Page 2 of 10 results (0.009 seconds)

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. Vulnerabilidad de lista negra incompleta en el gestor de ficheros en Frederico Caldeira Knabben FCKeditor 2.4.2 permite a atacantes remotos actualizar archivos .php de su elección a través de sintaxis alterna de secuencia de datos, como se demostró por el nombre de fichero .php::$DATA, relacionado con el asunto en CVE-2006-0658. • http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows http://osvdb.org/37554 http://secunia.com/advisories/25719 http://secunia.com/advisories/25923 http://sourceforge.net/project/shownotes.php?release_id=520159 http://www.bitchiller.de/?p=20 http://www.securityfocus.com/bid/24510 https://exchange.xforce.ibmcloud.com/vulnerabilities/34982 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. • http://secunia.com/advisories/20122 http://www.fckeditor.net/whatsnew/default.html http://www.osvdb.org/25631 http://www.securityfocus.com/bid/18029 http://www.vupen.com/english/advisories/2006/1856 •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder. • http://securityreason.com/securityalert/484 http://www.nsag.ru/vuln/952.html http://www.securityfocus.com/archive/1/425937/100/0/threaded http://www.securityfocus.com/archive/1/434559/30/4890/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24878 •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 4

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. • https://www.exploit-db.com/exploits/1484 https://www.exploit-db.com/exploits/3702 http://retrogod.altervista.org/fckeditor_22_xpl.html http://secunia.com/advisories/18767 http://www.securityfocus.com/archive/1/424708 http://www.vupen.com/english/advisories/2006/0502 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files. • https://www.exploit-db.com/exploits/3702 https://www.exploit-db.com/exploits/6783 http://www.securityfocus.com/bid/12676 •