I suspect you have an older version of FCKEditor deployed in that case. Dave Watts, CTO, Fig Leaf Software
-----Original Message----- From: Adrian Lynch <cont...@adrianlynch.co.uk> Sent: Friday, 03 July, 2009 06:46 To: cf-talk <cf-talk@houseoffusion.com> Subject: RE: New CF8 vulnerability I don't seem to have the same file directory as that posted in the second link. Instead I have: \CFIDE\scripts\ajax\FCKeditor\editor\filemanager\upload\cfm\config.cfm and: \CFIDE\scripts\ajax\FCKeditor\editor\filemanager\browser\default\connectors\ cfm\config.cfm Both of these files look like they are encrypted. Am I missing something? Adrian > -----Original Message----- > From: Dave Watts [mailto:dwa...@figleaf.com] > Sent: 03 July 2009 00:17 > To: cf-talk > Subject: New CF8 vulnerability > > > You may want to check for this on any clients/projects you've worked > with: > http://isc.sans.org/diary.html?storyid=6715 > > Remediation steps available here: > http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security- > threat > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324181 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
