CVSS: 9.8EPSS: 77%CPEs: 2EXPL: 7CVE-2012-0911 – Tiki Wiki unserialize() PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-0911
04 Jul 2012 — TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. TikiWiki CMS/Groupware anterior a v6.7 LTS... • https://packetstorm.news/files/id/114479 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 3%CPEs: 1EXPL: 3CVE-2011-4558 – Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
https://notcve.org/view.php?id=CVE-2011-4558
23 Dec 2011 — Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. Tiki versión 8.2 y anteriores, permiten a administradores remotos ejecutar código PHP arbitrario por medio de una entrada diseñada a los parámetros regexres y regex. Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php. • https://packetstorm.news/files/id/108111 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 3%CPEs: 24EXPL: 2CVE-2011-4551 – Tiki Wiki CMS Groupware 8.1 - 'show_errors' HTML Injection
https://notcve.org/view.php?id=CVE-2011-4551
20 Dec 2011 — Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en tiki-cookie-jar.php en TikiWiki CMS/Groupware, antes de v8.2 y LTS antes de v6.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros de su elección. Tiki Wiki CMS Groupware versi... • https://packetstorm.news/files/id/108036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2011-4454 – Tiki Wiki CMS Groupware Cross Site Scripting
https://notcve.org/view.php?id=CVE-2011-4454
17 Nov 2011 — Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versión 8.0 RC1 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-remind_password.php, (2) tiki-index.php, (... • https://packetstorm.news/files/id/107082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4455 – Tiki Wiki CMS Groupware Cross Site Scripting
https://notcve.org/view.php?id=CVE-2011-4455
17 Nov 2011 — Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versiones 7.2 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-admin_system.php, (2) tiki-pagehis... • https://packetstorm.news/files/id/107082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1134
https://notcve.org/view.php?id=CVE-2010-1134
26 Mar 2010 — SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. Vulnerabilidad de inyección SQL en la función _find en searchlib.php en TikiWiki CMS/Groupware v3.x anteriores a v3.5 , permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable $searchDate • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2010-1135
https://notcve.org/view.php?id=CVE-2010-1135
26 Mar 2010 — The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. La función user_logout en TikiWiki CMS/Groupware v4.x anteriores a v4.2 no borra de forma adecuada las cookies de login del usuario, lo que permite a atacantes remotos obtener acceso a traves de reutilizar la cookie. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1136
https://notcve.org/view.php?id=CVE-2010-1136
26 Mar 2010 — The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. El método Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a "persistent login", probablemente a través de la generación de cookies predecibles basadas en ... • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2010-1133
https://notcve.org/view.php?id=CVE-2010-1133
26 Mar 2010 — Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. Multiples vulnerabilidades de inyección SQL en TikiWiki CMS/Groupware v4.x anteriores a v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través vectores no especificados, probablemente relativo a (1) tiki-searchindex.php y (2) tiki-searchresults.php... • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1574
https://notcve.org/view.php?id=CVE-2003-1574
24 Aug 2009 — TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. TikiWiki v1.6.1 permite a usuarios remotos evitar la autenticación introduciendo un nombre de usuario válido con un password arbitrario. Vulnerabilidad posiblemente relacionada con la característica "Remember Me" de Internet Explorer. NOTA: algunos de los... • http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846 • CWE-287: Improper Authentication •