CVE-2006-2319

Sažetak

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html
http://secunia.com/advisories/20035
http://securityreason.com/securityalert/871
http://www.idealscience.com/ibb/posts.aspx?postID=24415
http://www.osvdb.org/25456
http://www.securityfocus.com/archive/1/433248/100/0/threaded
http://www.securityfocus.com/bid/17920
http://www.vupen.com/english/advisories/2006/1729
https://exchange.xforce.ibmcloud.com/vulnerabilities/26353

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:39

Objavljeno

12-05-2006 - 00:02