CVE-2010-1135
https://notcve.org/view.php?id=CVE-2010-1135
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. La función user_logout en TikiWiki CMS/Groupware v4.x anteriores a v4.2 no borra de forma adecuada las cookies de login del usuario, lo que permite a atacantes remotos obtener acceso a traves de reutilizar la cookie. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://secunia.com/advisories/38896 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56770 • CWE-255: Credentials Management Errors •
CVE-2010-1133
https://notcve.org/view.php?id=CVE-2010-1133
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. Multiples vulnerabilidades de inyección SQL en TikiWiki CMS/Groupware v4.x anteriores a v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través vectores no especificados, probablemente relativo a (1) tiki-searchindex.php y (2) tiki-searchresults.php. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62800 http://secunia.com/advisories/38896 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-1134
https://notcve.org/view.php?id=CVE-2010-1134
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. Vulnerabilidad de inyección SQL en la función _find en searchlib.php en TikiWiki CMS/Groupware v3.x anteriores a v3.5 , permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable $searchDate • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62800 http://secunia.com/advisories/38882 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25429 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2003-1574
https://notcve.org/view.php?id=CVE-2003-1574
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. TikiWiki v1.6.1 permite a usuarios remotos evitar la autenticación introduciendo un nombre de usuario válido con un password arbitrario. Vulnerabilidad posiblemente relacionada con la característica "Remember Me" de Internet Explorer. NOTA: algunos de los detalles han sido obtenidos de terceras partes. • http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846 http://www.securityfocus.com/bid/14170 https://exchange.xforce.ibmcloud.com/vulnerabilities/40347 • CWE-287: Improper Authentication •
CVE-2009-1204 – TikiWiki 2.2/3.0 - 'tiki-galleries.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1204
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki (Tiki) CMS/Groupware v2.2 permite a atacantes remotos inyectar web script o HTML a través de la parte PHP_SELF de una URI de (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, y (4) tiki-orphan_pages.php. • https://www.exploit-db.com/exploits/32852 https://www.exploit-db.com/exploits/32854 https://www.exploit-db.com/exploits/32853 http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc http://info.tikiwiki.org/tiki-read_article.php?articleId=51 http://secunia.com/advisories/34273 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •