233 matches found
CVE-2006-2320
CVE-2006-2320 affects IdealBB (Ideal Science) 1.5.4a and earlier. The vulnerability is described as multiple SQL injection flaws enabling remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. The public details do not specify exact ...
CVE-2006-2318
CVE-2006-2318 affects Ideal Science Ideal BB versions up to 1.5.4a. The flaw is an incomplete blacklist that allows a remote attacker to upload and execute an ASP script by uploading a ".asa" file, bypassing the ".asp" extension check but executable on the server. The NVD entry cites a CVSSv2 bas...
CVE-2006-2319
CVE-2006-2319 affects Ideal Science Ideal BB 1.5.4a and earlier. The vulnerability arises from improper validation of file extensions before upload, allowing a remote attacker to insert a 0x00 character before the ".asp" portion of a filename to upload and execute an ASP script on the server. The...
CVE-2006-2321
Multiple cross-site scripting XSS vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207...
CVE-2006-2317
CVE-2006-2317 pertains to IdealBB 1.5.4a and earlier. The vulnerability arises from the OpenTextFile usage in Scripting.FileSystemObject, allowing remote attackers to read arbitrary files under the web root via unspecified attack vectors. The NVD notes the impact as partial confidentiality with n...
CVE-2006-2317
Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject...
CVE-2006-2319
Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename...
CVE-2005-2886
Multiple cross-site scripting XSS vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via 1 the print parameter to the print module, the sitename parameter to 2 bbsmilies or 3 bbcoderef module, or 4 the hlpfile...
CVE-2005-1592
CVE-2005-1592 affects BirdBlog versions before 1.3.1, where multiple javascript vulnerabilities in BBCode allow remote attackers to inject arbitrary JavaScript. The issue is documented across multiple feeds (NVD/Red Hat/CVE) with the same description. No exploit details are provided in the connec...
XSS in the nested BB tag in many forum
XSS was found in the nested BB tag in many forum: Invision Power Board: COLOR=IMGhttp://aaa.aa/=aaa.jpg/IMG style=background:urljavascript:alert /COLOR vBulletin EMAIL=URL=s [email protected]:[email protected] sssssss/URL/EMAIL style=background:urljavaSCrip t:alert/HifromAlgol/ using tab between...
[SA12835] Ideal BB Multiple Unspecified Vulnerabilities
TITLE: Ideal BB Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA12835 VERIFY ADVISORY: http://secunia.com/advisories/12835/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Ideal BB 1.x http://secunia.com/product/1966/...
CVE-1999-1462
The CVE-1999-1462 issue affects the Big Brother bb-hist.sh History module, specifically in Big Brother 1.09b and 1.09c. The vulnerability is a directory traversal flaw exposed through the HISTFILE parameter of the bb-hist.sh CGI, allowing a remote attacker to read arbitrary files on the affected ...
CVE-2000-1177
CVE-2000-1177 affects Big Brother (BB) prior to 1.5d3, where several scripts (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, bb-ack.sh) allow remote attackers to determine whether files exist and deduce user IDs by passing a target filename in HISTFILE. The entry bases impact ...