CVE-2009-2265

EPSS 83.9%

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 9

githubgithub.com/zaphoxx/zaphoxx-coldfusion★ 2 githubgithub.com/h3x0v3rl0rd/CVE-2009-2265★ 1 githubgithub.com/p1ckzi/CVE-2009-2265★ 1 githubgithub.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265★ 1 githubgithub.com/matesz44/CVE-2009-2265★ 0 githubgithub.com/nika0x38/CVE-2009-2265★ 0 exploitdbwww.exploit-db.com/exploits/16788no verificado exploitdbwww.exploit-db.com/exploits/50057no verificado cve_referencepacketstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://isc.sans.org/diary.html?storyid=6724 http://mail.zope.org/pipermail/zope-dev/2009-July/037195.html http://packetstormsecurity.com/files/163271/Adobe-ColdFusion-8-Remote-Command-Execution.html http://secunia.com/advisories/35833 http://secunia.com/advisories/35909 http://sourceforge.net/project/shownotes.php?release_id=695430 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00710.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00750.html http://www.debian.org/security/2009/dsa-1836 http://www.ocert.org/advisories/ocert-2009-007.html http://www.securityfocus.com/archive/1/504721/100/0/threaded http://www.securitytracker.com/id?1022513