CVE-2009-2265: Path Traversal
First published: Sun Jul 05 2009(Updated: )
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ht Editor | =2.4 | |
| Ht Editor | =2.6.3-beta | |
| Ht Editor | =2.6.3 | |
| Ht Editor | <=2.6.4 | |
| Ht Editor | =2.6 | |
| Ht Editor | =2.4.3 | |
| Ht Editor | =2.5 | |
| Ht Editor | =2.3-beta | |
| Ht Editor | =2.3.3 | |
| Ht Editor | =2.5-beta | |
| Ht Editor | =2.4.2 | |
| Ht Editor | =2.4.1 | |
| Ht Editor | =2.1 | |
| Ht Editor | =2.0rc3 | |
| Ht Editor | =2.0_fc | |
| Ht Editor | =2.6.2 | |
| Ht Editor | =2.3.1 | |
| Ht Editor | =2.0 | |
| Ht Editor | =2.2 | |
| Ht Editor | =2.5.1 | |
| Ht Editor | =2.0rc2 | |
| Ht Editor | =2.0_rc2 | |
| Ht Editor | =2.1.1 | |
| Ht Editor | =2.3 | |
| Ht Editor | =2.6.1 | |
| Ht Editor | =2.6.4-beta | |
| Ht Editor | =2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ocert.org/advisories/ocert-2009-007.html
- http://isc.sans.org/diary.html?storyid=6724
- http://www.securitytracker.com/id?1022513
- http://sourceforge.net/project/shownotes.php?release_id=695430
- http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html
- http://www.debian.org/security/2009/dsa-1836
- http://www.vupen.com/english/advisories/2009/1825
- http://secunia.com/advisories/35833
- http://www.vupen.com/english/advisories/2009/1813
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html
- http://secunia.com/advisories/35909
- http://www.securityfocus.com/archive/1/504721/100/0/threaded
- http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/fckeditor
- canonical/ht editor
- version/ht editor/2.4
- version/ht editor/2.6.3-beta
- version/ht editor/2.6.3
- version/ht editor/2.6.4
- version/ht editor/2.6
- version/ht editor/2.4.3
- version/ht editor/2.5
- version/ht editor/2.3-beta
- version/ht editor/2.3.3
- version/ht editor/2.5-beta
- version/ht editor/2.4.2
- version/ht editor/2.4.1
- version/ht editor/2.1
- version/ht editor/2.0rc3
- version/ht editor/2.0_fc
- version/ht editor/2.6.2
- version/ht editor/2.3.1
- version/ht editor/2.0
- version/ht editor/2.2
- version/ht editor/2.5.1
- version/ht editor/2.0rc2
- version/ht editor/2.0_rc2
- version/ht editor/2.1.1
- version/ht editor/2.3
- version/ht editor/2.6.1
- version/ht editor/2.6.4-beta
- version/ht editor/2.3.2