NotCVE - vendor:"Tiki" product:"Tikiwiki Cms\/groupware" version:" <= 6.3"

Page 5 of 56 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1

CVE-2006-3047

https://notcve.org/view.php?id=CVE-2006-3047

16 Jun 2006 — Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki v1.9.3.2 y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores de ataque desconocidos • http://secunia.com/advisories/20648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2006-3048

https://notcve.org/view.php?id=CVE-2006-3048

16 Jun 2006 — SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Vulnerabilidad de inyección SQL en TikiWiki v1.9.3.2 y posiblemente en versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/20648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 13%CPEs: 18EXPL: 3

CVE-2006-2635 – TikiWiki 1.9 - 'tiki-lastchanges.php' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2006-2635

30 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated... • https://www.exploit-db.com/exploits/27917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2

CVE-2005-3528

https://notcve.org/view.php?id=CVE-2005-3528

20 Nov 2005 — Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. • http://moritz-naumann.com/adv/0003/tikiw/0003.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2005-3529

https://notcve.org/view.php?id=CVE-2005-3529

20 Nov 2005 — tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. • http://moritz-naumann.com/adv/0003/tikiw/0003.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2005-1925

https://notcve.org/view.php?id=CVE-2005-1925

18 Nov 2005 — Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. • http://securitytracker.com/id?1015190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2005-3283

https://notcve.org/view.php?id=CVE-2005-3283

23 Oct 2005 — Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://bugs.gentoo.org/show_bug.cgi?id=109858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 86%CPEs: 6EXPL: 5

CVE-2005-1921 – PHPXMLRPC < 1.1 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2005-1921

01 Jul 2005 — Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. • https://www.exploit-db.com/exploits/43829 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-0200

https://notcve.org/view.php?id=CVE-2005-0200

06 Feb 2005 — TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. • http://secunia.com/advisories/13948 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2004-1386

https://notcve.org/view.php?id=CVE-2004-1386

31 Dec 2004 — TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. • http://securitytracker.com/id?1012700 • CWE-20: Improper Input Validation •

1...3 4 5 6