Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1267


Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1267
Last Modified 05 Sep 2008 05:01:28
Published 18 Mar 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.

Vulnerable Systems


  • Invision Power Services Invision Power Board 2.1.4


BUGTRAQ - 20060314 Invision Power Board v2.1.4 - session hijacking

BUGTRAQ - 20060316 Re: Invision Power Board v2.1.4 - session hijacking

Last Updated: 27 May 2016 10:42:00