Adobe ColdFusion 8 remote command execution exploit.
2641dc8dea746f5bc8e25940e7ce8a00223a7fa63b29a5e18fae874ce86d1220This Metasploit module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload and Execute vulnerability.
ed8d1ef04d8a010a5d9547040860e7779a809135357782fe9bb61bda538a7295Debian Security Advisory 1836-1 - Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code.
8aca73d4db5e9a83ca752db9f342ac157518676f56efb95cb2c291cfe066ef03FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.
e8fb00e2c1d4004e9c9d5b6c8091560a3a8bc7b786b95c5a80061e93d79b8354
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed