CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2010-1136
https://notcve.org/view.php?id=CVE-2010-1136
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. El método Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a "persistent login", probablemente a través de la generación de cookies predecibles basadas en la dirección IP a el agente User sobre userslib.php. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62801 http://secunia.com/advisories/38882 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56771 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2010-1133
https://notcve.org/view.php?id=CVE-2010-1133
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. Multiples vulnerabilidades de inyección SQL en TikiWiki CMS/Groupware v4.x anteriores a v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través vectores no especificados, probablemente relativo a (1) tiki-searchindex.php y (2) tiki-searchresults.php. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62800 http://secunia.com/advisories/38896 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1134
https://notcve.org/view.php?id=CVE-2010-1134
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. Vulnerabilidad de inyección SQL en la función _find en searchlib.php en TikiWiki CMS/Groupware v3.x anteriores a v3.5 , permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable $searchDate • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62800 http://secunia.com/advisories/38882 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25429 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1574
https://notcve.org/view.php?id=CVE-2003-1574
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. TikiWiki v1.6.1 permite a usuarios remotos evitar la autenticación introduciendo un nombre de usuario válido con un password arbitrario. Vulnerabilidad posiblemente relacionada con la característica "Remember Me" de Internet Explorer. NOTA: algunos de los detalles han sido obtenidos de terceras partes. • http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846 http://www.securityfocus.com/bid/14170 https://exchange.xforce.ibmcloud.com/vulnerabilities/40347 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 8CVE-2009-1204 – TikiWiki 2.2/3.0 - 'tiki-galleries.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1204
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki (Tiki) CMS/Groupware v2.2 permite a atacantes remotos inyectar web script o HTML a través de la parte PHP_SELF de una URI de (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, y (4) tiki-orphan_pages.php. • https://www.exploit-db.com/exploits/32852 https://www.exploit-db.com/exploits/32854 https://www.exploit-db.com/exploits/32853 http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc http://info.tikiwiki.org/tiki-read_article.php?articleId=51 http://secunia.com/advisories/34273 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •