696 matches found
CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files...
CVE-2008-1993
CVE-2008-1993 affects Acidcat CMS 3.4.1 where the FCKEditor component is not access-restricted, enabling remote upload of arbitrary files. Based on the NVD entry, the flaw is exploitable over the network with low attack complexity and no authentication, potentially impacting confidentiality, inte...
CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files...
Acidcat CMS Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: Acidcat CMS Multiple Vulnerabilities. Vendor: www.acidcat.com Vulnerable Version: 3.4.1 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/36 1. Description: Acidcat CMS is a web site and simple Conte...
Acidcat CMS 3.4.1 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================= Acidcat CMS 3.4.1 Multiple Remote Vulnerabilities ================================================= AmnPardaz Security Research Team Title: Acidcat CMS Multiple Vulnerabilities. Vendor:...
Fckeditor <=2.4.2 For php arbitrary Upload File vulnerability-vulnerability warning-the black bar safety net
Infos: Fckeditor =2.4.2 For php arbitrary file upload vulnerability Author: Maple-x Date: 18/12/2007 FCKeditor is a very good HTML online editor. In the processing PHP upload where there is a serious security vulnerability Cause the user can upload any file 在...
Fckeditor <=2.4.2 For php 任意上传文件漏洞
FCKeditor是一款非常优秀的HTML在线编辑器。在处理PHP上传的地方存在严重的安全漏洞 导致用户可以上传任意文件 在fckeditor/editor/filemanager/upload/php/upload.php 61行 程序从$GET数组中获取Type变量,然后通过inarray进行类型判断。 但在config配置文件中 并未对Media类型进行上传文件类型的控制,导致用户上传任意文件 Fckeditor =2.4.2 For php 更新到最新的2.5版本。或者在config.php文件中,添加对Media类型的文件类型限制...
[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87
Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...
efileman-multi.txt
Software : eFileman Version : 7.x tested on 7.1.0.87-88 Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/path/upload.html http://victim.com/path/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/path/uploads/uploadfile.xxx B. Dire...
koreanghboard-multi.txt
Software : Korean GHBoard Site : http://www.ghlab.com/ Found by : Xcross87 1. File Upload Vulnerability Xploit : victim.com/ghboard/component/upload.jsp 2. FlashUpload component File Upload and File Download Vulnerability Upload Xploit : victim.com/ghboard/component/flashupload/upload.html Not...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
Design/Logic Flaw
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
CVE-2007-5156
Removed by vendor...
CVE-2007-5156
CVE-2007-5156 references an incomplete blacklist vulnerability in FCKeditor’s editor/filemanager/upload/php/upload.php, used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and other products. The flaw allows remote attackers to upload and execute arbitrary PHP code by submitting a...
CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...
waraxe-2007-SA057.txt
waraxe-2007-SA057 - Unauthorized File Upload in SiteX CMS ==================================================================== Author: Janek Vind "waraxe" Date: 27. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-57.html Target software description:...
[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS
waraxe-2007-SA057 - Unauthorized File Upload in SiteX CMS ==================================================================== Author: Janek Vind "waraxe" Date: 27. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-57.html Target software description:...
FCKeditor可选择数据流任意文件上传漏洞
FCKeditor一款功能强大的在线HTML编辑器。 FCKeditor不正确过滤用户提交的输入,远程攻击者可以利用漏洞上传任意文件,并以WEB进程权限执行。 目前没有详细漏洞细节提供。 Frederico Caldeira Knabben FCKeditor 2.4.3 目前没有解决方案提供: http://www.fckeditor.net/...
Input validation
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...