CVE-2007-3163
https://notcve.org/view.php?id=CVE-2007-3163
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. Vulnerabilidad de lista negra incompleta en el gestor de ficheros en Frederico Caldeira Knabben FCKeditor 2.4.2 permite a atacantes remotos actualizar archivos .php de su elección a través de sintaxis alterna de secuencia de datos, como se demostró por el nombre de fichero .php::$DATA, relacionado con el asunto en CVE-2006-0658. • http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows http://osvdb.org/37554 http://secunia.com/advisories/25719 http://secunia.com/advisories/25923 http://sourceforge.net/project/shownotes.php?release_id=520159 http://www.bitchiller.de/?p=20 http://www.securityfocus.com/bid/24510 https://exchange.xforce.ibmcloud.com/vulnerabilities/34982 •
CVE-2006-2529
https://notcve.org/view.php?id=CVE-2006-2529
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. • http://secunia.com/advisories/20122 http://www.fckeditor.net/whatsnew/default.html http://www.osvdb.org/25631 http://www.securityfocus.com/bid/18029 http://www.vupen.com/english/advisories/2006/1856 •
CVE-2006-0921
https://notcve.org/view.php?id=CVE-2006-0921
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder. • http://securityreason.com/securityalert/484 http://www.nsag.ru/vuln/952.html http://www.securityfocus.com/archive/1/425937/100/0/threaded http://www.securityfocus.com/archive/1/434559/30/4890/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24878 •
CVE-2006-0658 – FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2006-0658
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. • https://www.exploit-db.com/exploits/1484 https://www.exploit-db.com/exploits/3702 http://retrogod.altervista.org/fckeditor_22_xpl.html http://secunia.com/advisories/18767 http://www.securityfocus.com/archive/1/424708 http://www.vupen.com/english/advisories/2006/0502 •
CVE-2005-0613 – InoutMailingListManager 3.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2005-0613
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files. • https://www.exploit-db.com/exploits/3702 https://www.exploit-db.com/exploits/6783 http://www.securityfocus.com/bid/12676 •