Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 153820
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 153820 depends on: Show dependency tree
Bug 153820 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-11-02 07:54 0000 
<quote>
/*==========================================*/
//tikiwiki version 1.9.5 (CVS) -Sirius-  (PoC)
// Product: Tikiwiki 
// URL: http://tikiwiki.org/
// RISK: critical
/*==========================================*/




there's a critical security bug in tikiwiki version 1.9.5 (CVS) -Sirius-
a anonymous user , can dump the mysql user & passwd just by creating a mysql
error with the "sort_mode" var , with those following links :
</quote>
<quote>

there's also a xss here :
/tiki-featured_link.php?type=f&url="
></iframe><scr</script>ipt>alert('XSS')</scri</script>pt> <!--

</quote>

------- Comment #1 From Matthias Geerdsen 2006-11-02 07:57:31 0000 ------- 
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=927&trackerId=5

- fixed for 1.9 CVS
- xss vulnerability fixed

merge into 1.10 on the way

------- Comment #2 From Renat Lumpau 2006-11-07 20:08:53 0000 ------- 
1.9.6 in CVS, needs ppc lovin'

------- Comment #3 From Tobias Scherbaum 2006-11-07 23:40:12 0000 ------- 
ppc stable, this one's ready for GLSA decision.

------- Comment #4 From Matthias Geerdsen 2006-11-09 14:51:56 0000 ------- 
security please vote

------- Comment #5 From Wolf Giesen (RETIRED) 2006-11-10 06:11:26 0000 ------- 
Hm, I would not want my users know my database credentials. I know some bigger
organizations that use Tikiwiki for their Intranets, so I guess I'll say "yes"
here.

------- Comment #6 From Sune Kloppenborg Jeppesen 2006-11-10 09:34:36 0000 ------- 
Voting YES. Let's have GLSA on this one.

------- Comment #7 From Sune Kloppenborg Jeppesen 2006-11-20 11:47:47 0000 ------- 
GLSA 200611-11
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug