Vulnerabilites related to fckeditor - fckeditor
CVE-2009-2324 (GCVE-0-2009-2324)
Vulnerability from cvelistv5
Published
2009-07-05 16:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2009-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2324",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0613 (GCVE-0-2005-0613)
Vulnerability from cvelistv5
Published
2005-03-03 05:00
Modified
2024-09-17 02:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-03T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0613",
"datePublished": "2005-03-03T05:00:00Z",
"dateReserved": "2005-03-02T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:46.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0921 (GCVE-0-2006-0921)
Vulnerability from cvelistv5
Published
2006-02-28 11:00
Modified
2024-08-07 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:13.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "484",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/484"
},
{
"name": "http://www.nsag.ru/vuln/952.html",
"refsource": "MISC",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0921",
"datePublished": "2006-02-28T11:00:00",
"dateReserved": "2006-02-28T00:00:00",
"dateUpdated": "2024-08-07T16:56:13.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2265 (GCVE-0-2009-2265)
Vulnerability from cvelistv5
Published
2009-07-05 16:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T19:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=695430",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "http://isc.sans.org/diary.html?storyid=6724",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"name": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2265",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-06-29T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2529 (GCVE-0-2006-2529)
Vulnerability from cvelistv5
Published
2006-05-22 23:00
Modified
2024-08-07 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25631",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20122"
},
{
"name": "http://www.fckeditor.net/whatsnew/default.html",
"refsource": "CONFIRM",
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2529",
"datePublished": "2006-05-22T23:00:00",
"dateReserved": "2006-05-22T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6178 (GCVE-0-2008-6178)
Vulnerability from cvelistv5
Published
2009-02-19 16:00
Modified
2024-08-07 11:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6178",
"datePublished": "2009-02-19T16:00:00",
"dateReserved": "2009-02-19T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6978 (GCVE-0-2006-6978)
Vulnerability from cvelistv5
Published
2007-02-08 17:00
Modified
2024-08-07 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683",
"refsource": "MISC",
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6978",
"datePublished": "2007-02-08T17:00:00",
"dateReserved": "2007-02-08T00:00:00",
"dateUpdated": "2024-08-07T20:50:06.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0658 (GCVE-0-2006-0658)
Vulnerability from cvelistv5
Published
2006-02-13 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/fckeditor_22_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0658",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-07-05 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.ocert.org/advisories/ocert-2009-007.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/504721/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022513 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/advisories/ocert-2009-007.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504721/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022513 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fckeditor | fckeditor | * | |
| fckeditor | fckeditor | 2.0 | |
| fckeditor | fckeditor | 2.0_fc | |
| fckeditor | fckeditor | 2.0_rc2 | |
| fckeditor | fckeditor | 2.0rc2 | |
| fckeditor | fckeditor | 2.0rc3 | |
| fckeditor | fckeditor | 2.1 | |
| fckeditor | fckeditor | 2.1.1 | |
| fckeditor | fckeditor | 2.2 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3.1 | |
| fckeditor | fckeditor | 2.3.2 | |
| fckeditor | fckeditor | 2.3.3 | |
| fckeditor | fckeditor | 2.4 | |
| fckeditor | fckeditor | 2.4.1 | |
| fckeditor | fckeditor | 2.4.2 | |
| fckeditor | fckeditor | 2.4.3 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5.1 | |
| fckeditor | fckeditor | 2.6 | |
| fckeditor | fckeditor | 2.6.1 | |
| fckeditor | fckeditor | 2.6.2 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A935AD9-DB0B-47A9-8F5E-9FF2A3310865",
"versionEndIncluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A396BB3-7329-4522-8C5F-99CCA41C9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*",
"matchCriteriaId": "97BEB138-2E35-4770-BA2B-D78FFC6E6CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD08F2AA-D782-419D-945C-D241EB18CBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F9F4D2-0A3E-49D6-9A58-D9BCDF492E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47BD2F-7AC9-490E-9289-9C259FE4F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C6198-FDA6-45BF-B12F-6F9A52B6F1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83806F80-BA69-4098-A4F6-1F9577871EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43FBB64C-5D5D-43D0-A4B9-B08F0012B9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "28B4FB08-9605-4D05-98B6-844F701BFA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95BF5CD1-7D68-4FBE-8116-23B4D1415B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE69FFCF-D442-492F-A5F6-56A02E4E9299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31A4C3CC-27E5-4962-85B2-404EAF434B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "665C47D7-40EC-4F52-8EA0-0886EE8A9345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2271D898-7973-412C-8EA2-EBFD22ABF25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6834FFFF-F463-4F01-BB13-46705B9933A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C583B7-5A09-4849-A1E1-600C87854A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F45886E0-9D00-42B4-AF12-87EFED09765C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "72159C7B-3F8E-440F-8248-3A5A991957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631C1D5A-191E-40D7-A6E4-25C184314527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D47CE1F-04A6-4961-B0B3-5A3EC403EE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2C7527-3513-4B72-8C8D-295A3A8BAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E18F60E3-3723-40F3-A632-C3B8B6157682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E99B8429-1EBC-483D-87B6-281E2C49E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "05B5740F-05C0-4155-BC11-50DE6F8285DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9D86941-B839-43CC-A97E-CA52339A9871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en FCKeditor anterior a v2.6.4.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML utilizando componentes en el directorio samples (tambi\u00e9n conocido como _samples)."
}
],
"id": "CVE-2009-2324",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-05T16:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022513"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-28 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/12676 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12676 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD08F2AA-D782-419D-945C-D241EB18CBB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
],
"id": "CVE-2005-0613",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-28 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://securityreason.com/securityalert/484 | ||
| cve@mitre.org | http://www.nsag.ru/vuln/952.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/425937/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/434559/30/4890/threaded | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/24878 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/484 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nsag.ru/vuln/952.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/425937/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/434559/30/4890/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/24878 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*",
"matchCriteriaId": "97BEB138-2E35-4770-BA2B-D78FFC6E6CE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
],
"id": "CVE-2006-0921",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-28T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/484"
},
{
"source": "cve@mitre.org",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 17:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.newffr.com/viewtopic.php?forum=26&topic=11683 | Exploit | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/434006/30/4980/threaded | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/26539 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.newffr.com/viewtopic.php?forum=26&topic=11683 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/434006/30/4980/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/26539 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8ECB5-CDCC-48BE-BF42-3285321B42A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la \"Selecci\u00f3n de Barra de Herramientas B\u00e1sica\" de FCKEditor permite a atacantes remotos ejecutar c\u00f3digo JavaScript de su elecci\u00f3n mediante un URL javascript: en los atributos (1) href o (2) onmouseover de una etiqueta A de HTML."
}
],
"id": "CVE-2006-6978",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-08T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-19 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/33973 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/31812 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0447 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/48769 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/8060 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33973 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/31812 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0447 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/48769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/8060 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F9F4D2-0A3E-49D6-9A58-D9BCDF492E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47BD2F-7AC9-490E-9289-9C259FE4F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5F841DE0-94A3-45E5-9DF6-516BDBE13CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C583B7-5A09-4849-A1E1-600C87854A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0770F6-4C09-4D77-A25A-2D9C59B73795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB6728E-74D6-4939-AA0F-6560678201CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7212A91B-F75D-43CB-90E3-7420C0EA861A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFECF781-0084-4FBD-BD88-E55C85D9480C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5492C3F-8833-4F66-B98F-C2B33AD1F14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4693DD-6CAE-437E-9D36-C1182F495984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de env\u00edo de archivo no restringido en editor/filemanager/browser/default/connectors/php/connector.php en FCKeditor v2.2 en Falt4 CMS, Nuke ET, y otros productos, lo que permite a atacantes remotos ejecutar codigo a su eleccion mediante la creacion de un fichero con secuencias PHP precedidas de un encabezado ZIP, subiendo este fichero a traves la accion FileUpload, y despues accediendo al fichero a traves de una peticion directa del fichero en UserFiles/File/, probablemente relacionado con CVE-2005-4094. NOTA: Algunos detalles fueron obtenidos de una tercera parte."
}
],
"id": "CVE-2008-6178",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-19T16:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33973"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-22 23:10
Modified
2025-04-03 01:03
Severity ?
Summary
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/20122 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.fckeditor.net/whatsnew/default.html | Patch | |
| cve@mitre.org | http://www.osvdb.org/25631 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/18029 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/1856 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20122 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fckeditor.net/whatsnew/default.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/25631 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18029 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/1856 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
],
"id": "CVE-2006-2529",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-22T23:10:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25631"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1856"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-13 11:06
Modified
2025-04-03 01:03
Severity ?
