MidnightBSD

Advisories for invisionpower

CVE-2006-0633 MEDIUM

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
invisionpower invision_power_board 2.1.4
CVE-2010-3601 HIGH

SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
invisionpower ibphotohost 1.1.2
CVE-2012-5692 HIGH

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
invisioncommunity invision_power_board 3.1.2
invisionpower invision_power_board 3.2.0
invisionpower invision_power_board 3.1.3
invisionpower invision_power_board 3.1.0
invisionpower invision_power_board 3.1.4
invisionpower invision_power_board 3.2.1
invisionpower invision_power_board 3.1.1
invisioncommunity invision_power_board 3.3.0
invisionpower invision_power_board 3.2.2
CVE-2014-3149 MEDIUM

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
invisionpower ip.nexus 1.5.2
invisioncommunity invision_power_board 3.4.1
invisionpower ip.nexus 1.5.6
invisioncommunity invision_power_board 3.3.2
invisioncommunity invision_power_board 3.4.4
invisionpower ip.nexus 1.5.3
invisionpower ip.nexus 1.5.9
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.4.5
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.2
invisionpower ip.nexus 1.5.7
invisionpower ip.nexus 1.5.0
invisioncommunity invision_power_board 3.4.3
invisioncommunity invision_power_board 3.3.1
invisioncommunity invision_power_board 3.3.4
invisionpower ip.nexus 1.5.5
invisioncommunity invision_power_board 3.3.3
invisionpower ip.nexus 1.5.1
invisionpower ip.nexus 1.5.4
invisioncommunity invision_power_board 3.4.6
invisionpower ip.nexus 1.5.8
CVE-2014-9239 HIGH

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
invisioncommunity invision_power_board 3.4.1
invisioncommunity invision_power_board 3.3.2
invisioncommunity invision_power_board 3.4.4
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.4.5
invisioncommunity invision_power_board 3.4.0
invisionpower invision_power_board 3.4.7
invisioncommunity invision_power_board 3.4.2
invisioncommunity invision_power_board 3.4.3
invisioncommunity invision_power_board 3.3.1
invisioncommunity invision_power_board 3.3.4
invisioncommunity invision_power_board 3.3.3
invisioncommunity invision_power_board 3.4.6
CVE-2015-6810 LOW

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
invisionpower invision_power_board 4.0.6.1
invisionpower invision_power_board 4.0.11
invisionpower invision_power_board 4.0.12
invisionpower invision_power_board 4.0.1
invisionpower invision_power_board 4.0.9.2
invisionpower invision_power_board 4.0.2
invisionpower invision_power_board 4.0.3
invisionpower invision_power_board 4.0.8
invisionpower invision_power_board 4.0.4
invisionpower invision_power_board 4.0.5.1
invisionpower invision_power_board 4.0.8.1
invisionpower invision_power_board 4.0.7
invisionpower invision_power_board 4.0.10.2
invisionpower invision_power_board 4.0.0