Hotfix for CF8 FCKeditor Vulnerability Released

coldfusion Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.

Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.


This entry was:

Risks of FCKeditor Vulnerability in CF8

coldfusion I've had a chance to look at the FCKeditor code a little bit in order to determine what the risks actually are of this vulnerability.


This entry was:

ColdFusion 8 FCKeditor Vulnerability

coldfusion There have been a few stories about a vulnerability in FCKeditor that is bundled with ColdFusion 8, first on SANS and now on The Register.

The FCKeditor ColdFusion connector isn't enabled on all CF installations, I think if you installed a fresh 8.0.


This entry was:

Tips for Secure File Uploads with ColdFusion

coldfusion Allowing someone to upload a file on to your web server is a common requirement, but also a very risky operation. So here are some tips to help make this process more secure.

Don't rely on cffile accept attribute

The accept attribute gives a terrible false sense of security.


This entry was:

foundeo


did you hack my cf?