LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

tikiwiki: multiple vulnerabilities

Package(s):tikiwiki CVE #(s):CVE-2007-6528 CVE-2007-6526 CVE-2007-6529
Created:January 24, 2008 Updated:January 30, 2008
Description: From the Gentoo alert:

Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the "movies" parameter in file tiki-listmovies.php (CVE-2007-6528).

Mesut Timur from H-Labs discovered that the input passed to the "area_name" parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user (CVE-2007-6526).

redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php (CVE-2007-6529).

Alerts:
Gentoo 200801-10 2008-01-23
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds