VYPR
Vendor

Board Power

Products
4
CVEs
20
Across products
20
Status
Private

Products

4

Recent CVEs

20
  • CVE-2014-4928HigMar 20, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.

  • CVE-2012-2226Jan 9, 2020
    risk 0.04cvss epss 0.07

    Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.

  • CVE-2004-1441Dec 31, 2004
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.

  • CVE-2007-5688Oct 29, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.

  • CVE-2006-3543Jul 13, 2006
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php;…

  • CVE-2005-2542Aug 10, 2005
    risk 0.03cvss epss 0.02

    Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.

  • CVE-2005-0886May 2, 2005
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.

  • CVE-2003-1385Dec 31, 2003
    risk 0.03cvss epss 0.04

    ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

  • CVE-2008-4171Sep 22, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2008-1359Mar 17, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.

  • CVE-2008-0913Feb 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.

  • CVE-2007-4914Sep 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)…

  • CVE-2007-4912Sep 17, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other…

  • CVE-2007-4487Aug 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2006-7064Feb 24, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

  • CVE-2006-5203Oct 10, 2006
    risk 0.00cvss epss 0.01

    Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage…

  • CVE-2006-3544Jul 13, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At…

  • CVE-2006-0909Feb 28, 2006
    risk 0.00cvss epss 0.01

    Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2)…

  • CVE-2005-3548Nov 16, 2005
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field.

  • CVE-2005-1816Jun 1, 2005
    risk 0.00cvss epss 0.01

    Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen.