CVE-2006-0910 Information

Description

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories including (1) sources/loginauth/convert/ (2) sources/portal_plugins/ (3) cache/skin_cache/cacheid_2/ (4) ips_kernel/PEAR/ (5) ips_kernel/PEAR/Text/ (6) ips_kernel/PEAR/Text/Diff/ (7) ips_kernel/PEAR/Text/Diff/Renderer/ (8) style_images/1/folder_rte_files/ (9) style_images/1/folder_js_skin/ (10) style_images/1/folder_rte_images/ and (11) upgrade/ and its subdirectories.

Reference

http://neosecurityteam.net/advisories/Advisory-16.txt http://neosecurityteam.net/index.php?action=advisories&id=16 http://www.securityfocus.com/archive/1/425713/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24840