Lucene search
+L

696 matches found

0day.today
0day.today
added 2006/06/29 12:0 a.m.77 views

GeekLog <= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================== GeekLog 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/06/29 12:0 a.m.17 views

GeekLog &lt;= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Geeklog = 1.4.0sr3 'fuckeditor' remote commands execution\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; //works regardless of any php.ini settings, //fckeditor very old 'mcpuk'...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/06/29 12:0 a.m.12 views

GeekLog 1.4.0sr3 - f(u)ckeditor Remote Code Execution

GeekLog 1.4.0sr3 - fuckeditor Remote Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n";...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/06/29 12:0 a.m.40 views

FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload

The version of Geeklog installed on the remote host includes an older version of FCKeditor that is enabled by default and allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user id...

5.1CVSS5.9AI score0.04968EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2006/06/29 12:0 a.m.34 views

GeekLog 1.4.0sr3 - &#039;f(u)ckeditor&#039; Remote Code Execution

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...

7.4AI score
Exploits0
NVD
NVD
added 2006/05/22 11:10 p.m.19 views

CVE-2006-2529

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...

5CVSS6.5AI score0.02422EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/05/22 11:0 p.m.24 views

CVE-2006-2529

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...

6.4AI score0.02422EPSS
Exploits0References5
CVE
CVE
added 2006/05/22 11:0 p.m.66 views

CVE-2006-2529

The CVE-2006-2529 entry describes a vulnerability in FCKeditor's upload feature: editor/filemanager/upload/php/upload.php does not verify the Type parameter when upload is enabled, allowing remote attackers to upload arbitrary file types. Affected product/version: FCKeditor prior to 2.3 Beta. Imp...

5CVSS6.5AI score0.02422EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/05/19 12:0 a.m.20 views

FCKeditor with PHPNuke < 2.3 Beta upload.php Arbitrary File Upload

Binary data 3626.prm...

5CVSS7.3AI score0.02422EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/05/19 12:0 a.m.48 views

FCKeditor upload.php Type Parameter Arbitrary File Upload

The version of FCKeditor installed on the remote host allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user ID. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5CVSS5.8AI score0.02422EPSS
Exploits0References2
securityvulns
securityvulns
added 2006/05/15 12:0 a.m.90 views

XSS in FreeTextBox and FCKEditor Basic Toolbar Selection

More information about it on : http://www.newffr.com/viewtopic.php?forum=26&topic=11683 in french If you don't speak french : create a web page and write into : ------------------ htmlbodya href="javascript: alert'Cookie:n'+document.cookie+'nHave Fun !'"Click here/a/body/html ------------------ O...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/04/05 12:0 a.m.29 views

CubeCart FCKeditor connector.php Arbitrary File Upload

The version of CubeCart installed on the remote host allows an unauthenticated user to upload files with arbitrary PHP code and then to execute them subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

5CVSS6AI score0.07963EPSS
Exploits0References4
CVE
CVE
added 2006/02/28 11:0 a.m.58 views

CVE-2006-0921

CVE-2006-0921 involves multiple directory traversal vulnerabilities in connector.php of FCKeditor 2.0 FC, used in products such as RunCMS. The issue allows remote attackers to list and create arbitrary directories by sending a .. payload in the CurrentFolder parameter to GetFoldersAndFiles and Cr...

6.4CVSS7AI score0.01628EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2006/02/28 11:0 a.m.28 views

CVE-2006-0921

Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. dot dot in the CurrentFolder parameter to 1 GetFoldersAndFiles and 2 CreateFolder...

6.9AI score0.01628EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2006/02/26 12:0 a.m.41 views

NSAG-195-23.02.2006.txt

Advisory: NSAG-¹195-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.0 FC Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/20...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/02/26 12:0 a.m.42 views

NSAG-196-23.02.2006.txt

Advisory: NSAG-¹196-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.2 Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/2005 ...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/02/24 12:0 a.m.24 views

NSA Group Security Advisory NSAG-№196-23.02.2006 Vulnerability FCKeditor 2.2

Advisory: NSAG-№196-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.2 Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/2005 ...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/24 12:0 a.m.29 views

NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC

Advisory: NSAG-№195-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.0 FC Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/20...

7.1AI score
Exploits0
Prion
Prion
added 2006/02/13 11:6 a.m.15 views

Design/Logic Flaw

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...

5CVSS7.2AI score0.06744EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/02/13 11:6 a.m.20 views

CVE-2006-0658

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...

5CVSS7AI score0.06744EPSS
Exploits1References5
Rows per page
Query Builder