CVE-2007-5682
https://notcve.org/view.php?id=CVE-2007-5682
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. Una vulnerabilidad de lista negra incompleta en el archivo tiki-graph_formula.php en TikiWiki versiones anteriores a 1.9.8.2, permite a atacantes remotos ejecutar código arbitrario mediante el uso de funciones variables y variables variantes para escribir variables cuyos nombres coincidan con la lista blanca, una vulnerabilidad diferente de CVE-2007-5423. • http://info.tikiwiki.org/tiki-read_article.php?articleId=15 http://osvdb.org/43610 http://www.securityfocus.com/archive/1/482908 http://www.securityfocus.com/bid/26220 http://www.sektioneins.de/advisories/SE-2007-01.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-6168
https://notcve.org/view.php?id=CVE-2006-6168
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." tiki-register.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos disparar "notificación de spam" mediante vectores no especificados como una lista de direcciones separadas por coma en el campo email, relacionado con la falta de "un mínimo chequeo en email". • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 http://www.vupen.com/english/advisories/2006/4709 • CWE-20: Improper Input Validation •
CVE-2006-6163
https://notcve.org/view.php?id=CVE-2006-6163
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-setup_base.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos inyectar código JavaScript de su elección mediante parámetros no especificados. • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 http://www.vupen.com/english/advisories/2006/4709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-3047
https://notcve.org/view.php?id=CVE-2006-3047
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki v1.9.3.2 y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores de ataque desconocidos • http://secunia.com/advisories/20648 http://secunia.com/advisories/20850 http://securityreason.com/securityalert/1102 http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840 http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml http://www.securityfocus.com/archive/1/437017/100/0/threaded http://www.securityfocus.com/bid/18421 http://www.vupen.com/english/advisories/2006/2349 https://exchange.xforce.ibmcloud.com/vulnerabilities/27145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-3048
https://notcve.org/view.php?id=CVE-2006-3048
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Vulnerabilidad de inyección SQL en TikiWiki v1.9.3.2 y posiblemente en versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/20648 http://secunia.com/advisories/20850 http://securityreason.com/securityalert/1102 http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml http://www.securityfocus.com/archive/1/437017/100/0/threaded http://www.securityfocus.com/bid/18421 http://www.vupen.com/english/advisories/2006/2349 https://exchange.xforce.ibmcloud.com/vulnerabilities/27146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •