CVE-2006-2319

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

Publication date: Fri, 12 May 2006 05:02:00 +0000


Cyber News related to CVE-2006-2319

CVE-2023-2319 - It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat ...
1 year ago
CVE-2006-2319 - Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename. ...
6 years ago
CVE-2008-2319 -
No Score
CVE-2008-1418 ...
54 years ago Tenable.com
CVE-2014-5321 - FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability ...
10 years ago
CVE-2015-2319 - The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. ...
6 years ago
CVE-2012-2319 - Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. ...
1 year ago
CVE-2002-2319 - Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3. ...
16 years ago
CVE-2005-2319 - PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter. ...
16 years ago
CVE-2010-2319 - SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter. ...
14 years ago
CVE-2013-2319 - FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
10 years ago
CVE-2014-2319 - The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext ...
10 years ago
CVE-2004-2319 - IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. ...
7 years ago
CVE-2011-2319 - Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality, related to JMS. ...
7 years ago
CVE-2007-2319 - PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) ...
7 years ago
CVE-2009-2319 - The default configuration of the Wi-Fi component on the Axesstel MV 410R does not use encryption, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. ...
6 years ago
CVE-2017-2319 - A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being ...
5 years ago
CVE-2019-2319 - HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in ...
4 years ago
CVE-2021-2319 - Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged ...
3 years ago
CVE-2022-2319 - A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. ...
1 year ago
CVE-2020-2319 - Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. ...
1 year ago
CVE-2018-2319 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
54 years ago Tenable.com
CVE-2024-2319 - Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements. ...
8 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com
CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
11 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)