CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 4CVE-2007-5423 – TikiWiki 1.9.8 - Remote PHP Injection
https://notcve.org/view.php?id=CVE-2007-5423
12 Oct 2007 — tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. El archivo tiki-graph_formula.php en TikiWiki versión 1.9.8, permite a atacantes remotos ejecutar código arbitrario por medio de secuencias PHP en el parámetro array f, que son procesadas mediante create_function. • https://www.exploit-db.com/exploits/4509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4554
https://notcve.org/view.php?id=CVE-2007-4554
28 Aug 2007 — Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en tiki-remind_password.php en Tikiwiki (también conocido como Tiki CMS/Groupware) 1.9.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro usernam... • http://secunia.com/advisories/26618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-6457
https://notcve.org/view.php?id=CVE-2006-6457
11 Dec 2006 — tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message. tiki-wiki_rss.php en Tikiwiki 1.9.5, 1.9.2, y posiblemente otras versiones permite a atacantes remotos obtener información sensible (nombre de usuario y contraseña MySQL) mediante un parámetro ver inválido (largo o negativo), lo cual filtra la información... • http://www.securityfocus.com/archive/1/452639/100/200/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 0CVE-2006-6168
https://notcve.org/view.php?id=CVE-2006-6168
29 Nov 2006 — tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." tiki-register.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos disparar "notificación de spam" mediante vectores no especificados como una lista de direcciones separadas por coma en el campo email, relacionado con la falta de "un mínimo chequeo en email". • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6162
https://notcve.org/view.php?id=CVE-2006-6162
29 Nov 2006 — Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-edit_structures.php en el TikiWiki 1.9.6 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante e... • http://secunia.com/advisories/22850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6163
https://notcve.org/view.php?id=CVE-2006-6163
29 Nov 2006 — Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-setup_base.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos inyectar código JavaScript de su elección mediante parámetros no especificados. • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 56%CPEs: 1EXPL: 3CVE-2006-5702 – TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure
https://notcve.org/view.php?id=CVE-2006-5702
04 Nov 2006 — Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-lis... • https://packetstorm.news/files/id/180779 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 12%CPEs: 1EXPL: 2CVE-2006-5703 – TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure
https://notcve.org/view.php?id=CVE-2006-5703
04 Nov 2006 — Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-featured_link.php en Tikiwiki 1.9.5 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de un parámetro url que eluden el filtro, como ... • https://www.exploit-db.com/exploits/2701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-4734
https://notcve.org/view.php?id=CVE-2006-4734
13 Sep 2006 — Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. Múltiples vulnerabilidades de inyección SQL en tiki-g-admin_processes.php en Tikiwiki 1.9.4 permiten a atacantes remotos ejecutar comandos SQL de su elección mediante los parámetros (1) pid y (2) where. • http://securityreason.com/securityalert/1544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 82%CPEs: 1EXPL: 3CVE-2006-4602 – TikiWiki 1.9 Sirius - 'jhot.php' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-4602
07 Sep 2006 — Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. Vulnerabilidad de actualización de fichero no restringida en jhot.php en TikiWiki 1.9.4 Sirius y anteriores, permite a un atacante remoto ejecutar código PHP de su elección a través del parámetro filepath que contiene un nombre de fichero con una exte... • https://www.exploit-db.com/exploits/2288 •