Vulnerabilities > Tiki
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-27 | CVE-2010-1136 | Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. | 7.5 |
2010-03-27 | CVE-2010-1135 | Credentials Management vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | 7.5 |
2010-03-27 | CVE-2010-1134 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. | 7.5 |
2010-03-27 | CVE-2010-1133 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. | 7.5 |
2009-08-24 | CVE-2003-1574 | Improper Authentication vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. | 7.5 |
2009-04-01 | CVE-2009-1204 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 2.2 Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. | 4.3 |
2008-12-03 | CVE-2008-5319 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. | 5.0 |
2008-12-03 | CVE-2008-5318 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. | 5.0 |
2008-08-13 | CVE-2008-3654 | Remote Security vulnerability in TikiWiki Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. | 5.0 |
2008-08-13 | CVE-2008-3653 | Remote Security vulnerability in TikiWiki Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. | 10.0 |