Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fckeditor fckeditor vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2009-4444
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote malicious users to bypass intended extension restrictions of third-party upload applications via a f...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 6.0
7.5
CVSSv2
CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote malicious users to upload arbitrary files.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
6.5
CVSSv2
CVE-2018-10795
Liferay 6.2.x and before has an FCKeditor configuration that allows an malicious user to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/edit...
Liferay Liferay Portal
7.5
CVSSv2
CVE-2007-5567
PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote malicious users to execute arbitrary PHP code via a URL in the DDS parameter.
Galmeta Galmeta Post 0.11
1 EDB exploit
7.5
CVSSv2
CVE-2008-6951
MauryCMS 0.53.2 and previous versions does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote malicious users to upload arbitrary files via a direct request.
Cms.maury91 Maurycms 0.53.2
5
CVSSv2
CVE-2007-0147
Cuyahoga prior to 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote malicious users to upload files when these privileges were intended only for the Administrator and Editor roles.
Cuyahoga Cuyahoga
4.3
CVSSv2
CVE-2007-2901
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
Dokeos Dokeos
1 EDB exploit
4.3
CVSSv2
CVE-2008-5729
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/ifr...
Netcat Netcat 2.4
Netcat Netcat 2.3
Netcat Netcat 2.1
Netcat Netcat 2.2
Netcat Netcat
Netcat Netcat 3.0
Netcat Netcat 1.1
Netcat Netcat 2.0
1 EDB exploit
5
CVSSv2
CVE-2011-3732
eggBlog 4.1.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php ...
Eggblog Eggblog 4.1.2
7.5
CVSSv2
CVE-2008-3568
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote malicious users to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability ...
Unak Unak-cms 1.5.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »