Search criteria
24 vulnerabilities found for fckeditor by fckeditor
FKIE_CVE-2009-2265
Vulnerability from fkie_nvd - Published: 2009-07-05 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fckeditor | fckeditor | * | |
| fckeditor | fckeditor | 2.0 | |
| fckeditor | fckeditor | 2.0_fc | |
| fckeditor | fckeditor | 2.0_rc2 | |
| fckeditor | fckeditor | 2.0rc2 | |
| fckeditor | fckeditor | 2.0rc3 | |
| fckeditor | fckeditor | 2.1 | |
| fckeditor | fckeditor | 2.1.1 | |
| fckeditor | fckeditor | 2.2 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3.1 | |
| fckeditor | fckeditor | 2.3.2 | |
| fckeditor | fckeditor | 2.3.3 | |
| fckeditor | fckeditor | 2.4 | |
| fckeditor | fckeditor | 2.4.1 | |
| fckeditor | fckeditor | 2.4.2 | |
| fckeditor | fckeditor | 2.4.3 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5.1 | |
| fckeditor | fckeditor | 2.6 | |
| fckeditor | fckeditor | 2.6.1 | |
| fckeditor | fckeditor | 2.6.2 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A935AD9-DB0B-47A9-8F5E-9FF2A3310865",
"versionEndIncluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A396BB3-7329-4522-8C5F-99CCA41C9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*",
"matchCriteriaId": "97BEB138-2E35-4770-BA2B-D78FFC6E6CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD08F2AA-D782-419D-945C-D241EB18CBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F9F4D2-0A3E-49D6-9A58-D9BCDF492E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47BD2F-7AC9-490E-9289-9C259FE4F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C6198-FDA6-45BF-B12F-6F9A52B6F1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83806F80-BA69-4098-A4F6-1F9577871EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43FBB64C-5D5D-43D0-A4B9-B08F0012B9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "28B4FB08-9605-4D05-98B6-844F701BFA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95BF5CD1-7D68-4FBE-8116-23B4D1415B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE69FFCF-D442-492F-A5F6-56A02E4E9299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31A4C3CC-27E5-4962-85B2-404EAF434B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "665C47D7-40EC-4F52-8EA0-0886EE8A9345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2271D898-7973-412C-8EA2-EBFD22ABF25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6834FFFF-F463-4F01-BB13-46705B9933A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C583B7-5A09-4849-A1E1-600C87854A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F45886E0-9D00-42B4-AF12-87EFED09765C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "72159C7B-3F8E-440F-8248-3A5A991957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631C1D5A-191E-40D7-A6E4-25C184314527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D47CE1F-04A6-4961-B0B3-5A3EC403EE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2C7527-3513-4B72-8C8D-295A3A8BAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E18F60E3-3723-40F3-A632-C3B8B6157682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E99B8429-1EBC-483D-87B6-281E2C49E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "05B5740F-05C0-4155-BC11-50DE6F8285DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9D86941-B839-43CC-A97E-CA52339A9871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en FCKeditor anterior a v2.6.4.1, permiten a atacantes remotos crear ficheros ejecutables en directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en la entrada de m\u00f3dulos conectores no especificados, tal como se ha explotado en Julio 2009. Est\u00e1 relacionado con el fichero de navegaci\u00f3n y el directorio editor/filemanager/connectors/."
