CVE Vulnerabilities

CVE-2006-0910

Published: Feb 28, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.

Affected Software

Name Vendor Start Version End Version
Invision_power_board Invision_power_services 2.1_beta2 2.1_beta2
Invision_power_board Invision_power_services 2.0.4 2.0.4
Invision_power_board Invision_power_services 2.1_rc1 2.1_rc1
Invision_power_board Invision_power_services 2.1.1 2.1.1
Invision_power_board Invision_power_services 2.1.2 2.1.2
Invision_power_board Invision_power_services 2.1.3 2.1.3
Invision_power_board Invision_power_services 2.1_beta5 2.1_beta5
Invision_power_board Invision_power_services 2.1.0 2.1.0
Invision_power_board Invision_power_services 2.0.0 2.0.0
Invision_power_board Invision_power_services 2.0.3 2.0.3
Invision_power_board Invision_power_services 2.1_beta4 2.1_beta4
Invision_power_board Invision_power_services 2.1_beta3 2.1_beta3
Invision_power_board Invision_power_services 2.1.4 2.1.4
Invision_power_board Invision_power_services 2.0.2 2.0.2
Invision_power_board Invision_power_services 2.0.1 2.0.1

References