Search criteria

12 vulnerabilities found for invision_power_board by invisionpower

FKIE_CVE-2015-6810

Vulnerability from fkie_nvd - Published: 2015-09-04 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
References
cve@mitre.orghttps://community.invisionpower.com/release-notes/40121-r22/Vendor Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/37989/Exploit
af854a3a-2127-422b-91ae-364da2661108https://community.invisionpower.com/release-notes/40121-r22/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37989/Exploit
Impacted products
Vendor Product Version
invisionpower invision_power_board 4.0.0
invisionpower invision_power_board 4.0.1
invisionpower invision_power_board 4.0.2
invisionpower invision_power_board 4.0.3
invisionpower invision_power_board 4.0.4
invisionpower invision_power_board 4.0.5.1
invisionpower invision_power_board 4.0.6.1
invisionpower invision_power_board 4.0.7
invisionpower invision_power_board 4.0.8
invisionpower invision_power_board 4.0.8.1
invisionpower invision_power_board 4.0.9.2
invisionpower invision_power_board 4.0.10.2
invisionpower invision_power_board 4.0.11
invisionpower invision_power_board 4.0.12
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC9976C-50BC-42D5-A29C-F8D9A242FEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBDF76B0-0DA8-4A00-B319-8C0AAFE3997A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD7C3F7-FB78-49B2-9569-0994168348F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F605B7-0840-445A-9D9B-7A31F3BBE015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E907E62-8F84-4696-9211-68CFCD33ABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24EECA2-2B2C-4E4F-8D98-A14CEEA55AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7655C20B-4483-43D0-956F-7426FDDDAF2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5A96CB-34D0-46B6-8E1E-F7F17091BCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B399679-181B-4305-9256-CCF32E93ADE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEC8363-7FF1-4BB2-9BFB-07319391E511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "272661E2-353B-42D9-A649-42C1D8B5159C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA019FF-A917-473B-9EB6-349CA512173D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "30483016-BB5F-4101-92AB-B26AA2A65596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0D11EAA-35B1-4944-9982-087A1EB88710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Invision Power Services IPS Community Suite (tambi\u00e9n conocido como Invision Power Board, IPB o Power Board) 4.x en versiones anteriores a 4.0.12.1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro del vector event_location[address] a calendar/submit/"
    }
  ],
  "id": "CVE-2015-6810",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-09-04T15:59:08.273",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.invisionpower.com/release-notes/40121-r22/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.exploit-db.com/exploits/37989/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.invisionpower.com/release-notes/40121-r22/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.exploit-db.com/exploits/37989/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-9239

Vulnerability from fkie_nvd - Published: 2014-12-03 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
References
cve@mitre.orghttp://community.invisionpower.com/blogs/entry/9704-active-security-exploit/Exploit, Patch
cve@mitre.orghttp://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/Patch
cve@mitre.orghttp://seclists.org/fulldisclosure/2014/Nov/20
af854a3a-2127-422b-91ae-364da2661108http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2014/Nov/20
Impacted products
Vendor Product Version
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.1
invisioncommunity invision_power_board 3.3.2
invisioncommunity invision_power_board 3.3.3
invisioncommunity invision_power_board 3.3.4
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.1
invisioncommunity invision_power_board 3.4.2
invisioncommunity invision_power_board 3.4.3
invisioncommunity invision_power_board 3.4.4
invisioncommunity invision_power_board 3.4.5
invisioncommunity invision_power_board 3.4.6
invisionpower invision_power_board 3.4.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99FFCEE5-2A51-4D4A-A04E-74DA1A9EA7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "784BFFC7-C237-47ED-AAE2-E6380427473A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "1F58948C-552A-404B-94FE-D80869593E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6008A365-6856-4A7D-AD7C-8614B5BEEE18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C4F1DDBB-5896-4026-8EBF-4934F13576D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "AEE3DB7A-530E-48D9-BA57-BFB524A203F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "6BDB1057-2279-4CC3-8CFB-69B10F772440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE613CF-1CEA-4B3E-9906-DD3B8C7CBCF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D0EFE0-6468-4EBB-9AF6-A84B57531ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CAB4DC-6817-4BB8-8665-B06861D67B4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F22F32-1FDB-469D-9478-49EBBDCB97B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A777CF4-9BCE-49D4-9248-6BAA1966B1DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "55C99849-81C5-45A5-B3B8-0BFF62BF19C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "83C25B54-AE40-4E6C-8969-6EFAD0C75604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E81E98C8-E959-4E48-8BC1-118EF2CE7AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "AD21C54B-0118-4CD6-B0BF-5CBB31BC4BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "2DBFC487-CADD-4410-8817-FD58DED0E5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "FBA34B41-7997-4A52-8D78-E0BFD798C4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73D08920-9F21-442A-BCE3-282EB724ED16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C8719C2-4F1C-43A2-9476-AABE1E30E32C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9743ACA1-6623-4A88-85E1-BBB51906D1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "45415FB5-9CC7-4144-ACEE-E5DFB13AC6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "571CA374-11A2-44A9-B007-3F3D4247884A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D8713-B5BA-43C2-BC46-02A2CD3950CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "146F423D-D5A6-475F-9B82-3F70FAF03F30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el servicio IPS Connect (interface/ipsconnect/ipsconnect.php) en Invision Power Board (tambi\u00e9n conocido como IPB o IP.Board) 3.3.x y 3.4.x hasta 3.4.7 anterior a 20141114 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro id[]."
    }
  ],
  "id": "CVE-2014-9239",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-03T21:59:08.963",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-5692