}
],
"id": "CVE-2009-2265",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-05T16:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"source": "cve@mitre.org",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35833"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35909"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2324
Vulnerability from fkie_nvd - Published: 2009-07-05 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fckeditor | fckeditor | * | |
| fckeditor | fckeditor | 2.0 | |
| fckeditor | fckeditor | 2.0_fc | |
| fckeditor | fckeditor | 2.0_rc2 | |
| fckeditor | fckeditor | 2.0rc2 | |
| fckeditor | fckeditor | 2.0rc3 | |
| fckeditor | fckeditor | 2.1 | |
| fckeditor | fckeditor | 2.1.1 | |
| fckeditor | fckeditor | 2.2 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3 | |
| fckeditor | fckeditor | 2.3.1 | |
| fckeditor | fckeditor | 2.3.2 | |
| fckeditor | fckeditor | 2.3.3 | |
| fckeditor | fckeditor | 2.4 | |
| fckeditor | fckeditor | 2.4.1 | |
| fckeditor | fckeditor | 2.4.2 | |
| fckeditor | fckeditor | 2.4.3 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5 | |
| fckeditor | fckeditor | 2.5.1 | |
| fckeditor | fckeditor | 2.6 | |
| fckeditor | fckeditor | 2.6.1 | |
| fckeditor | fckeditor | 2.6.2 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.3 | |
| fckeditor | fckeditor | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A935AD9-DB0B-47A9-8F5E-9FF2A3310865",
"versionEndIncluding": "2.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A396BB3-7329-4522-8C5F-99CCA41C9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*",
"matchCriteriaId": "97BEB138-2E35-4770-BA2B-D78FFC6E6CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD08F2AA-D782-419D-945C-D241EB18CBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F9F4D2-0A3E-49D6-9A58-D9BCDF492E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47BD2F-7AC9-490E-9289-9C259FE4F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "490C6198-FDA6-45BF-B12F-6F9A52B6F1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83806F80-BA69-4098-A4F6-1F9577871EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43FBB64C-5D5D-43D0-A4B9-B08F0012B9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "28B4FB08-9605-4D05-98B6-844F701BFA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95BF5CD1-7D68-4FBE-8116-23B4D1415B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE69FFCF-D442-492F-A5F6-56A02E4E9299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31A4C3CC-27E5-4962-85B2-404EAF434B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "665C47D7-40EC-4F52-8EA0-0886EE8A9345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2271D898-7973-412C-8EA2-EBFD22ABF25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6834FFFF-F463-4F01-BB13-46705B9933A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C583B7-5A09-4849-A1E1-600C87854A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F45886E0-9D00-42B4-AF12-87EFED09765C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "72159C7B-3F8E-440F-8248-3A5A991957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631C1D5A-191E-40D7-A6E4-25C184314527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D47CE1F-04A6-4961-B0B3-5A3EC403EE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2C7527-3513-4B72-8C8D-295A3A8BAD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E18F60E3-3723-40F3-A632-C3B8B6157682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E99B8429-1EBC-483D-87B6-281E2C49E35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "05B5740F-05C0-4155-BC11-50DE6F8285DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.6.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "B9D86941-B839-43CC-A97E-CA52339A9871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en FCKeditor anterior a v2.6.4.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML utilizando componentes en el directorio samples (tambi\u00e9n conocido como _samples)."
}
],
"id": "CVE-2009-2324",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-05T16:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022513"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6178
Vulnerability from fkie_nvd - Published: 2009-02-19 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F9F4D2-0A3E-49D6-9A58-D9BCDF492E90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF47BD2F-7AC9-490E-9289-9C259FE4F231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.3beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5F841DE0-94A3-45E5-9DF6-516BDBE13CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C583B7-5A09-4849-A1E1-600C87854A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0770F6-4C09-4D77-A25A-2D9C59B73795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB6728E-74D6-4939-AA0F-6560678201CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7212A91B-F75D-43CB-90E3-7420C0EA861A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BFECF781-0084-4FBD-BD88-E55C85D9480C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C5492C3F-8833-4F66-B98F-C2B33AD1F14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phplist:phplist:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4693DD-6CAE-437E-9D36-C1182F495984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de env\u00edo de archivo no restringido en editor/filemanager/browser/default/connectors/php/connector.php en FCKeditor v2.2 en Falt4 CMS, Nuke ET, y otros productos, lo que permite a atacantes remotos ejecutar codigo a su eleccion mediante la creacion de un fichero con secuencias PHP precedidas de un encabezado ZIP, subiendo este fichero a traves la accion FileUpload, y despues accediendo al fichero a traves de una peticion directa del fichero en UserFiles/File/, probablemente relacionado con CVE-2005-4094. NOTA: Algunos detalles fueron obtenidos de una tercera parte."
