Page 3 of 56 results (0.011 seconds)

CVSS: 9.8EPSS: 94%CPEs: 2EXPL: 5

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. TikiWiki CMS/Groupware anterior a v6.7 LTS y anterior a v8.4 permite a atacantes remotos ejecutar código arbitrario PHP mediante un objeto serializado manipulado en el parámetro (1) cookieName para lib/banners/bannerlib.php; (2) printpages o (3) el parámetro printstructures para (a) tiki-print_multi_pages.php o (b) tiki-print_pages.php; o (4) sendpages, (5) sendstructures, o (6) el parámetro sendarticles para to tiki-send_objects.php, el cual no es correctamente procesado por la función unserialize Tiki Wiki CMS Groupware versions 8.3 and below suffer from an unserialize() PHP code execution vulnerability. • https://www.exploit-db.com/exploits/19573 https://www.exploit-db.com/exploits/19630 http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html http://dev.tiki.org/item4109 http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS http://info.tiki.org/article191-Tiki-Releases-8-4 http://osvdb.org/83534 http://www.exploit-db.com/exploits/19573 http://www.exploit-db.com/exploits/19630 http://www.securityfocus.com/bid/54298 https://exchang • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 1

Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en tiki-cookie-jar.php en TikiWiki CMS/Groupware, antes de v8.2 y LTS antes de v6.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros de su elección. Tiki Wiki CMS Groupware versions 8.1 and 6.4 LTS suffer from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36470 http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available http://secunia.com/advisories/47278 http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt http://www.osvdb.org/77966 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. El método Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a "persistent login", probablemente a través de la generación de cookies predecibles basadas en la dirección IP a el agente User sobre userslib.php. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62801 http://secunia.com/advisories/38882 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56771 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. La función user_logout en TikiWiki CMS/Groupware v4.x anteriores a v4.2 no borra de forma adecuada las cookies de login del usuario, lo que permite a atacantes remotos obtener acceso a traves de reutilizar la cookie. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://secunia.com/advisories/38896 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56770 • CWE-255: Credentials Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. Multiples vulnerabilidades de inyección SQL en TikiWiki CMS/Groupware v4.x anteriores a v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través vectores no especificados, probablemente relativo a (1) tiki-searchindex.php y (2) tiki-searchresults.php. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62800 http://secunia.com/advisories/38896 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •