CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6162
https://notcve.org/view.php?id=CVE-2006-6162
29 Nov 2006 — Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-edit_structures.php en el TikiWiki 1.9.6 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante e... • http://secunia.com/advisories/22850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2006-6163
https://notcve.org/view.php?id=CVE-2006-6163
29 Nov 2006 — Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-setup_base.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos inyectar código JavaScript de su elección mediante parámetros no especificados. • http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 56%CPEs: 1EXPL: 3CVE-2006-5702 – TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure
https://notcve.org/view.php?id=CVE-2006-5702
04 Nov 2006 — Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-lis... • https://packetstorm.news/files/id/180779 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 12%CPEs: 1EXPL: 2CVE-2006-5703 – TikiWiki 1.9.5 Sirius - 'sort_mode' Information Disclosure
https://notcve.org/view.php?id=CVE-2006-5703
04 Nov 2006 — Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-featured_link.php en Tikiwiki 1.9.5 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de un parámetro url que eluden el filtro, como ... • https://www.exploit-db.com/exploits/2701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-4734
https://notcve.org/view.php?id=CVE-2006-4734
13 Sep 2006 — Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. Múltiples vulnerabilidades de inyección SQL en tiki-g-admin_processes.php en Tikiwiki 1.9.4 permiten a atacantes remotos ejecutar comandos SQL de su elección mediante los parámetros (1) pid y (2) where. • http://securityreason.com/securityalert/1544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 82%CPEs: 1EXPL: 3CVE-2006-4602 – TikiWiki 1.9 Sirius - 'jhot.php' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-4602
07 Sep 2006 — Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. Vulnerabilidad de actualización de fichero no restringida en jhot.php en TikiWiki 1.9.4 Sirius y anteriores, permite a un atacante remoto ejecutar código PHP de su elección a través del parámetro filepath que contiene un nombre de fichero con una exte... • https://www.exploit-db.com/exploits/2288 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4299
https://notcve.org/view.php?id=CVE-2006-4299
23 Aug 2006 — Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-searchindex.php en TikiWiki 1.9.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro highlight. N... • http://secunia.com/advisories/21536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2006-3047
https://notcve.org/view.php?id=CVE-2006-3047
16 Jun 2006 — Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki v1.9.3.2 y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores de ataque desconocidos • http://secunia.com/advisories/20648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2006-3048
https://notcve.org/view.php?id=CVE-2006-3048
16 Jun 2006 — SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Vulnerabilidad de inyección SQL en TikiWiki v1.9.3.2 y posiblemente en versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/20648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 13%CPEs: 18EXPL: 3CVE-2006-2635 – TikiWiki 1.9 - 'tiki-lastchanges.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2635
30 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "