Related information

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SECURITY] [DSA-1990-1] New trac-git packages fix code execution

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass

PR09-19: Cross-Site Scripting (XSS) on CommonSpot server

From:	info_(at)_securitylab.ir <info_(at)_securitylab.ir>
Date:	04.02.2010
Subject:	Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability

#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Tavanmand Portal
# version: 1.1
# Vendor: http://www.tavanmand.ir
#################################################################
Vulnerability:
http://site.ir/fckeditor/editor/filemanager/upload/test.html

Uploaded file here http://site.ir/UserFiles/FILE.ASPX
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran@yahoo.com
###################################################################