Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11759
HistoryJul 07, 2009 - 12:00 a.m.

FCKeditor connectors模块多个跨站脚本及目录遍历漏洞

2009-07-0700:00:00
Root
www.seebug.org
52

0.973 High

EPSS

Percentile

99.8%

JSON

CVE(CAN) ID: CVE-2009-2324,CVE-2009-2265

FCKeditor是一款开放源码的HTML文本编辑器。

FCKeditor没有正确地验证用户对多个connector模块所传送的输入,远程攻击者可以利用samples目录中的组件注入任意脚本或HTML,或通过目录遍历攻击上传恶意文件。

FCKeditor <= 2.6.4

  • 从editor\filemanager\connectors中删除不使用的连接器
  • 在config.ext中禁用文件浏览器
  • 完全删除_samples目录

厂商补丁:

FCKeditor

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.fckeditor.net/

Related

openvas 12
debian 3
fedora 5
zdt 1
nessus 6
packetstorm 2
securityvulns 3
debiancve 2
ubuntucve 2
canvas 1
prion 2
cve 2
exploitdb 1
checkpoint_advisories 1
openvas
openvas
Debian: Security Advisory (DSA-1836-1)
2009-07-29 00:00:00
Fedora Update for moin FEDORA-2010-1743
2010-03-02 00:00:00
Fedora Core 11 FEDORA-2009-7794 (moin)
2009-07-29 00:00:00
debian
debian
[Backports-security-announce] Security Update for egroupware
2009-08-04 18:52:05
[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution
2009-07-16 17:55:39
[Backports-security-announce] Security Update for egroupware
2009-08-04 18:10:26
fedora
fedora
[SECURITY] Fedora 11 Update: moin-1.8.7-1.fc11
2010-02-20 00:15:56
[SECURITY] Fedora 11 Update: moin-1.8.4-2.fc11
2009-07-19 10:36:56
[SECURITY] Fedora 11 Update: moin-1.8.8-1.fc11
2010-06-14 17:22:06
zdt
zdt
Adobe ColdFusion 8 - Remote Command Execution Exploit
2021-06-25 00:00:00
nessus
nessus
Fedora 10 : moin-1.6.4-3.fc10 (2009-7761)
2009-07-20 00:00:00
Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload
2009-07-14 00:00:00
Debian DSA-1836-1 : fckeditor - missing input sanitising
2010-02-24 00:00:00
packetstorm
packetstorm
Adobe ColdFusion 8 Remote Command Execution
2021-06-24 00:00:00
ColdFusion 8.0.1 Arbitrary File Upload And Execute
2010-11-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution
2009-07-18 00:00:00
[oCERT-2009-007] FCKeditor input sanitization errors
2009-07-03 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-07-03 00:00:00
debiancve
debiancve
CVE-2009-2324
2009-07-05 16:30:00
CVE-2009-2265
2009-07-05 16:30:00
ubuntucve
ubuntucve
CVE-2009-2324
2009-07-05 00:00:00
CVE-2009-2265
2009-07-05 00:00:00
canvas
canvas
Immunity Canvas: FCKEDITOR
2009-07-05 16:30:00
prion
prion
Cross site scripting
2009-07-05 16:30:00
Directory traversal
2009-07-05 16:30:00
cve
cve
CVE-2009-2324
2009-07-05 16:30:00
CVE-2009-2265
2009-07-05 16:30:00
exploitdb
exploitdb
Adobe ColdFusion 8 - Remote Command Execution (RCE)
2021-06-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe ColdFusion FCKeditor Input Validation Flaw Arbitrary File Upload (CVE-2008-6178; CVE-2009-2265)
2014-11-17 00:00:00

0.973 High

EPSS

Percentile

99.8%

JSON
Related for SSV:11759
openvas12debian3fedora5zdt1nessus6packetstorm2securityvulns3debiancve2ubuntucve2canvas1prion2cve2exploitdb1checkpoint_advisories1