MidnightBSD

Advisories for ideal_science

CVE-2004-2207 MEDIUM

Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.4.9a
ideal_science idealbb 1.5_beta4
ideal_science idealbb 1.4.9_beta
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5_beta5
ideal_science idealbb 1.5_rc1
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5_beta2
ideal_science idealbb 1.5_beta3
ideal_science idealbb 1.5_beta1
ideal_science idealbb 1.4.9
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.1
CVE-2004-2208 MEDIUM

CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.4.9a
ideal_science idealbb 1.5_beta4
ideal_science idealbb 1.4.9_beta
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5_beta5
ideal_science idealbb 1.5_rc1
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5_beta2
ideal_science idealbb 1.5_beta3
ideal_science idealbb 1.5_beta1
ideal_science idealbb 1.4.9
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.1
CVE-2004-2209 HIGH

SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.4.9a
ideal_science idealbb 1.5_beta4
ideal_science idealbb 1.4.9_beta
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5_beta5
ideal_science idealbb 1.5_rc1
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5_beta2
ideal_science idealbb 1.5_beta3
ideal_science idealbb 1.5_beta1
ideal_science idealbb 1.4.9
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.1
CVE-2005-4078 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) forumID, (2) boardID, and (3) topicRepeater1-p parameters in topics.aspx, (4) boardID parameter in categoryindex.aspx, (5) postID parameter in posts.aspx, (6) catID parameter in forums.aspx, and (7) memberID parameter in member.aspx.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science ideal_bb.net *
CVE-2006-2317 MEDIUM

Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.5.0_beta1
ideal_science idealbb 1.5.0_beta2
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5.3b
ideal_science idealbb 1.5.3_beta2
ideal_science idealbb 1.5.0_beta3
ideal_science idealbb 1.5.0_rc1
ideal_science idealbb 1.5.0_beta4
ideal_science idealbb 1.5.3a
ideal_science idealbb 1.5.2b
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.4a
ideal_science idealbb 1.5.1
ideal_science idealbb 1.5.3_beta1
CVE-2006-2318 HIGH

Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.5.0_beta1
ideal_science idealbb 1.4.9a
ideal_science idealbb 1.4.9_beta
ideal_science idealbb 1.5.0_beta2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5_beta3
ideal_science idealbb 1.5.3_beta2
ideal_science idealbb 1.5.0_beta3
ideal_science idealbb 1.5.0_beta4
ideal_science idealbb 1.5.2b
ideal_science idealbb 1.4.9
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.1
ideal_science idealbb 1.5.3_beta1
ideal_science idealbb 1.5_beta4
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5_beta5
ideal_science idealbb 1.5_rc1
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5.3b
ideal_science idealbb 1.5_beta2
ideal_science idealbb 1.5.0_rc1
ideal_science idealbb 1.5.3a
ideal_science idealbb 1.5_beta1
ideal_science idealbb 1.5.4a
CVE-2006-2319 MEDIUM

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.5.0_beta1
ideal_science idealbb 1.5.0_beta2
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5.3b
ideal_science idealbb 1.5.3_beta2
ideal_science idealbb 1.5.0_beta3
ideal_science idealbb 1.5.0_rc1
ideal_science idealbb 1.5.0_beta4
ideal_science idealbb 1.5.3a
ideal_science idealbb 1.5.2b
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.4a
ideal_science idealbb 1.5.1
ideal_science idealbb 1.5.3_beta1
CVE-2006-2320 HIGH

Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.5.0_beta1
ideal_science idealbb 1.5.0_beta2
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5.3b
ideal_science idealbb 1.5.3_beta2
ideal_science idealbb 1.5.0_beta3
ideal_science idealbb 1.5.0_rc1
ideal_science idealbb 1.5.0_beta4
ideal_science idealbb 1.5.3a
ideal_science idealbb 1.5.2b
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.4a
ideal_science idealbb 1.5.1
ideal_science idealbb 1.5.3_beta1
CVE-2006-2321 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ideal_science idealbb 1.5.0_beta1
ideal_science idealbb 1.5.0_beta2
ideal_science idealbb 1.5.2
ideal_science idealbb 1.5.2c
ideal_science idealbb 1.5.2a
ideal_science idealbb 1.5.3b
ideal_science idealbb 1.5.3_beta2
ideal_science idealbb 1.5.0_beta3
ideal_science idealbb 1.5.0_rc1
ideal_science idealbb 1.5.0_beta4
ideal_science idealbb 1.5.3a
ideal_science idealbb 1.5.2b
ideal_science idealbb 1.5.3
ideal_science idealbb 1.5.4a
ideal_science idealbb 1.5.1
ideal_science idealbb 1.5.3_beta1