MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.
9135e598bbd2a86b784c9a282b8fa7393bcf7cdd4921fee77ebf9059e9713571
Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.
da1a2bf303b76bf5b59ef18ad2eeec728100c65453b3bc10e1110a4736295ee6
Secunia Security Advisory - Debian has issued an update for fckeditor. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
7bf6bc4e7b7eaeae7a073dec020d9076ddaa4777bf448c516ac29b445b170dac
Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3c
WordPress ChenPress plugin suffers from a remote shell upload vulnerability via a FCKEditor.
87588ece4e4b307e709c22fc6b0a03904e7c6d41b7c446f2bbe71bdd5b1344e2
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Front-end Editor plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
ae9492f46bc53cc9b8bdf42e5a76318fefe3c2f60f4fb5201aeaf233693d6937
This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.
a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Secunia Security Advisory - Emilio Pinna has discovered two vulnerabilities in FCKeditor, which can be exploited by malicious people to conduct cross-site scripting attacks.
090a8ed3b25fd3e44538f03afd6e51c47a7cefa135a4e62e91ce1fce226b8c0a
Silverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.
92892941f615b9e1625148e66de6d4d5988ac58f60888dc1ef2d18d0ebbf6912
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Expeditor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
3bf0a630d1d5bb9ff8a615621ec4cc16294ff72c179e36688e0e1f60f6ad2c26
Joomla IDoEditor version 1.6.16 suffers from a remote shell upload vulnerability.
84f6b1ba62776a3052dc34fb2f18dc5729761377185ae557186ffa6dd1057744
Secunia Security Advisory - A vulnerability has been discovered in Audio Editor Master, which can be exploited by malicious people to compromise a user's system.
166184546641d35f54b018dc4af673f13166413c2251678187b2728f812a49f8
Audio Editor Master version 5.4.1.217 suffers from a denial of service vulnerability.
b6930c08d1b40f2adf2de7921d89da8214fff73ac57df097378d448e1c3d2690
Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.
6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
Secunia Security Advisory - A vulnerability has been reported in the eZ Style Editor extension for eZ Publish, which can be exploited by malicious people to bypass certain security restrictions.
16ed60ba0dec2bb46082dfc398ee4580eb59450303cf96fc25e27a51246884ff
This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.
451d9fa4a2e617e48ce85c48c985cb871ef37c17216ab0ee454a7063cff0d329
WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.
0c816792c3ca6a0b7d63857f24ed1e793ca83dd33846e3484963e4614bb59655
Drupal FCKEditor/CKEditor module remote PHP code execution exploit.
9e74376ea72715e60cb7ca770018968f4efbcf2157614024104a526a99df39c9
Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.
9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297
Microsoft Bing's Flash editor suffers from an input validation vulnerability that can lead to cross site scripting attacks.
7db7ba6f70e95039239d765d4aeb5b8090c822c565c7ff69ae6a471fe19d3fcc
Secunia Security Advisory - Two vulnerabilities have been reported in the CKEditor and FCKeditor modules for Drupal, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
70bea56e02dbc26a69e840cf0e033b69a0b2282d7355f55191fb3974c32ec641
CKEditor and FCKeditor modules in Drupal versions 6.x and 7.x suffer from PHP code execution, cross site request forgery, and cross site scripting vulnerabilities.
aaa6ea9e677ff1cded922b9064a43bda0cfc2a65959bfa6b93813933823bdbd6
AlegroCart FCKEditor remote command execution proof of concept exploit that leverages the vulnerability found by T0x!c.
171191b6b9e949736304584375831cd8fde697a49bae29a16126d5d68d7ed190
Red Hat Security Advisory 2012-0141-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
f1267c41db6a862799ec7a24f82bdf3f9e615c43178f198aa66dbb317e17b034
The mobile.chicagotribune.com site suffers from a cross site scripting vulnerability. Editor's note 01/04/2013: Per the advisory author, Chicago Tribune has addressed this vulnerability.
cb5868295d95e6e2adccde2d047576233388b74c94df149c189b172e92430175