Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Aug 2008 20:37:36 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...re.org>
Subject: Re: CVE request: tikiwiki < 2.0


These were SPLIT since CVE-2008-3654, while unspecified, has more specific
consequences that suggest certain bug types (e.g. an accessible
phpinfo()), whereas the others convey no information whatsoever.


======================================================
Name: CVE-2008-3653
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3653
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before
2.0 have unknown impact and attack vectors.


======================================================
Name: CVE-2008-3654
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3654
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35
Reference: CONFIRM:http://tikiwiki.org/ReleaseNotes20

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows
attackers to obtain "path and PHP configuration" via unknown vectors.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.