cbcvebase.
CVE-2006-0910
published 2006-02-28

CVE-2006-0910: Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1)…

PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.34%
67.7th percentile
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.

Affected

15 ranges
VendorProductVersion rangeFixed in
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
invision_power_servicesinvision_power_board
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.