============================================================================== TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilitis ============================================================================== Discovered by Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure OSVDB ID: 56602 , 56603 Secunia Advisory ID: 36031 Advisory URL: http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities Date published: 2009-07-27 Severity: High Vulnerability Class: Abuse of Functionality Author: Bryn Jones (http://www.lunarvis.com) Author Contacted: Yes Reply: No reply Product Overview ================ TinyBrowser is a plugin of TinyMCE JavaScript editor that acts as file browser to view, upload, delete,rename files and folders on the web servers. Vulnerabilities ================== #1. Default Insecure Configurati