Adobe ColdFusion 8 remote command execution exploit.
2641dc8dea746f5bc8e25940e7ce8a00223a7fa63b29a5e18fae874ce86d1220
This Metasploit module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload and Execute vulnerability.
ed8d1ef04d8a010a5d9547040860e7779a809135357782fe9bb61bda538a7295
Debian Security Advisory 1836-1 - Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code.
8aca73d4db5e9a83ca752db9f342ac157518676f56efb95cb2c291cfe066ef03
FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.
e8fb00e2c1d4004e9c9d5b6c8091560a3a8bc7b786b95c5a80061e93d79b8354