Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1925

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1925
Last Modified 24 Oct 2012 12:00:00
Published 18 Nov 2005 01:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1925

Summary

Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.

Vulnerable Systems

Application

  • Tikiwiki Cms%2fgroupware 1.6.1

  • Tikiwiki Cms%2fgroupware 1.9.0

  • Tikiwiki Project Tikiwiki 0.9

  • Tikiwiki Project Tikiwiki 0.95

  • Tikiwiki Project Tikiwiki 1.1

  • Tikiwiki Project Tikiwiki 1.2

  • Tikiwiki Project Tikiwiki 1.3

  • Tikiwiki Project Tikiwiki 1.4

  • Tikiwiki Project Tikiwiki 1.4.1

  • Tikiwiki Project Tikiwiki 1.4.2

  • Tikiwiki Project Tikiwiki 1.5

  • Tikiwiki Project Tikiwiki 1.6

  • Tikiwiki Project Tikiwiki 1.7

  • Tikiwiki Project Tikiwiki 1.7.1

  • Tikiwiki Project Tikiwiki 1.7.1.1

  • Tikiwiki Project Tikiwiki 1.8

  • Tikiwiki Project Tikiwiki 1.8.1

  • Tikiwiki Project Tikiwiki 1.8.2

  • Tikiwiki Project Tikiwiki 1.8.3

  • Tikiwiki Project Tikiwiki 1.8.4

  • Tikiwiki Project Tikiwiki 1.8.5

  • Tikiwiki Project Tikiwiki 1.8.6

  • Tikiwiki Project Tikiwiki 1.9


References

IDEFENSE - 20051110 Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability

IDEFENSE - 20051110 Tikiwiki tiki-user_preferences Command Injection Vulnerability

XF - tikiwiki-tikiuserpreferences-dir-traversal(23099)

XF - tikiwiki-tikieditpage-directory-traversal(23095)

BID - 15392

BID - 15390

SECTRACK - 1015190


Last Updated: 27 May 2016 11:01:15