CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2009-4875
https://notcve.org/view.php?id=CVE-2009-4875
FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters. FCKeditor.Java v2.4 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una petición malformada que contiene carácteres "ctrl". • http://dev.fckeditor.net/ticket/3902 http://java.fckeditor.net/changes-report.html#a2.4.2 http://secunia.com/advisories/35870 http://sourceforge.net/project/shownotes.php?release_id=697258 http://www.osvdb.org/56060 http://www.securityfocus.com/bid/35709 https://exchange.xforce.ibmcloud.com/vulnerabilities/51738 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3163
https://notcve.org/view.php?id=CVE-2007-3163
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. Vulnerabilidad de lista negra incompleta en el gestor de ficheros en Frederico Caldeira Knabben FCKeditor 2.4.2 permite a atacantes remotos actualizar archivos .php de su elección a través de sintaxis alterna de secuencia de datos, como se demostró por el nombre de fichero .php::$DATA, relacionado con el asunto en CVE-2006-0658. • http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows http://osvdb.org/37554 http://secunia.com/advisories/25719 http://secunia.com/advisories/25923 http://sourceforge.net/project/shownotes.php?release_id=520159 http://www.bitchiller.de/?p=20 http://www.securityfocus.com/bid/24510 https://exchange.xforce.ibmcloud.com/vulnerabilities/34982 •