Google Mail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Scottish ColdFusion User Group
Home
+ new post
Pages
Files
About this group
Join this group
Message from discussion file upload vulnerability in CF801
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Follow-up To:
Add Cc | Add Follow-up to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers that you hear
 
Stephen Moretti  
View profile   Translate to Translated (View Original)
 More options 5 July, 23:40
From: Stephen Moretti <stephen.more...@gmail.com>
Date: Sun, 5 Jul 2009 23:40:53 +0100
Local: Sun 5 July 2009 23:40
Subject: Re: [SCFUG] file upload vulnerability in CF801
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author

Just so you are aware its not a ColdFusion vunerability.  Its a general
FCKEditor vulnerability, regardless of middleware that it sits on.

2009/7/3 Gareth Cole <gareth.c...@esus.ie>

>  Hi Folks,

> Just in case you haven't seen this yet, there's a security vulnerability in
> the CF801 updater:

> http://www.theregister.co.uk/2009/07/03/coldfusion_compromise/

> Some genius at adobe decided to enable file uploads by default in the
> embedded fckeditor. Unfortunately, this allows hackers to upload any files
> they want on to your system, and take control of your server.

> The link has full details and remedy.

--
Stephen Moretti
Blog : http://nil.checksite.co.uk/
Twitter : http://twitter.com/mr_nil
EE: http://beta.experts-exchange.com/M_1167123.html

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message, you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google