696 matches found
CVE-2006-0658
Vulnerability family: incomplete blacklist in FCKeditor. Affected: FCKeditor 2.0/2.2 as used in RunCMS and related products. Issue: remote attackers can upload and execute arbitrary script files by using extensions not listed in Config[DeniedExtensions][File] (e.g., .php.txt) due to inadequate ex...
CVE-2006-0658
Removed by vendor...
runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package
--- RunCMS = 1.3a2 remote code execution ------------------------------------ software: site: http://www.runcms.org/public/modules/news/ description: "RUNCMS E-Xoops is a extensible content management system based on the v1 core of Xoops"...
[SA18767] FCKeditor File Upload Vulnerability
TITLE: FCKeditor File Upload Vulnerability SECUNIA ADVISORY ID: SA18767 VERIFY ADVISORY: http://secunia.com/advisories/18767/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: FCKeditor 2.x http://secunia.com/product/7973/ DESCRIPTION: rgod has discovered a...
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload
a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch commands on it this works when php connector is enabled in config.php...
RunCMS 1.2 - class.forumposts.php Remote File Inclusion
RunCMS 1.2 - class.forumposts.php Remote File Inclusion ?php ---runcms13axpl.php 17.30 09/02/2006 RunCMS = 1.2 arbitrary remote inclusion exploit " = 1.3a shell upload through FCKEditor coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go...
FCKEditor 2.0 <= 2.2 (connector.php) Remote Shell Upload Exploit
Exploit for unknown platform in category web applications ================================================================ FCKEditor 2.0 a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious...
RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit
No description provided by source. ?php ---runcms13axpl.php 17.30 09/02/2006 RunCMS = 1.2 arbitrary remote inclusion exploit " = 1.3a shell upload through FCKEditor coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "But when...
FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload
FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...
FCKEditor 2.0 <= 2.2 (connector.php) Remote Shell Upload Exploit
No description provided by source. ?php ---fckeditor22xpl.php 15.38 04/12/2005 FCKEditor 2.0 = 2.2 shell upload coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Security against defeat implies defensive tactics; ability to...
RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit
Exploit for unknown platform in category web applications ======================================================================= RunCMS = 1.2 class.forumposts.php Arbitrary Remote Inclusion Exploit ======================================================================= ?php ---runcms13axpl.php...
CVE-2005-0613
CVE-2005-0613 concerns an vulnerability in the FCKeditor 2.0 RC2 when used with PHP-Nuke, allowing remote attackers to upload arbitrary files. The issue is evidenced across multiple sources in the connected documents, which identify the affected component as the FCKeditor add-on for PHP-Nuke and ...
CVE-2005-0613
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...
FCKeditor for PHP-Nuke Arbitrary File Upload
The remote host is running a version of the FCKeditor add-on for PHP-Nuke that allows a remote attacker to upload arbitrary files and run them in the context of the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
CVE-2005-0613
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...
FCKeditor with PHPNuke connector.php File Upload
Binary data 2661.prm...