CVE-2008-6565
published 2009-03-31CVE-2008-6565: Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.45%
70.0th percentile
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| invision_power_services | invision_power_board | <= 2.3.1 | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
| invision_power_services | invision_power_board | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer Denial of Service (PoC)
exploitdb·2008-09-25
CVE-2008-5072 K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer Denial of Service (PoC)
K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer Denial of Service (PoC)
---
K-Lite Mega Codec Pack based Local Windows Explorer DOS PoC.
Version:3.5.7.0
"vsfilter.dll"(Version 1.0.1.4) that comes bundled with the above Codec Pack
crashes when we try to use,select or even highlight the
attached "Test7.flv" file in Windows Explorer,causing Explorer
to Crash.
Greetz fly out to:
1]LiquidWorm : For being so nice.....n guiding me.. :)
2]str0ke : For goin thru all my silly e-mails.
3]Amforked() : My mentor.
By: Aodrulez,
www.OrchidSeven.com,
aodrulez.blogspot.com.
Email: [email protected]
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6565.rar (2008-test7.rar)
# milw0rm.com [2008-09-25]
Exploit-DB
Invision Power Board 2.x - 'Signature' iFrame Security
exploitdb·2008-03-26
CVE-2008-6565 Invision Power Board 2.x - 'Signature' iFrame Security
Invision Power Board 2.x - 'Signature' iFrame Security
---
source: https://www.securityfocus.com/bid/28466/info
Invision Power Board (IP.Board) is prone to a security vulnerability that can aid attackers in social-engineering attacks.
Attacker-supplied script code could exploit vulnerabilities in the user's browser or give the user a false sense of security when visiting trusted web pages, which can aid in launching further attacks.
This issue affects IP.Board 2.3.1; other versions may also be affected.
HACKED BY YOUR-NAME
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/490115/100/0/threadedhttp://www.securityfocus.com/bid/28466https://exchange.xforce.ibmcloud.com/vulnerabilities/41502http://www.securityfocus.com/archive/1/490115/100/0/threadedhttp://www.securityfocus.com/bid/28466https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
2009-03-31
Published