CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2006-6168
https://notcve.org/view.php?id=CVE-2006-6168
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." tiki-register.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos disparar "notificación de spam" mediante vectores no especificados como una lista de direcciones separadas por coma en el campo email, relacionado con la falta de "un mínimo chequeo en email". • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 http://www.vupen.com/english/advisories/2006/4709 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6163
https://notcve.org/view.php?id=CVE-2006-6163
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-setup_base.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos inyectar código JavaScript de su elección mediante parámetros no especificados. • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 http://www.vupen.com/english/advisories/2006/4709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6162
https://notcve.org/view.php?id=CVE-2006-6162
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-edit_structures.php en el TikiWiki 1.9.6 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante el parámetro pageAlias. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen solamente a partir de la información de terceros. • http://secunia.com/advisories/22850 http://www.osvdb.org/30692 http://www.securityfocus.com/bid/21297 http://www.vupen.com/english/advisories/2006/4709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-5703 – TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure
https://notcve.org/view.php?id=CVE-2006-5703
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-featured_link.php en Tikiwiki 1.9.5 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de un parámetro url que eluden el filtro, como se demostró por el valor del parámetro que contiene información mal formada, elementos de secuencias de comandos anidadas • https://www.exploit-db.com/exploits/2701 http://secunia.com/advisories/22678 http://secunia.com/advisories/23039 http://security.gentoo.org/glsa/glsa-200611-11.xml http://securityreason.com/securityalert/1816 http://www.securityfocus.com/archive/1/450268/100/0/threaded http://www.securityfocus.com/bid/20858 http://www.vupen.com/english/advisories/2006/4316 https://exchange.xforce.ibmcloud.com/vulnerabilities/29958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2006-5702 – TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure
https://notcve.org/view.php?id=CVE-2006-5702
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages. Tikiwiki 1.9.5 permite a un atacante remoto obtener información sensible (nombre de usuario de MySQL y contraseña) a través de un parámetro vacío sort_mode en (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, y (21) tiki-webmail_contacts.php,lo cual revela la información en ciertos mensajes de error de la base de datos. • https://www.exploit-db.com/exploits/2701 http://secunia.com/advisories/22678 http://secunia.com/advisories/23039 http://security.gentoo.org/glsa/glsa-200611-11.xml http://securityreason.com/securityalert/1816 http://www.securityfocus.com/archive/1/450268/100/0/threaded http://www.securityfocus.com/bid/20858 http://www.vupen.com/english/advisories/2006/4316 https://exchange.xforce.ibmcloud.com/vulnerabilities/29960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •