CVE-2005-4600

CVE-2005-4600 describes a directory traversal vulnerability in TinyMCE Compressor PHP prior to 1.06. An attacker can cause the PHP script tiny_mce_gzip.php to read or include arbitrary files by supplying a trailing null byte (%00) in one of four parameters: theme, language, plugins, or lang. The ...

CVE-2005-4599

The CVE-2005-4599 issue affects TinyMCE Compressor PHP prior to 1.06, with a Cross-site Scripting (XSS) vulnerability in tiny_mce_gzip.php exposed via the index parameter. The root cause is unvalidated input leading to script/HTML injection, allowing remote attackers to inject arbitrary web conte...