Skip to main content

Invision Power Board CVE-2015-6812

HIGH
Resource Management Errors (CWE-399)
2015-09-04 cve@mitre.org
7.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
C

Lifecycle Timeline

1
CVE Published
Sep 04, 2015 - 17:59 cve.org
HIGH 7.8

DescriptionCVE.org

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.

AnalysisAI

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-399. Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. Affected products include: Invisioncommunity Invision Power Board. Version information: before 4.0.12.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-5692 CRITICAL POC
10.0 Oct 31

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3

CVE-2016-6174 HIGH POC
8.1 Jul 12

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Bo

CVE-2017-8898 CRITICAL POC
9.8 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privile

CVE-2017-8899 HIGH POC
8.1 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclos

CVE-2014-9239 HIGH POC
7.5 Dec 03

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (ak

CVE-2017-8897 MEDIUM POC
6.1 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter

CVE-2021-39249 MEDIUM POC
6.1 Aug 17

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of up

CVE-2019-8278 MEDIUM POC
6.1 Mar 02

Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. Rated medium severity (CVSS 6.

CVE-2021-39250 MEDIUM POC
5.4 Aug 17

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution

CVE-2015-6810 LOW POC
3.5 Sep 04

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB,

CVE-2016-2564 MEDIUM
5.9 Apr 23

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid func

CVE-2014-3149 MEDIUM
4.3 Jul 03

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4

Share

CVE-2015-6812 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy