'Re: [oss-security] CVE request: tikiwiki <= 5.2 XSS, CSRF, file'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: tikiwiki <= 5.2 XSS, CSRF, file
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-11-22 16:16:45
Message-ID: 1704202041.111111290442605172.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]


----- "Hanno Böck" <hanno@hboeck.de> wrote:

> See:
> http://packetstormsecurity.org/files/view/94257/tikiwiki52-lfi.txt
> http://packetstormsecurity.org/files/view/94256/tikiwiki52-xsrf.txt
> http://packetstormsecurity.org/files/view/94255/tikiwiki52-xss.txt
> 
> All fixed in 5.3 and 3.8:
> http://info.tiki.org/article113-Tiki-Wiki-CMS-Groupware-Releases-5-3-and-3-8-LTS-Security-Patches

Sorry for the delay.

CVE-2010-4239 tikiwiki local file inclusion
CVE-2010-4240 tikiwiki xss
CVE-2010-4241 tikiwiki csrf

Thanks.

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic