Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0921

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0921
Last Modified 05 Sep 2008 05:00:34
Published 28 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0921

Summary

Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.

Vulnerable Systems

Application

  • Fckeditor 2.0 Fc


References

BUGTRAQ - 20060223 NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC

MISC - http://www.nsag.ru/vuln/952.html

XF - fckeditor-connector-obtain-information(24878)

BUGTRAQ - 20060519 Re: NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC

SREASON - 484


Last Updated: 27 May 2016 10:41:50