CVE-2006-2319

N/A Unknown

Published: May 12, 2006 Modified: April 16, 2026

Description

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html

Source: cve@mitre.org

http://secunia.com/advisories/20035

Source: cve@mitre.org

http://securityreason.com/securityalert/871

Source: cve@mitre.org

http://www.idealscience.com/ibb/posts.aspx?postID=24415

Source: cve@mitre.org

http://www.osvdb.org/25456

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/433248/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/17920

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1729

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26353

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html