4 matches found
EUVD-2007-3155
Malware in sbrugna...
Input validation
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...
CVE-2007-3163
The connected records identify CVE-2007-3163 as an incomplete blacklist vulnerability in Frederico Caldeira Knabben’s FCKeditor, specifically in the filemanager/upload/php/upload.php component. With FCKeditor 2.4.2, remote attackers can upload and subsequently execute arbitrary PHP code by supply...
CVE-2006-0658
Vulnerability family: incomplete blacklist in FCKeditor. Affected: FCKeditor 2.0/2.2 as used in RunCMS and related products. Issue: remote attackers can upload and execute arbitrary script files by using extensions not listed in Config[DeniedExtensions][File] (e.g., .php.txt) due to inadequate ex...