CVE-2006-3047
https://notcve.org/view.php?id=CVE-2006-3047
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki v1.9.3.2 y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores de ataque desconocidos • http://secunia.com/advisories/20648 http://secunia.com/advisories/20850 http://securityreason.com/securityalert/1102 http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840 http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml http://www.securityfocus.com/archive/1/437017/100/0/threaded http://www.securityfocus.com/bid/18421 http://www.vupen.com/english/advisories/2006/2349 https://exchange.xforce.ibmcloud.com/vulnerabilities/27145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-3048
https://notcve.org/view.php?id=CVE-2006-3048
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Vulnerabilidad de inyección SQL en TikiWiki v1.9.3.2 y posiblemente en versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/20648 http://secunia.com/advisories/20850 http://securityreason.com/securityalert/1102 http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml http://www.securityfocus.com/archive/1/437017/100/0/threaded http://www.securityfocus.com/bid/18421 http://www.vupen.com/english/advisories/2006/2349 https://exchange.xforce.ibmcloud.com/vulnerabilities/27146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-2635 – TikiWiki 1.9 - 'tiki-lastchanges.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2635
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php. • https://www.exploit-db.com/exploits/27917 http://secunia.com/advisories/20334 http://securityreason.com/securityalert/976 http://tikiwiki.org/tiki-read_article.php?articleId=131 http://www.osvdb.org/26048 http://www.osvdb.org/26049 http://www.osvdb.org/26050 http://www.osvdb.org/26051 http://www.osvdb.org/26052 http://www.osvdb.org/26053 http://www.osvdb.org/26054 http://www.osvdb.org/26055 http://www.osvdb.org/26056 http://www.osvdb.org/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-1925
https://notcve.org/view.php?id=CVE-2005-1925
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. • http://securitytracker.com/id?1015190 http://www.idefense.com/application/poi/display?id=335&type=vulnerabilities http://www.idefense.com/application/poi/display?id=337&type=vulnerabilities http://www.securityfocus.com/bid/15390 http://www.securityfocus.com/bid/15392 https://exchange.xforce.ibmcloud.com/vulnerabilities/23095 https://exchange.xforce.ibmcloud.com/vulnerabilities/23099 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-3529
https://notcve.org/view.php?id=CVE-2005-3529
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. TikiWiki versions 1.9.x up to and including 1.9.2 suffer from a cross site scripting vulnerability and possible SQL injection vulnerabilities. • http://moritz-naumann.com/adv/0003/tikiw/0003.txt http://secunia.com/advisories/17521 http://securityreason.com/securityalert/165 http://www.osvdb.org/20711 http://www.securityfocus.com/archive/1/416152/30/0/threaded http://www.vupen.com/english/advisories/2005/2376 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •