Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDE4C62ABD-5065-11DB-A5AE-00508D6A62DF
HistoryAug 21, 2006 - 12:00 a.m.

tikiwiki -- multiple vulnerabilities

2006-08-2100:00:00
vuxml.freebsd.org
37

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.6%

JSON

Secunia reports:

Thomas Pollet has discovered a vulnerability in TikiWiki,
which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input passed to the “highlight” parameter in
tiki-searchindex.php is not properly sanitised before being
returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user’s browser session
in context of an affected site.

rgod has discovered a vulnerability in TikiWiki, which can
be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to the “jhot.php” script
not correctly verifying uploaded files. This can e.g. be
exploited to execute arbitrary PHP code by uploading a
malicious PHP script to the “img/wiki” directory.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtikiwiki< 1.9.5UNKNOWN

Related

openvas 5
nessus 3
gentoo 1
saint 4
nvd 2
ubuntucve 1
cve 2
packetstorm 1
cvelist 2
checkpoint_advisories 1
openvas
openvas
Gentoo Security Advisory GLSA 200609-16 (tikiwiki)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200609-16 (tikiwiki)
2008-09-24 00:00:00
FreeBSD Ports: tikiwiki
2008-09-04 00:00:00
nessus
nessus
GLSA-200609-16 : Tikiwiki: Arbitrary command execution
2006-09-27 00:00:00
FreeBSD : tikiwiki -- multiple vulnerabilities (e4c62abd-5065-11db-a5ae-00508d6a62df)
2006-10-02 00:00:00
TikiWiki jhot.php Arbitrary File Upload
2006-09-04 00:00:00
gentoo
gentoo
Tikiwiki: Arbitrary command execution
2006-09-26 00:00:00
saint
saint
TikiWiki file upload vulnerability (jhot.php)
2006-09-08 00:00:00
TikiWiki file upload vulnerability (jhot.php)
2006-09-08 00:00:00
TikiWiki file upload vulnerability (jhot.php)
2006-09-08 00:00:00
nvd
nvd
CVE-2006-4299
2006-08-23 01:04:00
CVE-2006-4602
2006-09-07 00:04:00
ubuntucve
ubuntucve
CVE-2006-4299
2006-08-23 00:00:00
cve
cve
CVE-2006-4602
2006-09-07 00:04:00
CVE-2006-4299
2006-08-23 01:04:00
packetstorm
packetstorm
TikiWiki jhot Remote Command Execution
2009-10-30 00:00:00
cvelist
cvelist
CVE-2006-4602
2006-09-07 00:00:00
CVE-2006-4299
2006-08-23 01:00:00
checkpoint_advisories
checkpoint_advisories
TikiWiki jhot.php Script File Upload Security Bypass (CVE-2006-4602)
2010-01-24 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.6%

JSON
Related for E4C62ABD-5065-11DB-A5AE-00508D6A62DF
openvas5nessus3gentoo1saint4nvd2ubuntucve1cve2packetstorm1cvelist2checkpoint_advisories1