Vulnerability from fkie_nvd - Published: 2012-10-31 10:50 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
References
cve@mitre.orghttp://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/51104Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/56288
af854a3a-2127-422b-91ae-364da2661108http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51104Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56288
Impacted products
Vendor Product Version
invisioncommunity invision_power_board 3.1.2
invisioncommunity invision_power_board 3.3.0
invisionpower invision_power_board 3.1.0
invisionpower invision_power_board 3.1.1
invisionpower invision_power_board 3.1.3
invisionpower invision_power_board 3.1.4
invisionpower invision_power_board 3.2.0
invisionpower invision_power_board 3.2.1
invisionpower invision_power_board 3.2.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4BBA21-CF90-4436-92F7-07D2254A5E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99FFCEE5-2A51-4D4A-A04E-74DA1A9EA7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD8FD32-9EE5-49E7-A322-EE30ABF51880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB6D987-906E-4593-B054-6AF3FC2B4F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB16D2F4-C188-41DC-AC4C-9EC7AE00E27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94EB139-3EEB-4EFA-94A2-D9C3C2159F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7268AFC-DC6D-4A24-8384-E08AC91668D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2DA35C-2B52-49DD-B6D2-3CB9F1E92EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7602AF-F56E-40C3-B5DE-4029F6AD19E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no espec\u00edfica en admin/sources/base/core.php en Invision Power Board (tambi\u00e9n conocido como IPB o IP.Board) v3.1.x hasta v3.3.x tiene un impacto y vectores de ataque desconocidos."
    }
  ],
  "id": "CVE-2012-5692",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-31T10:50:32.560",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51104"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/56288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56288"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-0633

Vulnerability from fkie_nvd - Published: 2006-02-10 11:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
References
cve@mitre.orghttp://forums.invisionpower.com/lofiversion/index.php/t200085.html
cve@mitre.orghttp://www.r-security.net/tutorials/view/readtutorial.php?id=4Patch
af854a3a-2127-422b-91ae-364da2661108http://forums.invisionpower.com/lofiversion/index.php/t200085.html
af854a3a-2127-422b-91ae-364da2661108http://www.r-security.net/tutorials/view/readtutorial.php?id=4Patch
Impacted products
Vendor Product Version
invisionpower invision_power_board 2.1.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C99FFB-7A97-4F26-97BA-3B3593B7AE01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
    }
  ],
  "id": "CVE-2006-0633",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-02-10T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-6810 (GCVE-0-2015-6810)

Vulnerability from cvelistv5 – Published: 2015-09-04 15:00 – Updated: 2024-09-17 04:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37989",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37989/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.invisionpower.com/release-notes/40121-r22/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-09-04T15:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37989",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37989/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.invisionpower.com/release-notes/40121-r22/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37989",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37989/"
            },
            {
              "name": "https://community.invisionpower.com/release-notes/40121-r22/",
              "refsource": "CONFIRM",
              "url": "https://community.invisionpower.com/release-notes/40121-r22/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6810",
    "datePublished": "2015-09-04T15:00:00Z",
    "dateReserved": "2015-09-04T00:00:00Z",
    "dateUpdated": "2024-09-17T04:18:50.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9239 (GCVE-0-2014-9239)

