10 matches found
EUVD-2007-5654
Malware in sbrugna...
CVE-2007-5423
creationtimestamp| type| source ---|---|--- 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16911 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/tikiwikigraphformulaexec.rb 2025-02-06 03:13:38+00:0...
TikiWiki tiki-graph_formula Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'TikiWiki...
Gentoo Security Advisory GLSA 200711-19 (tikiwiki)
The remote host is missing updates announced in advisory GLSA 200711-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
GLSA-200711-19 : TikiWiki: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200711-19 TikiWiki: Multiple vulnerabilities Stefan Esser reported that a previous vulnerability CVE-2007-5423, GLSA 200710-21 was not properly fixed in TikiWiki 1.9.8.1 CVE-2007-5682. The TikiWiki development team also added...
TikiWiki: Multiple vulnerabilities
Background TikiWiki is an open source content management system written in PHP. Description Stefan Esser reported that a previous vulnerability CVE-2007-5423, GLSA 200710-21 was not properly fixed in TikiWiki 1.9.8.1 CVE-2007-5682. The TikiWiki development team also added several checks to avoid...
CVE-2007-5423
tiki-graphformula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by createfunction...
Immunity Canvas: TIKIWIKI_EXEC
Name| tikiwikiexec ---|--- CVE| CVE-2007-5423 Exploit Pack| CANVAS Description| TikiWiki function create exploit Notes| CVSS: 7.5 Repeatability: Infinite VENDOR: Tikiwiki CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423 CVE Name: CVE-2007-5423...
CVE-2007-5423
Summary: CVE-2007-5423 affects TikiWiki up to version 1.9.8, where tiki-graph_formula.php unsafely processes input in the f array via create_function(), enabling remote PHP code execution with the web server’s privileges. This is evidenced by multiple public advisories and exploit references (Met...
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the 'f' parameter of the 'tiki-graphformula.php' script before using it as a function call. Regardless of PHP's 'registerglobals' setting, an...