Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

TikiWiki Sql injection & XSS Vulnerabilities
From: "bug () securitynews ir" <bug () securitynews ir>
Date: Wed, 14 Jun 2006 00:53:37 +0430
----------------------------------------------------------------
[#] Security Advisory
[^] http://securitynews.ir/

[>] Advisory Title: TikiWiki Sql injection & XSS Vulnerabilities
[ () ] Author : bug [ () ] securitynews.ir
[$] Product Vendor : http://tikiwiki.org/
[.] Affected Versions : 1.9.3.2 (and maybe before)
[/] Release Date : 06/13/2006
----------------------------------------------------------------
[*] Overview :
Tikiwiki is a very powerful multilingual Wiki/CMS/Groupware, but
it has some security bugs too .
One sql injection and several cross-site scripting bugs have
been found in tikiwiki 1.9.3.2 (and tested in 1.9.3.1) .

[*] Details :
No exploitable detail is going to be released .

[*] Solution :
Vendor contacted on 06/09/2006 and they have been released a new
version (tikiwiki 1.9.4) :
http://sourceforge.net/project/showfiles.php?group_id=64258

------------------------------
http://securitynews.ir/

  By Date           By Thread  

Current thread:
  • TikiWiki Sql injection & XSS Vulnerabilities bug () securitynews ir (Jun 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]