}
],
"id": "CVE-2008-6178",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-19T16:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33973"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6978
Vulnerability from fkie_nvd - Published: 2007-02-08 17:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC8ECB5-CDCC-48BE-BF42-3285321B42A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la \"Selecci\u00f3n de Barra de Herramientas B\u00e1sica\" de FCKEditor permite a atacantes remotos ejecutar c\u00f3digo JavaScript de su elecci\u00f3n mediante un URL javascript: en los atributos (1) href o (2) onmouseover de una etiqueta A de HTML."
}
],
"id": "CVE-2006-6978",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-08T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2529
Vulnerability from fkie_nvd - Published: 2006-05-22 23:10 - Updated: 2025-04-03 01:03
Severity ?
Summary
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
],
"id": "CVE-2006-2529",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-22T23:10:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25631"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1856"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0921
Vulnerability from fkie_nvd - Published: 2006-02-28 11:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_fc:*:*:*:*:*:*:*",
"matchCriteriaId": "97BEB138-2E35-4770-BA2B-D78FFC6E6CE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
],
"id": "CVE-2006-0921",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-28T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/484"
},
{
"source": "cve@mitre.org",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0658
Vulnerability from fkie_nvd - Published: 2006-02-13 11:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A396BB3-7329-4522-8C5F-99CCA41C9DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2823302-CCF1-438B-B962-6EE49D371A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\r\n\u0027CWE-184: Incomplete Blacklist\u0027",
"id": "CVE-2006-0658",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-13T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18767"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0613
Vulnerability from fkie_nvd - Published: 2005-02-28 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/12676 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/12676 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fckeditor:fckeditor:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD08F2AA-D782-419D-945C-D241EB18CBB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
],
"id": "CVE-2005-0613",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-2324 (GCVE-0-2009-2324)
Vulnerability from cvelistv5 – Published: 2009-07-05 16:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2009-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2324",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2265 (GCVE-0-2009-2265)
Vulnerability from cvelistv5 – Published: 2009-07-05 16:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T19:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=695430",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "http://isc.sans.org/diary.html?storyid=6724",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"name": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2265",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-06-29T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6178 (GCVE-0-2008-6178)
Vulnerability from cvelistv5 – Published: 2009-02-19 16:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6178",
"datePublished": "2009-02-19T16:00:00",
"dateReserved": "2009-02-19T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6978 (GCVE-0-2006-6978)
Vulnerability from cvelistv5 – Published: 2007-02-08 17:00 – Updated: 2024-08-07 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683",
"refsource": "MISC",
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6978",
"datePublished": "2007-02-08T17:00:00",
"dateReserved": "2007-02-08T00:00:00",
"dateUpdated": "2024-08-07T20:50:06.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2529 (GCVE-0-2006-2529)
Vulnerability from cvelistv5 – Published: 2006-05-22 23:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25631",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20122"
},
{
"name": "http://www.fckeditor.net/whatsnew/default.html",
"refsource": "CONFIRM",
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2529",
"datePublished": "2006-05-22T23:00:00",
"dateReserved": "2006-05-22T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0921 (GCVE-0-2006-0921)
Vulnerability from cvelistv5 – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:13.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "484",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/484"
},
{
"name": "http://www.nsag.ru/vuln/952.html",
"refsource": "MISC",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0921",
"datePublished": "2006-02-28T11:00:00",
"dateReserved": "2006-02-28T00:00:00",
"dateUpdated": "2024-08-07T16:56:13.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0658 (GCVE-0-2006-0658)
Vulnerability from cvelistv5 – Published: 2006-02-13 11:00 – Updated: 2024-08-07 16:41
VLAI?
Summary
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/fckeditor_22_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0658",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0613 (GCVE-0-2005-0613)
Vulnerability from cvelistv5 – Published: 2005-03-03 05:00 – Updated: 2024-09-17 02:21
VLAI?
Summary
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-03T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0613",
"datePublished": "2005-03-03T05:00:00Z",
"dateReserved": "2005-03-02T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:46.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2324 (GCVE-0-2009-2324)
Vulnerability from nvd – Published: 2009-07-05 16:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocert.org/advisories/ocert-2009-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "1022513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2324",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-07-05T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2265 (GCVE-0-2009-2265)
Vulnerability from nvd – Published: 2009-07-05 16:00 – Updated: 2024-08-07 05:44
VLAI?
