Computer Security

CVE-2009-2265
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-2265
StatusCandidate
DescriptionMultiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
SeverityHigh
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseAssigned (12.08.2009)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2265
ReferencesBUGTRAQ : 20090703 [oCERT-2009-007] FCKeditor input sanitization errors
 MISC : http://isc.sans.org/diary.html?storyid=6724
 MISC : http://www.ocert.org/advisories/ocert-2009-007.html
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server