision Board 1.1.1 functions.php SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be able to exploit...
CVE-2003-1454
Affected software: Invision Board 1.0–1.1.1. Vulnerability: when a forum is password protected, the administrator password is stored in plaintext in a cookie, risking unauthorized access. Impact: potential remote access by attackers due to cookie exposure. Root cause: insecure handling of session...
IPB <= 2.1.5 SQL inj. vuln.
IPB = 2.1.5 SQL inj. vuln. Vuln. discovered by : r0t Date: 19 april 2006 vendorlink:http://www.invisionboard.com/ affected versions:2.1.5 and previous orginal advisory: http://pridels.blogspot.com/2006/04/ipb-215-sql-inj-vuln.html Vuln. Description: IPB contains a flaw that allows a remote sql...
Invision Power Services Invision Board 2.0.4 - Members Action Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Invision Board < 2.0.5 Privilege Escalation / SQL Injection
Binary data 2942.prm...
Invision Board Multiple XSS and SQL Injection
Binary data 2879.prm...
invision131sql.txt
This is a multi-part message in MIME format. ------=NextPart000000501C53EE6.43632B60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://www.digitalparadox.org/services.ah Hs...
Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://www.digitalparadox.org/services.ah Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Severity: Medium Title: Invision board 1.3.1 and below are vulnerable to a sql injection...
[Full-disclosure] Invision Iframe Bug
Hi, I've found a bug in Invision Board, it let's you send private messages around, change people their signature, avatar, etc. If the administrator doesn't filter all the html tags on a forum or just forgets, which is often the case you can add an invisible iframe to your post. Now if you just...
CVE-2004-0338
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter...
CVE-2004-0338
The CVE-2004-0338 affects Invision Board Forum's search.php; a SQL injection via the st parameter allows remote arbitrary queries. The connected sources (NVD, CVE records, CVEList) confirm the vulnerability but do not provide exploit code or active exploitation status in these documents. No remed...
CVE-2004-0338
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter...
CVE-2003-1454
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access...
Invision Board spoof and defacement
-INTRO- All versions of Invisions Board have a flaw in their input filtering that allows an attacker to completely mess up Invision's display and in one case I managed to change the URL of some of the forums links, which could be used to refer users to fake login sites to collect passwords etc...
Invision Board 1.1.1 - 'functions.php' SQL Injection
source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be able to exploit this vulnerability by manipulating...