CVE-2006-0910 : Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list dir

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.

Published 2006-02-28 11:02:00

Updated 2018-10-18 16:29:42

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2006-0910

Invision Power Services » Invision Power Board » Version: 2.0.0
cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.0.3
cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.0.1
cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1.3
cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1.4
cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1.1
cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1.2
cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1 Rc1
cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.0.2
cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1 Beta2
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1 Beta3
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.0.4
cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1.0
cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1 Beta4
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*
Matching versions
Invision Power Services » Invision Power Board » Version: 2.1 Beta5
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-0910

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0910

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2006-0910

Jump to

Vulnerability Details : CVE-2006-0910

Products affected by CVE-2006-0910

Exploit prediction scoring system (EPSS) score for CVE-2006-0910

CVSS scores for CVE-2006-0910

References for CVE-2006-0910