Summary
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://retrogod.altervista.org/fckeditor_22_xpl.html | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/18767 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/424708 | Exploit | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/0502 | Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/3702 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://retrogod.altervista.org/fckeditor_22_xpl.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18767 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/424708 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/0502 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/3702 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A396BB3-7329-4522-8C5F-99CCA41C9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\r\n\u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2006-0658",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-13T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18767"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-05 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://isc.sans.org/diary.html?storyid=6724 | ||
| cve@mitre.org | http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html | ||
| cve@mitre.org | http://secunia.com/advisories/35833 | ||
| cve@mitre.org | http://secunia.com/advisories/35909 | ||
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=695430 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1836 | ||
| cve@mitre.org | http://www.ocert.org/advisories/ocert-2009-007.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/504721/100/0/threaded | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022513 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1813 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1825 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://isc.sans.org/diary.html?storyid=6724 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35909 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=695430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ocert.org/advisories/ocert-2009-007.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/504721/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022513 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1813 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1825 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fckeditor | fckeditor | * | |
| fckeditor | fckeditor | 2.0 | |
| fckeditor | fckeditor | 2.0_fc | |
| fckeditor | fckeditor | 2.0_rc2 | |
| fckeditor | fckeditor | 2.0rc2 | |
| fckeditor | fckeditor | 2.0rc3 | |
| fckeditor | fckeditor | 2.1 | |
| fckeditor | fckeditor | 2.1.1 | |
| fckeditor | fckeditor | 2.2 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3.1 | |
| fckeditor | fckeditor | 2.3.2 | |
| fckeditor | fckeditor | 2.3.3 | |
| fckeditor | fckeditor | 2.4 | |
| fckeditor | fckeditor | 2.4.1 | |
| fckeditor | fckeditor | 2.4.2 | |
| fckeditor | fckeditor | 2.4.3 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5.1 | |
| fckeditor | fckeditor | 2.6 | |
| fckeditor | fckeditor | 2.6.1 | |
| fckeditor | fckeditor | 2.6.2 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A935AD9-DB0B-47A9-8F5E-9FF2A3310865",
"versionEndIncluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A396BB3-7329-4522-8C5F-99CCA41C9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*",
"matchCriteriaId": "97BEB138-2E35-4770-BA2B-D78FFC6E6CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD08F2AA-D782-419D-945C-D241EB18CBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F9F4D2-0A3E-49D6-9A58-D9BCDF492E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47BD2F-7AC9-490E-9289-9C259FE4F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C6198-FDA6-45BF-B12F-6F9A52B6F1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83806F80-BA69-4098-A4F6-1F9577871EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43FBB64C-5D5D-43D0-A4B9-B08F0012B9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "28B4FB08-9605-4D05-98B6-844F701BFA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95BF5CD1-7D68-4FBE-8116-23B4D1415B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE69FFCF-D442-492F-A5F6-56A02E4E9299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31A4C3CC-27E5-4962-85B2-404EAF434B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "665C47D7-40EC-4F52-8EA0-0886EE8A9345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2271D898-7973-412C-8EA2-EBFD22ABF25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6834FFFF-F463-4F01-BB13-46705B9933A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C583B7-5A09-4849-A1E1-600C87854A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F45886E0-9D00-42B4-AF12-87EFED09765C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "72159C7B-3F8E-440F-8248-3A5A991957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631C1D5A-191E-40D7-A6E4-25C184314527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D47CE1F-04A6-4961-B0B3-5A3EC403EE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2C7527-3513-4B72-8C8D-295A3A8BAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E18F60E3-3723-40F3-A632-C3B8B6157682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E99B8429-1EBC-483D-87B6-281E2C49E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "05B5740F-05C0-4155-BC11-50DE6F8285DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9D86941-B839-43CC-A97E-CA52339A9871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en FCKeditor anterior a v2.6.4.1, permiten a atacantes remotos crear ficheros ejecutables en directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en la entrada de m\u00f3dulos conectores no especificados, tal como se ha explotado en Julio 2009. Est\u00e1 relacionado con el fichero de navegaci\u00f3n y el directorio editor/filemanager/connectors/."
}
],
"id": "CVE-2009-2265",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-05T16:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"source": "cve@mitre.org",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35833"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35909"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}