696 matches found
GeekLog <= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================================== GeekLog 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else...
GeekLog <= 1.4.0sr3 f(u)ckeditor Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Geeklog = 1.4.0sr3 'fuckeditor' remote commands execution\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; //works regardless of any php.ini settings, //fckeditor very old 'mcpuk'...
GeekLog 1.4.0sr3 - f(u)ckeditor Remote Code Execution
GeekLog 1.4.0sr3 - fuckeditor Remote Code Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n";...
FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
The version of Geeklog installed on the remote host includes an older version of FCKeditor that is enabled by default and allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user id...
GeekLog 1.4.0sr3 - 'f(u)ckeditor' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...
CVE-2006-2529
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...
CVE-2006-2529
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658...
CVE-2006-2529
The CVE-2006-2529 entry describes a vulnerability in FCKeditor's upload feature: editor/filemanager/upload/php/upload.php does not verify the Type parameter when upload is enabled, allowing remote attackers to upload arbitrary file types. Affected product/version: FCKeditor prior to 2.3 Beta. Imp...
FCKeditor with PHPNuke < 2.3 Beta upload.php Arbitrary File Upload
Binary data 3626.prm...
FCKeditor upload.php Type Parameter Arbitrary File Upload
The version of FCKeditor installed on the remote host allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user ID. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
XSS in FreeTextBox and FCKEditor Basic Toolbar Selection
More information about it on : http://www.newffr.com/viewtopic.php?forum=26&topic=11683 in french If you don't speak french : create a web page and write into : ------------------ htmlbodya href="javascript: alert'Cookie:n'+document.cookie+'nHave Fun !'"Click here/a/body/html ------------------ O...
CubeCart FCKeditor connector.php Arbitrary File Upload
The version of CubeCart installed on the remote host allows an unauthenticated user to upload files with arbitrary PHP code and then to execute them subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
CVE-2006-0921
CVE-2006-0921 involves multiple directory traversal vulnerabilities in connector.php of FCKeditor 2.0 FC, used in products such as RunCMS. The issue allows remote attackers to list and create arbitrary directories by sending a .. payload in the CurrentFolder parameter to GetFoldersAndFiles and Cr...
CVE-2006-0921
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. dot dot in the CurrentFolder parameter to 1 GetFoldersAndFiles and 2 CreateFolder...
NSAG-195-23.02.2006.txt
Advisory: NSAG-¹195-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.0 FC Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/20...
NSAG-196-23.02.2006.txt
Advisory: NSAG-¹196-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.2 Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/2005 ...
NSA Group Security Advisory NSAG-№196-23.02.2006 Vulnerability FCKeditor 2.2
Advisory: NSAG-№196-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.2 Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/2005 ...
NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC
Advisory: NSAG-№195-23.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: FCKeditor 2.0 FC Site of manufacturer: http://www.fckeditor.net The status: 19/11/2005 - Publication is postponed. 19/11/20...
Design/Logic Flaw
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...
CVE-2006-0658
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...