| VID |
21917 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Ideal BB is older than 1.5.4b has been installed on the host. Ideal BB is a bulletin board program for Microsoft Windows platforms. Ideal BB versions prior to 1.5.4b are vulnerable to multiple input-validation vulnerabilities. The issues include remote file include, information disclosure, cross-site scripting, and SQL injection vulnerabilities. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, execute remote PHP code in the context of the webserver process, access sensitive information, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
* Note: This check solely relied on the version number of Ideal BB on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2006-05/0136.html
http://www.securityfocus.com/archive/1/archive/1/433248/100
http://www.osvdb.org/25455
http://secunia.com/advisories/20035
* Platforms Affected:
Ideal Science, Inc., Ideal BB versions prior to 1.5.4b
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Ideal BB (1.5.4b or later), available from the Ideal Science Download Web site at http://www.idealscience.com |
| Related URL |
CVE-2006-2317,CVE-2006-2318,CVE-2006-2319,CVE-2006-2320,CVE-2006-2321 (CVE) |
| Related URL |
17920 (SecurityFocus) |
| Related URL |
26348,26353,26354,26355 (ISS) |
|
