FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability

FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability

References:

[Zope-dev] zope.html with FCKEditor security fix (Zope)
Alex Script Engine Homepage (Alexscriptengine)
ClanSphere 2009.0.2 Changelog (ClanSphere)
Dokeos 1.8 Security patch (Dokeos)
FCKeditor - What's New? (FCKeditor)
FCKeditor Home Page (FCKeditor)
FCKeditor Releases Version 2.6.4.1 (US-CERT)
Nakid CMS Homepage (Nakid)
PHPList Homepage (PHPList)
Potential ColdFusion security issue (Adobe)
Tru-Zone Homepage (Tru-Zone)
[oCERT-2009-007] FCKeditor input sanitization errors (Andrea Barisani )
#2009-007 FCKeditor input sanitization errors (oCERT)
APSB09-09 Hotfix available for potential ColdFusion 8 input sanitization issue (Adobe)

Privacy Statement
Copyright 2010, SecurityFocus