8 matches found
CVE-2006-2319
CVE-2006-2319 affects Ideal Science Ideal BB 1.5.4a and earlier. The vulnerability arises from improper validation of file extensions before upload, allowing a remote attacker to insert a 0x00 character before the ".asp" portion of a filename to upload and execute an ASP script on the server. The...
CVE-2006-2321
CVE-2006-2321 documents multiple XSS vulnerabilities in IdealBB (Ideal Science) 1.5.4a and earlier. Attackers could inject arbitrary script/HTML via unknown vectors in the web application. A note flags potential overlap with CVE-2004-2207. Connected sources also reference older CVE-2004-2207 for ...
CVE-2004-2207
CVE-2004-2207 affects IdealBB, a web-based bulletin board, with a cross-site scripting (XSS) vulnerability reported in versions 1.4.9 through 1.5.3. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unknown vectors. The connected OpenVAS and CVE records corrobor...
CVE-2006-2318
CVE-2006-2318 affects Ideal Science Ideal BB versions up to 1.5.4a. The flaw is an incomplete blacklist that allows a remote attacker to upload and execute an ASP script by uploading a ".asa" file, bypassing the ".asp" extension check but executable on the server. The NVD entry cites a CVSSv2 bas...
CVE-2006-2320
CVE-2006-2320 affects IdealBB (Ideal Science) 1.5.4a and earlier. The vulnerability is described as multiple SQL injection flaws enabling remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. The public details do not specify exact ...
CVE-2004-2208
IdealBB (Ideal Science) web bulletin board versions 1.4.9–1.5.3 are affected by a CRLF injection vulnerability that enables HTTP response splitting. The CVE-2004-2208 entries across NVD, Red Hat, CVE listing, and OpenVAS describe this as a remote issue with unknown vectors, impacting integrity (I...
CVE-2006-2317
CVE-2006-2317 pertains to IdealBB 1.5.4a and earlier. The vulnerability arises from the OpenTextFile usage in Scripting.FileSystemObject, allowing remote attackers to read arbitrary files under the web root via unspecified attack vectors. The NVD notes the impact as partial confidentiality with n...
CVE-2004-2209
CVE-2004-2209 concerns a SQL injection in the IdealBB web application from Ideal Science, affecting versions 1.4.9 through 1.5.3. The vulnerability allows remote attackers to execute arbitrary SQL commands via unknown vectors. The report notes a network-access vector with low attack complexity an...