oss-sec mailing list archives
Re: CVE request: tikiwiki < 2.0
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 12 Aug 2008 20:37:36 -0400 (EDT)
These were SPLIT since CVE-2008-3654, while unspecified, has more specific consequences that suggest certain bug types (e.g. an accessible phpinfo()), whereas the others convey no information whatsoever. ====================================================== Name: CVE-2008-3653 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3653 Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35 Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. ====================================================== Name: CVE-2008-3654 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3654 Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35 Reference: CONFIRM:http://tikiwiki.org/ReleaseNotes20 Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
Current thread:
- CVE request: tikiwiki < 2.0 Hanno Böck (Aug 12)
- Re: CVE request: tikiwiki < 2.0 Steven M. Christey (Aug 12)