Vulnerabilities > Tiki > Tikiwiki CMS Groupware > 1.8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-12-27 | CVE-2007-6529 | Remote Security vulnerability in TikiWiki Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. | 10.0 |
2007-12-27 | CVE-2007-6528 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-27 | CVE-2007-6526 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. | 4.3 |
2007-10-26 | CVE-2007-5684 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. | 7.5 |
2007-10-26 | CVE-2007-5683 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. | 4.3 |
2007-10-26 | CVE-2007-5682 | Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | 7.5 |
2006-11-29 | CVE-2006-6168 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." | 7.5 |
2006-11-29 | CVE-2006-6163 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | 4.3 |
2006-06-16 | CVE-2006-3048 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2006-06-16 | CVE-2006-3047 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |