High

DATE	CVE	VULNERABILITY TITLE	RISK
2009-08-24	CVE-2003-1574	Improper Authentication vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. network low complexity tiki CWE-287	7.5
2007-10-26	CVE-2007-5684	Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. network low complexity tiki CWE-22	7.5
2007-10-26	CVE-2007-5682	Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. network low complexity tiki CWE-264	7.5
2007-10-12	CVE-2007-5423	Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.8 tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. network low complexity tiki CWE-94	7.5
2006-11-29	CVE-2006-6168	Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." network low complexity tiki CWE-20	7.5
2006-09-13	CVE-2006-4734	SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. network low complexity tiki CWE-89	7.5
2006-09-07	CVE-2006-4602	Remote Command Execution vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. network low complexity tiki	7.5
2006-06-16	CVE-2006-3048	SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. network low complexity tiki CWE-89	7.5
2005-11-18	CVE-2005-1925	Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1/1.9.0 Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. network low complexity tiki CWE-22	7.5
2005-05-02	CVE-2005-0200	Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. network low complexity tiki CWE-20	7.5