Lucene search
+L

696 matches found

OSV
OSV
added 2007/06/11 10:30 p.m.10 views

CVE-2007-3163

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

6.6AI score
Exploits0References8
CVE
CVE
added 2007/06/11 10:0 p.m.61 views

CVE-2007-3163

The connected records identify CVE-2007-3163 as an incomplete blacklist vulnerability in Frederico Caldeira Knabben’s FCKeditor, specifically in the filemanager/upload/php/upload.php component. With FCKeditor 2.4.2, remote attackers can upload and subsequently execute arbitrary PHP code by supply...

5CVSS6.6AI score0.01507EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2007/06/11 10:0 p.m.38 views

CVE-2007-3163

Removed by vendor...

5CVSS6.7AI score0.01507EPSS
Exploits0
Cvelist
Cvelist
added 2007/06/11 10:0 p.m.24 views

CVE-2007-3163

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658...

6.5AI score0.01507EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2007/06/11 12:0 a.m.5 views

PT-2007-4446 · Freddie Chung · Ckeditor

Name of the Vulnerable Software and Affected Versions: FCKeditor version 2.4.2 Description: The issue is related to an incomplete blacklist vulnerability in the filemanager component. This allows remote attackers to upload arbitrary .php files using an alternate data stream syntax, such as...

5CVSS6.7AI score0.01507EPSS
Exploits0References10
NVD
NVD
added 2007/05/11 5:19 p.m.21 views

CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...

6.5CVSS6.5AI score0.01311EPSS
Exploits0References6
OSV
OSV
added 2007/05/11 5:19 p.m.8 views

CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...

6.4AI score
Exploits0References6
CVE
CVE
added 2007/05/11 5:0 p.m.65 views

CVE-2007-2630

The CVE-2007-2630 entry concerns an Incomplete blacklist vulnerability in the FCKeditor module’s filemanager/browse paths (config.php) used by ActiveCampaign 1-2-All (12All) versions 4.50–4.53.13. The issue allows remote authenticated administrators to upload and possibly execute .php4/.php5 file...

6.5CVSS6.5AI score0.01311EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/05/11 5:0 p.m.26 views

CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...

6.5AI score0.01311EPSS
Exploits0References6
securityvulns
securityvulns
added 2007/05/03 12:0 a.m.46 views

12All File Upload Vulnerability

Author: John McGuire Company: ActiveCampaign Product: 1-2-All Version: 4.5x - 4.53.13 Flaw: Arbitrary File Upload Vendor Notified: Yes Patch Available: Yes Patch Location: http://www.activecampaign.com/support/forum/showthread.php?t=3293 URL:...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/04/11 12:0 a.m.21 views

inout-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Site CMD Host: target server ip/hostname Path: path of phpMyNewsletter CMD: a shell command Example: php ".$argv0." localhost /inout/ cat /etc/password"; die; /...

7.4AI score
Exploits0
0day.today
0day.today
added 2007/04/10 12:0 a.m.51 views

InoutMailingListManager <= 3.1 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =============================================================== InoutMailingListManager = 3.1 Remote Command Execution Exploit =============================================================== !/usr/bin/php -q -d shortopentag=on ? echo "...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/10 12:0 a.m.15 views

InoutMailingListManager &lt;= 3.1 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " InoutMailingListManager = 3.1 Command Execution Exploit + Login Retrieve + Advisory by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/04/10 12:0 a.m.10 views

InoutMailingListManager 3.1 - Remote Command Execution

InoutMailingListManager 3.1 - Remote Command Execution !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Site CMD Host: target server ip/hostname Path: path of phpMyNewsletter CMD: a shell command Example: php...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/04/10 12:0 a.m.28 views

InoutMailingListManager 3.1 - Remote Command Execution

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Site CMD Host: target server ip/hostname Path: path of phpMyNewsletter CMD: a shell command Example: php ".$argv0." localhost /inout/ cat /etc/password"; die; /...

7AI score
Exploits0
myhack58
myhack58
added 2007/04/08 12:0 a.m.19 views

Woven dream content management system(DEDECMS 3.the X+4. X upload vulnerability-vulnerability warning-the black bar safety net

Ghost boy note:accurate to say should be DEDECMS used in the php version of FCKeditor there upload vulnerability, the gif89a file header to cheat, did not expect the php version of FCKeditor, even the existence of such a vulnerability, the gif89a file header spoofing is not fresh things. Sources ...

7.2AI score
Exploits0
NVD
NVD
added 2007/02/08 5:28 p.m.18 views

CVE-2006-6978

Cross-site scripting XSS vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the 1 href or 2 onmouseover attribute of the A HTML tag...

4.3CVSS6.1AI score0.01062EPSS
Exploits1References3
CVE
CVE
added 2007/02/08 5:0 p.m.46 views

CVE-2006-6978

The CVE-2006-6978 entry describes a Cross-site Scripting (XSS) vulnerability in FCKEditor’s "Basic Toolbar Selection". The issue allows an attacker to trigger arbitrary JavaScript via the javascript: URI in the href or onmouseover attributes of an A tag. Affected component is FCKEditor’s Basic To...

4.3CVSS6.1AI score0.01062EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2007/02/08 5:0 p.m.18 views

CVE-2006-6978

Cross-site scripting XSS vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the 1 href or 2 onmouseover attribute of the A HTML tag...

6.1AI score0.01062EPSS
Exploits1References3
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.54 views

[SA23662] Cuyahoga FCKEditor Security Bypass Issue

TITLE: Cuyahoga FCKEditor Security Bypass Issue SECUNIA ADVISORY ID: SA23662 VERIFY ADVISORY: http://secunia.com/advisories/23662/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Cuyahoga 1.x http://secunia.com/product/13174/ DESCRIPTION: A security issue has be...

0.7AI score
Exploits0
Rows per page
Query Builder