Lucene search
+L

696 matches found

NVD
NVD
added 2008/04/27 9:5 p.m.17 views

CVE-2008-1993

Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files...

7.5CVSS6.9AI score0.02828EPSS
Exploits1References6
CVE
CVE
added 2008/04/27 9:0 p.m.42 views

CVE-2008-1993

CVE-2008-1993 affects Acidcat CMS 3.4.1 where the FCKEditor component is not access-restricted, enabling remote upload of arbitrary files. Based on the NVD entry, the flaw is exploitable over the network with low attack complexity and no authentication, potentially impacting confidentiality, inte...

7.5CVSS6.9AI score0.02828EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2008/04/27 9:0 p.m.22 views

CVE-2008-1993

Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files...

6.9AI score0.02828EPSS
Exploits1References6
securityvulns
securityvulns
added 2008/04/21 12:0 a.m.71 views

Acidcat CMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: Acidcat CMS Multiple Vulnerabilities. Vendor: www.acidcat.com Vulnerable Version: 3.4.1 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/36 1. Description: Acidcat CMS is a web site and simple Conte...

Exploits0
0day.today
0day.today
added 2008/04/20 12:0 a.m.30 views

Acidcat CMS 3.4.1 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ================================================= Acidcat CMS 3.4.1 Multiple Remote Vulnerabilities ================================================= AmnPardaz Security Research Team Title: Acidcat CMS Multiple Vulnerabilities. Vendor:...

7.1AI score
Exploits0
myhack58
myhack58
added 2007/12/20 12:0 a.m.16 views

Fckeditor <=2.4.2 For php arbitrary Upload File vulnerability-vulnerability warning-the black bar safety net

Infos: Fckeditor =2.4.2 For php arbitrary file upload vulnerability Author: Maple-x Date: 18/12/2007 FCKeditor is a very good HTML online editor. In the processing PHP upload where there is a serious security vulnerability Cause the user can upload any file 在...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2007/12/19 12:0 a.m.19 views

Fckeditor &lt;=2.4.2 For php 任意上传文件漏洞

FCKeditor是一款非常优秀的HTML在线编辑器。在处理PHP上传的地方存在严重的安全漏洞 导致用户可以上传任意文件 在fckeditor/editor/filemanager/upload/php/upload.php 61行 程序从$GET数组中获取Type变量,然后通过inarray进行类型判断。 但在config配置文件中 并未对Media类型进行上传文件类型的控制,导致用户上传任意文件 Fckeditor =2.4.2 For php 更新到最新的2.5版本。或者在config.php文件中,添加对Media类型的文件类型限制...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/23 12:0 a.m.45 views

[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87

Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2007/10/23 12:0 a.m.26 views

efileman-multi.txt

Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/10/23 12:0 a.m.20 views

koreanghboard-multi.txt

Software : Korean GHBoard Site : http://www.ghlab.com/ Found by : Xcross87 1. File Upload Vulnerability Xploit : victim.com/ghboard/component/upload.jsp 2. FlashUpload component File Upload and File Download Vulnerability Upload Xploit : victim.com/ghboard/component/flashupload/upload.html Not...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/10/01 5:17 a.m.32 views

CVE-2007-5156

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...

7.5CVSS6.2AI score0.08005EPSS
Exploits1References1
Prion
Prion
added 2007/10/01 5:17 a.m.19 views

Design/Logic Flaw

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...

7.5CVSS7.5AI score0.08005EPSS
Exploits2References19Affected Software4
OSV
OSV
added 2007/10/01 5:17 a.m.7 views

CVE-2007-5156

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...

7.3AI score
Exploits0References19
Debian CVE
Debian CVE
added 2007/10/01 12:0 a.m.28 views

CVE-2007-5156

Removed by vendor...

7.5CVSS6.7AI score0.08005EPSS
Exploits1
CVE
CVE
added 2007/10/01 12:0 a.m.101 views

CVE-2007-5156

CVE-2007-5156 references an incomplete blacklist vulnerability in FCKeditor’s editor/filemanager/upload/php/upload.php, used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and other products. The flaw allows remote attackers to upload and execute arbitrary PHP code by submitting a...

7.5CVSS7.2AI score0.08005EPSS
Exploits1References19Affected Software4
Cvelist
Cvelist
added 2007/10/01 12:0 a.m.23 views

CVE-2007-5156

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...

7.2AI score0.08005EPSS
Exploits1References19
Packet Storm
Packet Storm
added 2007/09/28 12:0 a.m.27 views

waraxe-2007-SA057.txt

waraxe-2007-SA057 - Unauthorized File Upload in SiteX CMS ==================================================================== Author: Janek Vind "waraxe" Date: 27. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-57.html Target software description:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/09/27 12:0 a.m.47 views

[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS

waraxe-2007-SA057 - Unauthorized File Upload in SiteX CMS ==================================================================== Author: Janek Vind "waraxe" Date: 27. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-57.html Target software description:...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2007/06/21 12:0 a.m.14 views

FCKeditor可选择数据流任意文件上传漏洞

FCKeditor一款功能强大的在线HTML编辑器。 FCKeditor不正确过滤用户提交的输入,远程攻击者可以利用漏洞上传任意文件,并以WEB进程权限执行。 目前没有详细漏洞细节提供。 Frederico Caldeira Knabben FCKeditor 2.4.3 目前没有解决方案提供: http://www.fckeditor.net/...

7.1AI score
Exploits0
Prion
Prion
added 2007/06/11 10:30 p.m.22 views

Input validation

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

5CVSS6.8AI score0.06744EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder