CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4037
https://notcve.org/view.php?id=CVE-2014-4037
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000. Vulnerabilidad de XSS en editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor anterior a 2.6.11 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una clave de array en el parámetro textinputs[], un problema diferente a CVE-2012-4000. • http://ckeditor.com/blog/FCKeditor-2.6.11-Released http://packetstormsecurity.com/files/126902/FCKeditor-2.6.10-Cross-Site-Scripting.html http://www.securitytracker.com/id/1030413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 56EXPL: 0CVE-2012-2067
https://notcve.org/view.php?id=CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el módulo CKEditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v7.x-1.x anterior a v7.x-1.7 para Drupal, cuando el módulo de núcleo de PHP está activado, permite a usuarios remotos autenticados o atacantes remotos ejecutar código PHP arbitrario a través del parámetro de texto a un filtro de texto. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80080 https://exchange.xforce.ibmcloud.com/vulnerabilities/74037 •
CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2066
https://notcve.org/view.php?id=CVE-2012-2066
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo FCKeditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v77.x-1.x anterior a v7.x-1.7 para Drupal permite a usuarios remotos autenticados o atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80079 https://exchange.xforce.ibmcloud.com/vulnerabilities/74036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 3CVE-2012-4000 – FCKEditor Core - 'Editor 'spellchecker.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4000
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función print_textinputs_var en editor editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php en FCKeditor v2.6.7 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros de matriz de 'textinputs'. • https://www.exploit-db.com/exploits/37457 http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability http://secunia.com/advisories/49606 http://www.debian.org/security/2012/dsa-2522 http://www.securityfocus.com/bid/54188 https://exchange.xforce.ibmcloud.com/vulnerabilities/76604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 97%CPEs: 27EXPL: 5CVE-2009-2265 – Adobe ColdFusion 8 - Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory. Múltiples vulnerabilidades de salto de directorio en FCKeditor anterior a v2.6.4.1, permiten a atacantes remotos crear ficheros ejecutables en directorios de su elección a través de secuencias de salto de directorio en la entrada de módulos conectores no especificados, tal como se ha explotado en Julio 2009. Está relacionado con el fichero de navegación y el directorio editor/filemanager/connectors/. • https://www.exploit-db.com/exploits/50057 https://www.exploit-db.com/exploits/16788 https://github.com/0xConstant/CVE-2009-2265 https://github.com/p1ckzi/CVE-2009-2265 https://github.com/N3rdyN3xus/CVE-2009-2265 http://isc.sans.org/diary.html?storyid=6724 http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html http://secunia.com/advisories/35833 http://secunia.com/advisories/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •