Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2319

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2319
Last Modified 07 Mar 2011 09:35:57
Published 11 May 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2319

Summary

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

Vulnerable Systems

Application

  • Ideal Science Idealbb 1.5.0 Beta1

  • Ideal Science Idealbb 1.5.0 Beta2

  • Ideal Science Idealbb 1.5.0 Beta3

  • Ideal Science Idealbb 1.5.0 Beta4

  • Ideal Science Idealbb 1.5.0 Rc1

  • Ideal Science Idealbb 1.5.1

  • Ideal Science Idealbb 1.5.2

  • Ideal Science Idealbb 1.5.2a

  • Ideal Science Idealbb 1.5.2b

  • Ideal Science Idealbb 1.5.2c

  • Ideal Science Idealbb 1.5.3

  • Ideal Science Idealbb 1.5.3 Beta1

  • Ideal Science Idealbb 1.5.3 Beta2

  • Ideal Science Idealbb 1.5.3a

  • Ideal Science Idealbb 1.5.3b

  • Ideal Science Idealbb 1.5.4a


References

VUPEN - ADV-2006-1729

BID - 17920

BUGTRAQ - 20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board

MISC - http://www.idealscience.com/ibb/posts.aspx?postID=24415

XF - idealbb-asp-file-upload(26353)

OSVDB - 25456

SREASON - 871

SECUNIA - 20035


Last Updated: 27 May 2016 10:42:25