|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 165 CVE : CVE-2005-3529 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Moritz Naumann Published : 10.11.2005
Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0003 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Multiple security issues in TikiWiki 1.9.x +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 09, 2005 PUBLISHED AT http://moritz-naumann.com/adv/0003/tikiw/0003.txt http://moritz-naumann.com/adv/0003/tikiw/0003.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ info AT moritz HYPHON naumann D0T com GPG key: http://moritz-naumann.com/keys/0x277F060C.asc AFFECTED APPLICATION OR SERVICE TikiWiki http://tikiwiki.org/ AFFECTED VERSION 1.9.x up to and including 1.9.2 Possibly versions < 1.9 (untested) BACKGROUND "Tikiwiki is a full featured Free Software (GNU/LGPL) Wiki/CMS/Groupware written in PHP and maintained by an active and international community of benevolent contributors." ISSUE 1 (XSS) A XSS vulnerability has been detected in the fora code of TikiWiki. The problem is caused by insufficient input sanitation. The following partial URL demonstrates the issue: [baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topic s_offset=10%22%20onmouseover='javascript:alert(document.title)%3B'%3E[PL EASE%20MOVE%20YOUR%20MOUSE%20POINTER%20HERE!]%20%3Cx%20y=%22 Please move your mouse pointer over the input field which says so. ISSUE 2 (Information Disclosure, possible SQL injection) The application discloses the installation path. This *may* also be useable to craft an SQL injection. The following partial URL demonstrates the issue: [baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topic s_sort_mode=FOOBAH WORKAROUND Issue 1: Disable Javascript (client) or deny access to TikiWiki (server). Issue 2: Set PHP to log errors to file only (issue 2). SOLUTIONS We are not aware of a maintainer provided fix. TIMELINE Oct 6, 2005: Maintainer informed Oct 6, 2005: First maintainer reply Oct 14, 2005: Request for additional information sent to maintainer [in between]: issues fixed on maintainer website Nov 09, 2005: Public disclosure REFERENCES Issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3528 Issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3529 ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany http://creativecommons.org/licenses/by-sa/2.0/de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDcieHn6GkvSd/BgwRAvmjAJ0bAOZ/wvtJ6cxo0I6qbq09kMl8MgCZAYwp g/uC6sZOj1V9DCXo8XdOv3U= =IJXk -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |