124 matches found
CVE-2008-0913
Invision Power Board (IPB/IP.Board) version 2.3.4 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. The issue is documented across multiple sources (e.g., NVD and Red Hat CVE) with...
INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT
---- INVISION POWER BOARD 2.1.7 EXPLOIT ... ITDefence.ru Antichat.ru INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION Eugene Minaev [email protected] / / . / /// // / / // / / / /// / / / / / // / / / / / / / / / / / / / / / / / // / / / / // / // / / / // 2007 //// // // // // / . -...
CVE-2007-5688
CVE-2007-5688: Multiple SQL injection vulnerabilities in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3 for phpBB/IPB, in directory.php, allow remote attackers to execute arbitrary SQL via the (1) go and (2) cat parameters. Affected software is the Multi-Forums module version 1.3.3; roo...
mhfp-sql.txt
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Multi Host...
CVE-2007-4912
CVE-2007-4912 describes a cross-site scripting (XSS) vulnerability in IPB/IP.Board, specifically in ips_kernel/class_ajax.php, affecting version 2.3.1 up to 20070912. The vulnerability allows remote attackers to inject arbitrary script/HTML into user profile fields via unspecified vectors related...
CVE-2007-4913
CVE-2007-4913 concerns Invision Power Board (IPB/IP.Board) 2.3.1 up to 20070912. The vulnerability lies in ips_kernel/class_upload.php, where remote attackers can upload arbitrary script files using crafted image filenames to the uploads/ directory. The uploaded files are saved with a .txt extens...
CVE-2007-4487
Technical details about CVE-2007-4487 are not publicly available in the provided documents; monitor for updates. The data here only reiterates a generic XSS vulnerability in D22-Shoutbox for IPB.
Code injection
Unspecified vulnerability in sources/actionpublic/xmlout.php in Invision Power Board IPB or IP.Board 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity...
CVE-2007-3219
CVE-2007-3219 affects Invision Power Board (IPB/IP.Board) versions 2.2.0–2.2.2. The vulnerability is in sources/action_public/xmlout.php and is described as an unspecified issue that allows remote attackers to modify another user’s profile data (e.g., AIM screen name, Yahoo! identity). Documented...
CVE-2007-2963
CVE-2007-2963 describes multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB/IP.Board) 2.2.2 and possibly earlier. The issues allow remote attackers to inject arbitrary web script or HTML via specific vectors in the web UI: (1) module_bbcodeloader.php, (2) module_div.p...
IPB (Invision Power Board) Full Path Disclusure
Hello IPB Invision Power Board Full Path Disclusure Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on 2.1.X and 2.2.X Maybe Infected ipskernel/PEAR/Text/Diff3.php ipskernel/PEAR/Text/Diff/Renderer/unified.php...
CVE-2006-7071
CVE-2006-7071 is an SQL injection vulnerability affecting Invision Power Board (IPB) versions 2.1 up to 2.1.6. The flaw resides in the code path for Class_session.php (CLIENT_IP parameter) where user-supplied input is used in database queries, enabling remote attackers to execute arbitrary SQL co...
ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net
ipb search.php vulnerability analysis and thinking A vulnerability model may unearth a batch of vulnerabilities Idea is the most important pregreplace+/e Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerabilit...
[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability
Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows a...
CVE-2006-5203
CVE-2006-5203 affects Invision Power Board (IPB) 2.1.7 and earlier . A remote attacker with restricted admin rights can cause arbitrary web script/HTML or SQL commands to execute by supplying a crafted image containing PHP code in a forum description. The exploit triggers when a user visits the M...
CVE-2006-5204
The CVE-2006-5204 issue affects Invision Power Board (IPB) 2.1.7 and earlier, where a cross-site scripting (XSS) flaw in action_admin/member.php can be triggered via the avatar setting. This enables remote authenticated users to inject arbitrary script/HTML, and the description also notes a poten...
Invision Power Board Multiple Vulnerabilities
Invision Power Board Multiple Vulnerabilities Affects: IPB =2.1.7 Risk: High An attack exists where an admin can be redirected and forced to execute SQL commands through IPB's SQL Toolbox. The following requirements must be met for this attack to take place: - The database table prefix must be...
Invision Gallery <= 2.0.7 ReadFile() & SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ Invision Gallery 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 readfile 2 // try it if readfile1 failed ; -...
Invision Gallery 2.0.7 - 'readfile()' / SQL Injection
/ | || || | | |/ / | || | | / - | | ' 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 readfile 2 // try it if readfile1 failed ; - params: - path to local file ../file, for example: ../../../../../etc/passwd s0, if u want to get...
Invision Gallery 2.0.7 - readfile() SQL Injection
Invision Gallery 2.0.7 - readfile SQL Injection / | || || | | |/ / | || | | / - | | ' 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 readfile 2 // try it if readfile1 failed ; - params: - path to local file ../file, for example:...