33 matches found
EUVD-2006-2321
Malware in sbrugna...
EUVD-2004-2199
Malware in sbrugna...
EUVD-2006-2318
Malware in sbrugna...
EUVD-2004-2200
Malware in sbrugna...
EUVD-2004-2201
Malware in sbrugna...
EUVD-2006-2320
Malware in sbrugna...
CVE-2004-2207
Cross-site scripting XSS vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Sql injection
Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps...
CVE-2006-2320
Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps...
CVE-2006-2318
Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server...
CVE-2006-2319
Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename...
CVE-2006-2321
Multiple cross-site scripting XSS vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207...
CVE-2006-2317
Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject...
Design/Logic Flaw
Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject...
CVE-2006-2319
Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename...
CVE-2006-2317
CVE-2006-2317 pertains to IdealBB 1.5.4a and earlier. The vulnerability arises from the OpenTextFile usage in Scripting.FileSystemObject, allowing remote attackers to read arbitrary files under the web root via unspecified attack vectors. The NVD notes the impact as partial confidentiality with n...
CVE-2006-2318
Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server...
CVE-2006-2318
CVE-2006-2318 affects Ideal Science Ideal BB versions up to 1.5.4a. The flaw is an incomplete blacklist that allows a remote attacker to upload and execute an ASP script by uploading a ".asa" file, bypassing the ".asp" extension check but executable on the server. The NVD entry cites a CVSSv2 bas...
CVE-2006-2320
CVE-2006-2320 affects IdealBB (Ideal Science) 1.5.4a and earlier. The vulnerability is described as multiple SQL injection flaws enabling remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. The public details do not specify exact ...