Vulnerabilities > Tiki > Tikiwiki CMS Groupware > 1.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-03 | CVE-2008-5318 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. | 5.0 |
2008-08-13 | CVE-2008-3654 | Remote Security vulnerability in TikiWiki Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. | 5.0 |
2008-08-13 | CVE-2008-3653 | Remote Security vulnerability in TikiWiki Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. | 10.0 |
2008-02-27 | CVE-2008-1047 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-27 | CVE-2007-6529 | Remote Security vulnerability in TikiWiki Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. | 10.0 |
2007-12-27 | CVE-2007-6528 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-27 | CVE-2007-6526 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. | 4.3 |
2007-10-26 | CVE-2007-5684 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. | 7.5 |
2007-10-26 | CVE-2007-5683 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. | 4.3 |
2007-10-26 | CVE-2007-5682 | Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | 7.5 |