Summary
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T19:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1825",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022513"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1825"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-007.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-007.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=695430",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695430"
},
{
"name": "35909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35909"
},
{
"name": "DSA-1836",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1836"
},
{
"name": "FEDORA-2009-7761",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html"
},
{
"name": "35833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35833"
},
{
"name": "ADV-2009-1813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1813"
},
{
"name": "[Zope-dev] 20090706 zope.html with FCKEditor security fix",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html"
},
{
"name": "1022513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022513"
},
{
"name": "http://isc.sans.org/diary.html?storyid=6724",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=6724"
},
{
"name": "20090703 [oCERT-2009-007] FCKeditor input sanitization errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504721/100/0/threaded"
},
{
"name": "FEDORA-2009-7794",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html"
},
{
"name": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2265",
"datePublished": "2009-07-05T16:00:00",
"dateReserved": "2009-06-29T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6178 (GCVE-0-2008-6178)
Vulnerability from nvd – Published: 2009-02-19 16:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31812"
},
{
"name": "33973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33973"
},
{
"name": "ADV-2009-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0447"
},
{
"name": "falt4-fckeditor-file-upload(48769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48769"
},
{
"name": "8060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6178",
"datePublished": "2009-02-19T16:00:00",
"dateReserved": "2009-02-19T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6978 (GCVE-0-2006-6978)
Vulnerability from nvd – Published: 2007-02-08 17:00 – Updated: 2024-08-07 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683",
"refsource": "MISC",
"url": "http://www.newffr.com/viewtopic.php?forum=26\u0026topic=11683"
},
{
"name": "freetextbox-fckeditor-javascipt-xss(26539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539"
},
{
"name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6978",
"datePublished": "2007-02-08T17:00:00",
"dateReserved": "2007-02-08T00:00:00",
"dateUpdated": "2024-08-07T20:50:06.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2529 (GCVE-0-2006-2529)
Vulnerability from nvd – Published: 2006-05-22 23:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-06-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25631",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25631"
},
{
"name": "20122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20122"
},
{
"name": "http://www.fckeditor.net/whatsnew/default.html",
"refsource": "CONFIRM",
"url": "http://www.fckeditor.net/whatsnew/default.html"
},
{
"name": "ADV-2006-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1856"
},
{
"name": "18029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2529",
"datePublished": "2006-05-22T23:00:00",
"dateReserved": "2006-05-22T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0921 (GCVE-0-2006-0921)
Vulnerability from nvd – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:13.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "484",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/484"
},
{
"name": "http://www.nsag.ru/vuln/952.html",
"refsource": "MISC",
"url": "http://www.nsag.ru/vuln/952.html"
},
{
"name": "fckeditor-connector-obtain-information(24878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878"
},
{
"name": "20060519 Re: NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded"
},
{
"name": "20060223 NSA Group Security Advisory NSAG-\u0026sup1;195-23.02.2006 Vulnerability FCKeditor 2.0 FC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0921",
"datePublished": "2006-02-28T11:00:00",
"dateReserved": "2006-02-28T00:00:00",
"dateUpdated": "2024-08-07T16:56:13.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0658 (GCVE-0-2006-0658)
Vulnerability from nvd – Published: 2006-02-13 11:00 – Updated: 2024-08-07 16:41
VLAI?
Summary
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/fckeditor_22_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/fckeditor_22_xpl.html"
},
{
"name": "ADV-2006-0502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0502"
},
{
"name": "20060209 runCMS \u003c= 1.3a2 possible remote code execution through the integrated FCKEditor package",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424708"
},
{
"name": "18767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18767"
},
{
"name": "3702",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0658",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0613 (GCVE-0-2005-0613)
Vulnerability from nvd – Published: 2005-03-03 05:00 – Updated: 2024-09-17 02:21
VLAI?
Summary
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-03T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0613",
"datePublished": "2005-03-03T05:00:00Z",
"dateReserved": "2005-03-02T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:46.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}