Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fckeditor fckeditor vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote malicious users to upload arbitrary files.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
534
VMScore
CVE-2009-4444
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote malicious users to bypass intended extension restrictions of third-party upload applications via a f...
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 6.0
578
VMScore
CVE-2018-10795
Liferay 6.2.x and before has an FCKeditor configuration that allows an malicious user to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/edit...
Liferay Liferay Portal
755
VMScore
CVE-2007-5567
PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote malicious users to execute arbitrary PHP code via a URL in the DDS parameter.
Galmeta Galmeta Post 0.11
1 EDB exploit
668
VMScore
CVE-2008-6951
MauryCMS 0.53.2 and previous versions does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote malicious users to upload arbitrary files via a direct request.
Cms.maury91 Maurycms 0.53.2
445
VMScore
CVE-2007-0147
Cuyahoga prior to 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote malicious users to upload files when these privileges were intended only for the Administrator and Editor roles.
Cuyahoga Cuyahoga
435
VMScore
CVE-2007-2901
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
Dokeos Dokeos
1 EDB exploit
435
VMScore
CVE-2008-5729
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/ifr...
Netcat Netcat 2.4
Netcat Netcat 2.3
Netcat Netcat 2.1
Netcat Netcat 2.2
Netcat Netcat
Netcat Netcat 3.0
Netcat Netcat 1.1
Netcat Netcat 2.0
1 EDB exploit
755
VMScore
CVE-2008-3568
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote malicious users to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability ...
Unak Unak-cms 1.5.5
1 EDB exploit
445
VMScore
CVE-2011-3732
eggBlog 4.1.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php ...
Eggblog Eggblog 4.1.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »