what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2009-2265

Status Candidate

Overview

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Related Files

Adobe ColdFusion 8 Remote Command Execution
Posted Jun 24, 2021
Authored by Pergyz

Adobe ColdFusion 8 remote command execution exploit.

tags | exploit, remote
advisories | CVE-2009-2265
SHA-256 | 2641dc8dea746f5bc8e25940e7ce8a00223a7fa63b29a5e18fae874ce86d1220
ColdFusion 8.0.1 Arbitrary File Upload And Execute
Posted Nov 3, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload and Execute vulnerability.

tags | exploit, file upload
advisories | CVE-2009-2265
SHA-256 | ed8d1ef04d8a010a5d9547040860e7779a809135357782fe9bb61bda538a7295
Debian Linux Security Advisory 1836-1
Posted Jul 17, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1836-1 - Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code.

tags | advisory, web, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2009-2265
SHA-256 | 8aca73d4db5e9a83ca752db9f342ac157518676f56efb95cb2c291cfe066ef03
Open Source CERT Security Advisory 2009.7
Posted Jul 6, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.

tags | advisory, remote, web, arbitrary, shell, file upload
advisories | CVE-2009-2265
SHA-256 | e8fb00e2c1d4004e9c9d5b6c8091560a3a8bc7b786b95c5a80061e93d79b8354
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close