Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
91
security advisorygentooremote attackGentoo: GLSA-200801-10 Low Severity TikiWiki Multiple Risks
Multiple vulnerabilities have been discovered in TikiWiki, some of them having unknown impact.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: TikiWiki: Multiple vulnerabilities Date: January 23, 2008 Bugs: #203265 ID: 200801-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in TikiWiki, some of them having unknown impact. Background ========= TikiWiki is an open source content management system written in PHP. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.9 > = 1.9.9 Description ========== * Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the "movies" parameter in file tiki-listmovies.php (CVE-2007-6528). * Mesut Timur from H-Labs discovered that the input passed to the "area_name" parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user (CVE-2007-6526). * redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php (CVE-2007-6529). Impact ===== A remote attacker can craft the "movies" parameter to run a directory traversal attack through a ".." sequence and read the first 1000 bytes of any arbitrary file, or conduct a cross-site scripting (XSS) attack through the "area_name" parameter. This attack can be exploited to execute arbitrary HTMLand script code in a user's browser session, allowing for the theft of browser session data or cookies in the context of the affected web site. The impacts of the unspecified vulnerabilities are still unknown. Workaround ========= There is no known workaround at this time. Resolution ========= All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.9.9" References ========= [ 1 ] CVE-2007-6526 https://www.cve.org/CVERecord?id=CVE-2007-6526 [ 2 ] CVE-2007-6528 https://www.cve.org/CVERecord?id=CVE-2007-6528 [ 3 ] CVE-2007-6529 https://www.cve.org/CVERecord?id=CVE-2007-6529 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200801-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 24, 2008
•Low
Gentoo
91
security advisorygentooxss issueGentoo: GLSA-202311-02 Critical: TikiWiki Database Setup Security Flaw
TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TikiWiki: Multiple vulnerabilities Date: November 20, 2006 Bugs: #153820 ID: 200611-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks. Background ========= TikiWiki is an open source content management system written in PHP. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.6 > = 1.9.6 Description ========== In numerous files TikiWiki provides an empty sort_mode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also improperly sanitizes the "url" request variable sent to tiki-featured_link.php. Impact ===== An attacker could cause a database error in various pages of a TikiWiki instance by providing an empty sort_mode request variable, and gain unauthorized access to credentials of the MySQL databases used by TikiWiki. An attacker could also entice a user to browse to a specially crafted URL that could run scripts in the scope of the user's browser. Workaround ========= There is no known workaround at this time. Resolution ========= All TikiWiki users should upgrade to thelatest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.9.6" References ========= [ 1 ] CVE-2006-5702 https://www.cve.org/CVERecord?id=CVE-2006-5702 [ 2 ] CVE-2006-5703 https://www.cve.org/CVERecord?id=CVE-2006-5703 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200611-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 20, 2006
•Critical
Gentoo
91
security advisorygentoosql injectionGentoo: GLSA-200606-29 Normal: Tikiwiki SQL Injection and XSS Threats
An SQL injection vulnerability and multiple XSS vulnerabilities have been discovered.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200606-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tikiwiki: SQL injection and multiple XSS vulnerabilities Date: June 29, 2006 Bugs: #136723, #134483 ID: 200606-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= An SQL injection vulnerability and multiple XSS vulnerabilities have been discovered. Background ========= Tikiwiki is a web-based groupware and content management system (CMS), using PHP, ADOdb and Smarty. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.4 > = 1.9.4 Description ========== Tikiwiki fails to properly sanitize user input before processing it, including in SQL statements. Impact ===== An attacker could execute arbitrary SQL statements on the underlying database, or inject arbitrary scripts into the context of a user's browser. Workaround ========= There is no known workaround at this time. Resolution ========= All Tikiwiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.9.4" References ========= [ 1 ] CVE-2006-3048 https://www.cve.org/CVERecord?id=CVE-2006-3048 [ 2 ] CVE-2006-3047 https://www.cve.org/CVERecord?id=CVE-2006-3047 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200606-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jun 29, 2006
Gentoo
91
security advisoryhigh severitygentooHigh Severity GLSA-200508-14: TikiWiki and eGroupWare XML-RPC Vulnerability
TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to arbitrary command execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC Date: August 24, 2005 Bugs: #102374, #102377 ID: 200508-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to arbitrary command execution. Background ========= TikiWiki is a full featured Free Software Wiki, CMS and Groupware written in PHP. eGroupWare is a web-based collaboration software suite. Both TikiWiki and eGroupWare include a PHP library to handle XML-RPC requests. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.8.5-r2 > = 1.8.5-r2 2 www-apps/egroupware < 1.0.0.009 > = 1.0.0.009 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Impact ===== A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to TikiWiki oreGroupWare. Workaround ========= There is no known workaround at this time. Resolution ========= All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.8.5-r2" All eGroupWare users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/egroupware-1.0.0.009" References ========= [ 1 ] CAN-2005-2498 https://www.cve.org/CVERecord?id=CAN-2005-2498 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200508-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 24, 2005
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA-200507-07 Urgent: TikiWiki Remote Code Execution Issue
TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TikiWiki: Arbitrary command execution through XML-RPC Date: July 06, 2005 Bugs: #97648 ID: 200507-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution. Background ========= TikiWiki is a web-based groupware and content management system (CMS), using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.8.5-r1 > = 1.8.5-r1 Description ========== TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact ===== A remote attacker could exploit this vulnerability to execute arbitrary PHP code by sending specially crafted XML data. Workaround ========= There is no known workaround at this time. Resolution ========= All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.8.5-r1" References ========= [ 1 ] GLSA 200507-01 https://security.gentoo.org/glsa/200507-01 [ 2 ] CAN-2005-1921 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200507-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 06, 2005
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA-200501-41 High: TikiWiki Command Execution Risk
A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200501-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TikiWiki: Arbitrary command execution Date: January 30, 2005 Bugs: #78944 ID: 200501-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts. Background ========= TikiWiki is a web-based groupware and content management system (CMS), using PHP, ADOdb and Smarty. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.8.5 > = 1.8.5 Description ========== TikiWiki does not validate files uploaded to the "temp" directory. Impact ===== A malicious user could run arbitrary commands on the server by uploading and calling a PHP script. Workaround ========= There is no known workaround at this time. Resolution ========= All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.8.5" References ========= [ 1 ] TikiWiki Advisory https://tiki.org/art102 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200501-41 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us.Any security concerns should be addressed to
Jan 30, 2005
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA-200501-12 High: TikiWiki Arbitrary Command Execution
A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200501-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TikiWiki: Arbitrary command execution Date: January 10, 2005 Bugs: #75568 ID: 200501-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts. Background ========= TikiWiki is a web-based groupware and content management system (CMS), using PHP, ADOdb and Smarty. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.8.4.1 > = 1.8.4.1 Description ========== TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact ===== A malicious user could run arbitrary commands on the server by uploading and calling a PHP script. Workaround ========= There is no known workaround at this time. Resolution ========= All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/tikiwiki-1.8.4.1" References ========= [ 1 ] TikiWiki Advisory https://tiki.org/tiki-read_article.php Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200501-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is ofutmost importance to us. Any security concerns should be addressed to
Jan 10, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!