Vulnerability from cvelistv5 – Published: 2014-12-03 21:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:25.157Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
          },
          {
            "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-03T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
        },
        {
          "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
            },
            {
              "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
            },
            {
              "name": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9239",
    "datePublished": "2014-12-03T21:00:00Z",
    "dateReserved": "2014-12-03T00:00:00Z",
    "dateUpdated": "2024-09-16T17:38:45.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5692 (GCVE-0-2012-5692)

Vulnerability from cvelistv5 – Published: 2012-10-31 10:00 – Updated: 2024-09-16 18:49
VLAI?
Summary
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://community.invisionpower.com/topic/371625-i… x_refsource_CONFIRM
http://secunia.com/advisories/51104 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/56288 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
          },
          {
            "name": "51104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51104"
          },
          {
            "name": "56288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56288"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
        },
        {
          "name": "51104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51104"
        },
        {
          "name": "56288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56288"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
            },
            {
              "name": "51104",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51104"
            },
            {
              "name": "56288",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56288"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5692",
    "datePublished": "2012-10-31T10:00:00Z",
    "dateReserved": "2012-10-29T00:00:00Z",
    "dateUpdated": "2024-09-16T18:49:53.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0633 (GCVE-0-2006-0633)

Vulnerability from cvelistv5 – Published: 2006-02-10 11:00 – Updated: 2024-09-16 19:39
VLAI?
Summary
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:28.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-02-10T11:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html",
              "refsource": "MISC",
              "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
            },
            {
              "name": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4",
              "refsource": "MISC",
              "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0633",
    "datePublished": "2006-02-10T11:00:00Z",
    "dateReserved": "2006-02-10T00:00:00Z",
    "dateUpdated": "2024-09-16T19:39:59.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6810 (GCVE-0-2015-6810)

Vulnerability from nvd – Published: 2015-09-04 15:00 – Updated: 2024-09-17 04:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37989",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37989/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.invisionpower.com/release-notes/40121-r22/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-09-04T15:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37989",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37989/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.invisionpower.com/release-notes/40121-r22/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37989",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37989/"
            },
            {
              "name": "https://community.invisionpower.com/release-notes/40121-r22/",
              "refsource": "CONFIRM",
              "url": "https://community.invisionpower.com/release-notes/40121-r22/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6810",
    "datePublished": "2015-09-04T15:00:00Z",
    "dateReserved": "2015-09-04T00:00:00Z",
    "dateUpdated": "2024-09-17T04:18:50.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9239 (GCVE-0-2014-9239)

Vulnerability from nvd – Published: 2014-12-03 21:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:25.157Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
          },
          {
            "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-03T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
        },
        {
          "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
            },
            {
              "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
            },
            {
              "name": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9239",
    "datePublished": "2014-12-03T21:00:00Z",
    "dateReserved": "2014-12-03T00:00:00Z",
    "dateUpdated": "2024-09-16T17:38:45.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5692 (GCVE-0-2012-5692)

Vulnerability from nvd – Published: 2012-10-31 10:00 – Updated: 2024-09-16 18:49
VLAI?
Summary
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://community.invisionpower.com/topic/371625-i… x_refsource_CONFIRM
http://secunia.com/advisories/51104 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/56288 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
          },
          {
            "name": "51104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51104"
          },
          {
            "name": "56288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56288"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
        },
        {
          "name": "51104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51104"
        },
        {
          "name": "56288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56288"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
            },
            {
              "name": "51104",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51104"
            },
            {
              "name": "56288",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56288"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5692",
    "datePublished": "2012-10-31T10:00:00Z",
    "dateReserved": "2012-10-29T00:00:00Z",
    "dateUpdated": "2024-09-16T18:49:53.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0633 (GCVE-0-2006-0633)

Vulnerability from nvd – Published: 2006-02-10 11:00 – Updated: 2024-09-16 19:39
VLAI?
Summary
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:28.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-02-10T11:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html",
              "refsource": "MISC",
              "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
            },
            {
              "name": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4",
              "refsource": "MISC",
              "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0633",
    "datePublished": "2006-02-10T11:00:00Z",
    "dateReserved": "2006-02-10T00:00:00Z",
    "dateUpdated": "2024-09-16T19:39:59.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}