Launchpad CVE tracker

CVE 2007-3163

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.

Related bugs and status

CVE-2007-3163 (Candidate) is related to these bugs:

Bug #31728: moin 1.5 should require or suggest python-xml for DocBook rendering

Summary				In	Importance	Status
	31728	moin 1.5 should require or suggest python-xml for DocBook rendering		moin (Ubuntu)	Medium	Fix Released

Bug #123740: Please sync knowledgeroot 0.9.8.2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	123740	Please sync knowledgeroot 0.9.8.2 (universe) from Debian unstable (main)		knowledgeroot (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://ha.ckers.org/bl...
MISC: http://www.bitchiller....
BID: 24510
SECUNIA: 25719
CONFIRM: http://sourceforge.net...
SECUNIA: 25923
OSVDB: 37554
XF: fckeditor-data-file-up...

Launchpad.net

CVE 2007-3163

Related bugs and status

Related bugs

References