VYPR

Vendor CVEs

Invision Power Services

All CVEs

119 total · sorted by risk
  • CVE-2021-40604Jun 13, 2022
    risk 0.00cvss epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by…

  • CVE-2021-39249Aug 17, 2021
    risk 0.00cvss epss 0.01

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

  • CVE-2021-39250Aug 17, 2021
    risk 0.00cvss epss 0.01

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an…

  • CVE-2021-32924Jun 1, 2021
    risk 0.00cvss epss 0.20

    Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.

  • CVE-2021-25379Apr 9, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.

  • CVE-2021-3025Jan 8, 2021
    risk 0.00cvss epss 0.01

    Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).

  • CVE-2021-3026Jan 5, 2021
    risk 0.00cvss epss 0.01

    Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.

  • CVE-2016-11045Apr 7, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).

  • CVE-2019-20593Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

  • CVE-2019-20623Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).

  • CVE-2019-20616Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).

  • CVE-2019-20579Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).

  • CVE-2019-20559Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).

  • CVE-2019-20555Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019).

  • CVE-2020-10853Mar 24, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020).

  • CVE-2009-5159Mar 13, 2020
    risk 0.00cvss epss 0.03

    Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

  • CVE-2013-3725Feb 12, 2020
    risk 0.00cvss epss 0.02

    Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

  • CVE-2019-10627Nov 21, 2019
    risk 0.00cvss epss 0.01

    Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF…

  • CVE-2019-8278Mar 2, 2019
    risk 0.00cvss epss 0.02

    Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.

  • CVE-2015-6812Sep 4, 2015
    risk 0.00cvss epss 0.01

    Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.

  • CVE-2014-9239Dec 3, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.

  • CVE-2014-5106Jul 28, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

  • CVE-2014-3149Jul 3, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or…

  • CVE-2010-3424Sep 16, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3974Nov 18, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter…

  • CVE-2008-4171Sep 22, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2008-1359Mar 17, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.

  • CVE-2008-0913Feb 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.

  • CVE-2007-4914Sep 17, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)…

  • CVE-2007-4913Sep 17, 2007
    risk 0.00cvss epss 0.01

    ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are…

  • CVE-2007-4912Sep 17, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other…

  • CVE-2007-3219Jun 14, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.

  • CVE-2007-2963May 31, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4)…

  • CVE-2007-2349Apr 30, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.

  • CVE-2006-7064Feb 24, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

  • CVE-2006-6370Dec 7, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in…

  • CVE-2006-5204Oct 10, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site…

  • CVE-2006-5203Oct 10, 2006
    risk 0.00cvss epss 0.01

    Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage…

  • CVE-2006-4155Aug 16, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."

  • CVE-2006-3544Jul 13, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At…

  • CVE-2006-3197Jun 23, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.

  • CVE-2006-2498May 20, 2006
    risk 0.00cvss epss 0.02

    Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.

  • CVE-2006-2251May 9, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.

  • CVE-2006-2204May 5, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check…

  • CVE-2006-2202May 4, 2006
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.

  • CVE-2006-2060Apr 26, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by…

  • CVE-2006-1369Mar 23, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.

  • CVE-2006-1288Mar 19, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3)…

  • CVE-2006-1287Mar 19, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.

  • CVE-2006-1267Mar 19, 2006
    risk 0.00cvss epss 0.01

    Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.