Show filters
154 Total Results
Displaying 131-140 of 154
Sort by:
Attacker Value
Unknown
CVE-2006-6168
Disclosure Date: November 29, 2006 (last updated October 04, 2023)
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
0
Attacker Value
Unknown
CVE-2006-6162
Disclosure Date: November 29, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
0
Attacker Value
Unknown
CVE-2006-6163
Disclosure Date: November 29, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
0
Attacker Value
Unknown
CVE-2006-5703
Disclosure Date: November 04, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
0
Attacker Value
Unknown
CVE-2006-5702
Disclosure Date: November 04, 2006 (last updated October 04, 2023)
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
0
Attacker Value
Unknown
CVE-2006-4734
Disclosure Date: September 13, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
0
Attacker Value
Unknown
CVE-2006-4602
Disclosure Date: September 07, 2006 (last updated October 04, 2023)
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
0
Attacker Value
Unknown
CVE-2006-4299
Disclosure Date: August 23, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
0
Attacker Value
Unknown
CVE-2006-3047
Disclosure Date: June 16, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
0
Attacker Value
Unknown
CVE-2006-3048
Disclosure Date: June 16, 2006 (last updated October 04, 2023)
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
0
