ID CVE-2006-2319
Summary Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.
References
Vulnerable Configurations
  • cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.2a:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.2b:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.2c:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.2c:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.3_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.3_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.3_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.3_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.3a:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.3b:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.3b:*:*:*:*:*:*:*
  • cpe:2.3:a:ideal_science:idealbb:1.5.4a:*:*:*:*:*:*:*
    cpe:2.3:a:ideal_science:idealbb:1.5.4a:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2018 - 16:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 17920
bugtraq 20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board
fulldisc 20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board
misc http://www.idealscience.com/ibb/posts.aspx?postID=24415
osvdb 25456
secunia 20035
sreason 871
vupen ADV-2006-1729
xf idealbb-asp-file-upload(26353)
Last major update 18-10-2018 - 16:39
Published 12-05-2006 - 00:02
Last modified 18-10-2018 - 16:39
Back to Top