Filtered by vendor Tiki
Subscribe
Total
84 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1927 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||||
CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | |||||
CVE-2004-1928 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | N/A |
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | |||||
CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 5.0 MEDIUM | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. |